June 4, 2007

Encrypt and sign Gmail messages with FireGPG

Author: Dmitri Popov

Gmail may be an excellent Web-based email application, but there is no easy way to use it with privacy tools like GnuPG. The FireGPG extension for Firefox is designed to solve this problem. It integrates nicely into Gmail's interface and allows you to sign and encrypt not only email messages but also text snippets from any Web page.

As with any other Firefox extension, installing FireGPG is a matter of a few clicks. However, since FireGPG relies on GnuPG, there are a couple of things you have to take care of in order to make FireGPG work properly. First, you have to make sure that GnuPG is installed on your system. You might also want to install a graphical front end to it -- for example, KGpg on (K)Ubuntu -- that you can use to manage keys. Finally, you have to generate the key pair required to encrypt and sign mails and text snippets.

Generating a key pair using KGpg is a straightforward process. Launch KGpg and choose Keys -> Generate Key Pair. In the Key Generation dialog box, enter your name and email address. Select the desired key size; the default 1,024 is strong enough, but stronger keys are also available, if necessary. Next, select the desired algorithm (KGpg supports the RSA and DSA/ElGamal algorithms). Press OK, enter the desired passphrase when prompted, and wait until the utility generates the key pair.

Now you can start using FireGPG.

FireGPG - click to enlarge

Since FireGPG integrates tightly into Gmail, using it to sign and encrypt emails couldn't be easier. Simply select the entire message body, or just the part you want to sign or encrypt, and press either the Sign or Crypt button. Enter the password you specified when you created the key pair, then select the key you want to use, and press OK. This signs or encrypts the messages or the text selection. Keep in mind that when signing the message, you should choose your private key, and when encrypting the email, you have to use the recipient's public key (you can import it into KGpg using the Keys -> Import Key command).

The FireGPG extension also adds buttons that allow you to manage signed and encrypted messages received from other users. You can use the buttons to easily verify a sender's signature or decrypt a message.

In a similar manner you can sign and encrypt a selected text fragment on any Web page. This can be useful if you want to encrypt the
selected snippet before you insert it into an email message or a
text document. To do this, simply select the text snippet you want and use the available commands under the Tools -> FireGPG menu to sign or encrypt the selection.

That's all there is to it. Using FirePGP is not particularly difficult, and if you often need to sign or encrypt your Gmail messages, this extension will make your life a bit easier.

Dmitri Popov is a freelance writer whose articles have appeared in Russian, British, US, German, and Danish computer magazines.

Every Monday we highlight a different extension, plugin, or add-on. Write an article of less than 1,000 words telling us about one that you use and how it makes your work easier, along with tips for getting the most out of it. If we publish it, we'll pay you $100. (Send us a query first to be sure we haven't already published a story on your chosen topic recently or have one in hand.)