Advertisement

Google engineers keep pushing on email encryption as E2EMail goes open source

Small, slow steps toward email encryption from the search giant.
cyber resilience
(CyberScoop)

A group of Google engineers is hoping to make progress on a problem that has bedeviled email technology for decades: how to strongly and easily encrypt all of your messages.

It’s a community-driven effort — not a bona fide Google product — and it faces a big uphill climb, given that it relies on projects that are only in the prototype phase and requires users to access their operating system’s command line. So far the engineers have announced the open-sourcing of E2EMail, an end-to-end email encryption app that works entirely with Google’s Gmail via an API accessed entirely through an extension in the company’s Chrome browser.

The idea is to remove obstacles that have kept Pretty Good Privacy technology, or PGP, from being widely adopted despite nearly three decades of public release.

The project has been headed thus far by KB Sriram, Eduardo Vela Nava and Stephan Somogyi. The goal is to make email encryption as automatic and strong as possible, avoiding the need for copying and pasting PGP code or using extra, unfamiliar software. The project relies on Key Transparency, a Google advance that makes it easier to verify encryption keys, so you know exactly who you’re communicating with.

Advertisement

“E2EMail offers one approach to integrating OpenPGP into Gmail via a Chrome Extension, with improved usability, and while carefully keeping all cleartext of the message body exclusively on the client. E2EMail is built on a proven, open source Javascript crypto library developed at Google,” the developers wrote in a blog post. “E2EMail in its current incarnation uses a bare-bones central keyserver for testing, but the recent Key Transparency announcement is crucial to its further evolution. Key discovery and distribution lie at the heart of the usability challenges that OpenPGP implementations have faced. Key Transparency delivers a solid, scalable, and thus practical solution, replacing the problematic web-of-trust model traditionally used with PGP.”

E2EMail automatically generates a PGP key, uploads it to a key server and automatically encrypts outgoing emails if the receipt’s key is found on a public key server.

Developers have been working on the project for three years as encryption use has expanded through secure mass-market apps like Signal and the adoption of strong encryption by popular apps like WhatsApp.

Even though email is an old technology, its continued popularity is driving demands for secure options. ProtonMail, an encrypted email provider built by a private firm based in Switzerland, has seen the user base explode over the last six months, underscoring the wide market and desire for easy-to-use and difficult-to-break email encryption.

Latest Podcasts