Ask HN: browser extension to encrypt emails in gmail client-side
It's always a problem to make security available for the masses (and actually secure!). Here's how I'd do it if I had to set one up.
The Chrome extension would prevent gmail from reading the email fields, preventing the saving of drafts server-side. On sending the email it would encrypt the content with a key that is unique per receiving address. If the client has the extension installed it can decrypt the contents automatically on display.
The problem is getting the decryption key across to the recipient securely, but that only has to be done once. After that the browser extension can hold it indefinitely. It could be done with a trusted third party site, which only holds the key for a very short time, and only for the first email sent to a new recipient. Power users could of course use their own ways of getting keys across.
58 comments
[ 3.6 ms ] story [ 110 ms ] threadI'm not so sure about the not saving Drafts, that would require rewriting some bits of Javascript which might break other stuff.
As for key exchange, that shouldn't be handle by an extension. If you want to encrypt your e-mail so the other party can read it, encrypt it with their public key, which by definition is public and can be uploaded to a keyserver.
It is the most secure way to send an encrypted email.
http://www.mailvelope.com/
It is more secure than you would think - see
http://www.mailvelope.com/blog/security-audit-and-v0.6-relea...
it prevents from saving the drafts well. What is not yet iplemented are signatures