Encrypt and Sign Gmail messages with FireGPG 206
Linux.com (Same owners as Slashdot) has a story up about FireGPG and says "Gmail may be an excellent Web-based email application, but there is no easy way to use it with privacy tools like GnuPG. The FireGPG extension for Firefox is designed to solve this problem. It integrates nicely into Gmail's interface and allows you...
Encrypt and sign Gmail messages with FireGPG
Encrypt and sign Gmail messages with FireGPG
And for the chat (Score:5, Informative)
Re:Nerds with something to hide (Score:5, Informative)
Besides encryption, GPG also allows you to sign messages, ensuring that the message is indeed from you, and hasn't been modified after you've signed it. In the Ubuntu Community, this is important for a) verifying messages from developers are real, b) verifying that uploaded packages were created by trusted developers, c) verifying signatures (such as signing the code of conduct).
While FireGPG is useful, it's not so useful for signing messages; gmail auto-wordwraps messages after you send them, and FireGPG doesn't take that into account. Therefore, unless you wordwrap it yourself, gmail's going to add line breaks, and your signature will be invalid. When I need to sign messages, I either word wrap myself so that gmail doesn't, or send it through Thunderbird using Enigmail.
Re:Nerds with something to hide (Score:5, Informative)
Or maybe from your secret lover, etc. You get the picture.
Re:Or you can use an actual mail client (Score:5, Informative)
GMail S/MIME plugin for firefox (Score:4, Informative)
This is not painless and easy, and IMHO S/MIME is alot nicer implemented than PGP signatures.
Works with any textarea, by the way (Score:5, Informative)
Re:I wouldn't think google would like this (Score:4, Informative)
Re:Won't AJAX textboxes kill this? (Score:3, Informative)
What's All the Hubub? (Score:2, Informative)
Re:Nerds with something to hide (Score:3, Informative)
Re:Nerds with something to hide (Score:3, Informative)
Re:PGP/GPG - inherent legal problem? (Score:2, Informative)
It's not the case; there was a bill proposed which would have done that, but civil rights activists got it altered so they can only compel you to give up your encryption keys if they can proove you have them.
Secondly, I wanted to suggest that perhaps this is a reason not to use PGP, because PGP encrypted information can always be decrypted using the recipient's key - even many years after the message was originally sent. So law enforcement officers will be able to get old PGP-encrypted documents from your email account (probably even if you delete them, thanks to backup tapes).
That's what gpg --show-session-key is for. If you get subpoena'd, you can give them just the session keys for the specific emails they want, and they'll be able to read them but not any other messages you received for the same public/private keypair.
Re:And for the chat (Score:2, Informative)
No, because the fact that something is hidden doesn't mean you can deny its existance once discovered. If you had a stream of random numbers and you use them to hide a message using a one time pad, it's utterly deniable because you cannot prove there's a message there - you can recover any `message` you like from it, given the appropriate `random` data to xor it with.
Re:And for the chat (Score:1, Informative)
The way PGP and such provide nonrepudiation is by performing a whole new asymmetric key exchange for each and every message. It's entirely unidirectional and self-contained. Sort of like TCP versus UDP. IPSec and OTR require a handshake before you can talk. PGP doesn't.