Mailvelope
is a free browser extension for Google Chrome and Mozilla Firefox that
introduces OpenPGP encryption to webmail services that you may be using.
The extension supports for Gmail, Yahoo! Mail, Outlook and
GMX by default, and options to integrate other web-based email providers
as well.
How to use Mailvelope
After you install it, you need to generate a key-pair for Mailvelope to use with your desired email. It will generate a public and private key. DO NOT EVER SHARE YOUR PRIVATE KEY.
This demonstration will be using the Firefox Extension and Gmail, although Mailvelope is designed to work with all major webmail providers. It is currently in Beta and they are adding support for more webmail services.
To generate a key, open the Mailvelope extension and go to the "Generate Key" tab as shown below.
Fill out the appropriate information, and hit "submit". If you want maximum privacy, it is a good idea to click on the advanced button and enable 4096-bit key lengths instead of 1024 or 2048. Make sure that you assign a very strong password to your keys, they are your final line of defense if your PC is ever compromised by an attacker. After you hit submit, it will take some time to generate the keys. If you get a "this page isn't responding" message, just continue to wait, it will finish building your keys and give you a success message when it finishes.
Now that you have generated a key pair, you have a public key and a private key in your keyring. You can see your keypair in the "Display Keys" tab as shown below.
The important thing about PGP encryption is that there is a public key, and a private key. In order for someone to be able to send you secure messages, they have to have your public key.
In order for you to send them secure messages, you have to have to have their public key. To find out what your public key is, you can use the "export" menu in the "display keys" tab. You will have to enter your password to get to your keys.
So in this example, I want to send a message to the bugbountyreports@gmail.com. To do this, i need to have the public key.
The public key for bugbountyreports@gmail.com is below:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: Mailvelope v0.13.1
Comment: https://www.mailvelope.com
xsFNBFWGR2IBEACUOeqsoi2quNb7KmeHwrp7vDsYMjazH+lQ2If1tj7Q3wxz
ZStr928MIkjfp++emrUTgTZCkKq0w/+lclLOWBrcU8tkToXiBeFmY3qQ21+L
ATj097bu+Si0xw0ZTDSXgIbfJZUj+TbZ2+5iYgR/332t9dHBohkadXik5mWM
u3NMB0kzANLYgqmjmiHGKJvtIhYh4LFE4DPAGDJqRUBJhCckii8WLszCnMym
gbRzP80kBuSatu5ZMEDur6EqpVR/D5H35Xa66JEt+zSFX4FZrwS/8k6wkH1p
h1a7qTi47KICJjemVStl05cC+p3ZNz0n7cuEg86Zc++plsCmPCMoUUA4/Lc1
1GTeR6TFrFEjHkkfycGLq5+8zJNzCPbIAMtqJb8yksEBGRk2ZeX80q/atjHg
WUEJMewlvIwtvOdpIMa5pkMAMc5CozsxfsBo3QYmaO8jPYC/JhFsJKx6f+fo
j7dK9mPKYxqLNCl2WwlgCsjKPwJ4Hc6t/gbi8Qkh7cDrO9yXtS6iZ+ykqHLB
7L7zAL7dj88ZsvsMuiBDzjKk8cs2oBbggj2bgp5VwnGCFfGwMa2Ln10Gzn1B
ZqeKkchkrWIlsMI1F/slHLZc9Nlr1wq1TrT7njkmRorr3sIfAQJMpW/iZLu4
BRqKJt4/jzy/HOek7y6LousVhlSC/2MHQeRfZQARAQABzS1idWdib3VudHly
ZXBvcnRzIDxidWdib3VudHlyZXBvcnRzQGdtYWlsLmNvbT7CwXIEEAEIACYF
AlWGR6UGCwkIBwMCCRD8eTin8HRxSgQVCAIKAxYCAQIbAwIeAQAABBwQAIhr
/icQq3bZ+uzchtUuaep+T2q9Y8fIi2ZjFlUOmnwnqwsy85lkrqrKwBL5MS/H
jbxqsTiJWGoORamBtQthj7spg4CRgK9ixcddFui51nUmof38gjMZhIF5Jwp5
DC+ZU6SyxSowopSHYmO7uRmgtHfnfg35gFszbuusRlT2DQCRroJZirLnMPLx
keFTM3Waxv5dzToF+oGYSU28lV1f/XN6xgE7H61E3FH+gi7Eok1pF6BOv01O
C0W+yS6VHgody6N9KI9/yqmaUl1tDlOxt9GmDO1yI/4l8BP3MFI87Vyb/ggE
RtcHVnep+nqZZZZ68wx8auxWoAMmeK5FGnKAKI1Xdj4lSLxEiEBYOqFM1YJd
mGBlaBaRFwfRKxyCV+c5bMkT2QPaImbdzTOwWw/RkVzfOI/xQ2g5lh9VdrOy
4XMe0TynnIUyjoVOXe1/f3gelRaObNuNlRA80gv9DlxzksYhnEbMbza/iO3e
UaGAIUcVUyqANXLz/f1/FDvFzvIhBNAbFPt9Z7GzE+S7XmCz8n1j5odeVsEu
gdw3YRHEsivy4MJTKrewEbRMXqxk2Y/tSGdsaCSuKNEuquZx7ff6TdCa/Roc
TtdvjRjb9HeUPcVO+szFLSPPN5sSi1LhZn35GHjd8vUQyIWJA+XvRJWnY8vH
6kR/fi5mAnAm/OHXE9mazsFNBFWGR4sBEACzfxdy2fhNNjruiuAA50yUZqrU
8Padgw0d1uuIbWDrN94bvza0mHgYeEB5i6FIDOnen/rFXLzhsK8lvjJjx/GW
vc9heleozC/7z9vn7N5ctwrBwK+NuvrFq2Zi6SLymhLYMFk8wqsBOYFdMlST
