Sponsored Links

PGP for WebMail (Pt 1)

With all the spying and snooping going on not just by criminals but also our own governments, now is a good time to start using encryption to send e-mails. This doesn’t mean you are a criminal or have something to hide. It is just taking precautions with your privacy. I might not be sending state secrets, but maybe I do not want someone to get my grandmothers cookie recipe. I won’t get into all the details or ins & outs of using pgp in this post (save that for another night). You can find more about it on your own at gnupg to get more information and download some the tools (HIGHLY RECOMMENDED).

This post is to help you setup a super easy tool that gives you the power to use pgp via the web-mail such as gmail, yahoo and hotmail in both firefox and chrome. It is quick and easy and it will take a lot of the work and mystery/technical stuff out of the way (you do probably do not care about that anyhow). So to get you started, and in a few minutes you will be able to send & receive encrypted e-mails like a pro (impress the IT guy in your office, show off to friends, etc).

First you will need to download the addon for your browser from Mailvelope. Scroll down near the bottom and click either Chrome Extension or Firefox Addon depending on your browser. Once installed you will have an icon like the one shown below your browser.

pgp icon

Click that padlock and it will bring up a window similar to the one below.

pgp menu

You will then need to click the Options button with the wrench on it. This will open a new window or tab that looks like the image below. This will let you generate or import a pgp key. I will assume you do not already have a key so you can generate one here.

You will click the Generate Key on the left side which will open a window like the one below.










You will enter your name and e-mail address along with choosing a secure password (NOT YOUR E-MAIL PASSWORD). and then click the Generate button at the bottom. Once that is completed you are ready to send e-mail from your favorite web-mail provider using your favorite browser and it will work the same in them all.

But before you do that if you look back at the screenshots you will notice in some of them that the padlock is blue and others it is red, as well as the lock is turned in different directions. I bet you did not notice that until I mentioned it. That is an extra security feature and something easy to see so you are aware you are in the secure browser.

You can customize this to your liking by clicking on Options at the top and then Security on the left to bring up a window like below.


security options












Play with the settings a bit to make it unique to you, do not worry this is safe to play with. Now once you get that done and saved your settings, go to your web-mail. I am using Gmail but it looks and works exactly the same in Yahoo, Outlook and others which is really cool. The e-mail window will look the same with the add-on installed as it does without it.

Nothing also will change for regular e-mails that are not signed or encrypted. Also nothing will change for your existing or old e-mails so do not worry.

Now you will compose your first encrypted e-mail. So you will compose the e-mail as normal, your window will look like this.













You will notice a new icon appear in your compose window with the little pencil. If you want to send a normal e-mail just type your message as normal and ignore or close the pencil. But we want to encrypt or at least sign the e-mail. So click the pencil and it will open a different e-mail window.










Notice the locks I mentioned earlier are different? This lets us know we are in in the encrypt/sign window. Select who to send the e-mail to just like normal, start typing the name or e-mail in the recipient bar. This should pop up a list of people like so.












Do not worry if the list is short or they do not have pgp setup. You can help them later get that done. But you can still digitally sign the message so people can verify it is you and not some spammer or bot trying to get them click on something pretending to be you. Let people know from now on to only trust e-mail with your signature. Once you type out your top secret grandmothers ultra awesome cookies recipe. Then you can hit Encrypt to encrypt the e-mail to someone who you have a key for. This will open a window asking for the password you created above when you generated your key.














The encrypted e-mail will appear in your compose window as a bunch of random letters & numbers like below.













But if you click sign only to send aunt Edna pictures of you in that lovely sweater she knitted for you then you will see something like the e-mail below.












Now you can click send and away it will go just like normal to the recipient and you are done.

But what does it look like when you get an encrypted or signed e-mail? Well the e-mail will show up as normal, but when you open the message it will look different if it is encrypted like below.









and this is what a digitally signed e-mail will look like when you get it.












If you click in the message a password dialog will pop-up like above when you sent an e-mail. Enter your password like before and suddenly your encrypted message will be readable like this.











This is what a digitally signed e-mail will look like. Notice the locks again? You only see those on signed or encrypted e-mails. They also only show up if you have the plugin installed.










This verifies the person who sent the message is who they say they are and was signed with a key that you trust. I will explain more about sharing keys and building trust in another post.

Congratulations!!! You have now sent and received your first secret message. See how simple it was? Do you feel like a spy from a novel now? Be sure to read Pt 2 for information on finding and adding keys.

If you have questions, comments or recommendations feel free to e-mail me. Also check back here for more information and tips.

Comments are closed.