Y9uOV97SkltidAdjnEtZCEfu68JVNq+tPcRZ5CBOqaXXZodaqW64Kth6rHL3
vquak4Mz0zouacaOdRDhYfKkibMCcHZG2AkO08l2PmZFEB1DaG9TxKUr9WAc
sTrXBOunQ/skXN16a+PHrNyIEMlj7GRr11z3f7BksO2unuTC9IKUm+fnHHi7
CwZwdThODtvXLzmLjIpWcA2AbvItLWtVFhbl+k26Gs4Egoo/l80wnVUrIF98
jAvBD4Qwvkv2m9F0OHEgjdMbHlh6GZOWtD/hltldJq+pNl6Ke14X9190NSUr
xFVcLslEnDdDX7j1fYLqV56Ffa3Avk3U7Be1p0Qnj58kESYsBm+cDMqcFPaQ
DgVljbLd/lrWcXPUjuNwfdqHKSSTvgVC/x9DhW7i9iknlo3PPorUFNFi7jLb
k+mw4lsvMUhXSqzmoz0oCEgQhfdu7lhRXDRMUtY/UXEti2oH0EuL05WVIXAz
DXMbRrRfmRmHuggKZ84R8lN1fH0udrB5ClLm7BGlB6Z9KCyiLJXjeKbFvwAR
AQABwsFfBBgBCAATBQJVhkenCRD8eTin8HRxSgIbDAAA9QEP/jXUtlFsbURV
uZpRK/0qkpi19IMhOBmMnb/+CGTFSkAq4byzFPhRv9V6GNOLKHJURwBMmPtt
4Ru7c3tsCbnHW1jTZyibiLFtz+kwRzVscpLkMXc1iKGhpogjeoKPtDeKqbSZ
ud4poVaDYZTN8Xw9m2ikYgNwQpkv/u0HY0vu583J7sYFpZ3ZGLOc1CRl/m98
UPpRz0Ab31LOg2eE3nAkChSsc8xBXIo9jOUeduhEiYB/jggh9egB8e+Lf1O1
AYr1N4tTTOS4ryXrVc3nX1RTihtmnjPLVe7CDVp+FkKw0vGyUDAidXEfW0gs
yybn1IcHUfYx+omVKPJ37vw6Q9a1wvQwraV4n+WDO/ng/AXP+b6SGa/y/ph2
p/qapvOWkVwRJXMdhA7m7/460JlajjLGDwl8UsZY43hP9sVvHzAWxUoLKQAg
REDYvLtb0FUNgJ8vp/Enn3fNGfJfpJcu3SJNNFysLqLAHXTQWBvNs4nzGBXr
25DXmjwVYC+PzGy57UIjqgDzXYEDoPAp1L/QV0arc2NTuwmIFUI0fXXzDoL5
zn5JNE3E5jjVph3tqRxTt+LuBze6t9fcrEleyVy5FTxZf0SFWL+IWKrZzwd3
RdGQL7Et/CVri5735mGBXtPZPu40/MGZ1gIFvW05cu5DBEFBeYqiE0NgPkZp
w0qxivRnoR/1
=GwaC
-----END PGP PUBLIC KEY BLOCK-----
So what you want to do is import this public key into mailvelope, so it knows which public key to use when you are emailing bugbountyreports@gmail.com. Below, I have pasted the bugbountyreports@gmail.com public key into the field in the import tab.
So, once you have completed this process, you are ready to send secure emails to one another with no worry of eavesdropping. Even when (not if) an agency drags up your email, they are unable to decipher the messages without having one of the private keys.
So let's send a PGP-encrypted email to bugbountyreports@gmail.com.
Below, you can see bit about how Mailvelope works in practice. When you begin to compose a new message in Gmail you will see the small overlayed button that looks like a pencil and notepad. You click that button to start writing a secure message offline. You then write your message in the window that pops up.
Once you are finished setting up the recipients, you click the "transfer" button in the message window. This encrypts your email message with the appropriate keys. You'll see the PGP encrypted message in the Gmail window, ready to be sent, like you can see below.
The message is now unreadable by all parties, except for those with access to the appropriate private keys. The private keys are never transmitted in this process, and they are securely stored locally by the Mailvelope plugin.
It does take a couple of tries to learn the process, but this is far far simpler than older methods of using PGP. Once you are used to the process, you can encrypt an email in 5 clicks, taking less than a few seconds of extra work.
Decrypting and reading PGP email with Mailvelope
So now you know how to securely compose a message to send out. You also need to know how to receive messages with Mailvelope. Fortunately they have made this pretty easy, as it used to be very tedious to manage PGP decryption in the past.When you receive an email that is PGP encrypted in your webmail service of choice, Mailvelope should detect it as a PGP encrypted message automatically. Mailvelope then allows you decrypt the message using your keys. You'll see the Mailvelope overlay window pop up automatically with the "secure mail" icon as you see below.
After you decrypt your message it will be perfectly readable, as shown below.
It is important to know that Mailvelope is decrypting your messages locally. This means that your decrypted messages are never exposed to the webmail service. If you click the small "x" in the upper right corner of the overlay window when you are finished reading your message, you can see the original, fully encrypted email as you can see below.
Post a Comment