Web Base Email Encryption: Mailvelope vs SecureGmail

After the PRISM’s intention has been shed on broad day light, people get paranoid over the things they do in the Net. Email is certainly one of their concerns. Given that the Electronic Communications Privacy Act is still in debate, this PRISM thingy is just adding in the horror. It is also said that any encrypted emails, messages or files will be kept even longer by the NSA until they see what’s inside the secure envelope you are sending out.

Today I am going to share with you ways to secure one aspect of the “Big Boy’s” watch list. The emails. Emails has been crucial nowadays from cooperate usage until personal usages. Gone were the days where people install email client in their machine to use emails (well some of them still do) but people nowadays are very happy in what the web base emails can give them. Cutting of the configuration time and getting the right settings on place, now you can do almost anything in web. There was something lacking in web base emails which is encryption. With email clients such as Thunderbird, Outlook and etc, you have the option to encrypt the emails using PGP methodology however in web based emails they are just not there yet (or maybe forever). Well I don’t think the email providers would ever do that feature built in their emails on web but however some people who are concerned about security made a few tools that can help us to achieve just that missing part in the web based emails.

Today I am going to share 2 beautifully crafted browser plugin that can help you implement security in your email. Both of them has their own strength and weakness which we will discuss at the end of this post. But let’s now see what the plug-ins are.

Mailvelope

Browsers are the next generation OS. As beautiful as it can be, a lot of efforts are being put in enhancing it to bring out its best. Mailvelope is such an application. Implementing the Father of PGP, Phil Zimmerman’s PGP encryption, this plugin is developed. It is an asymmetric algorithm which need to have a pair of security keys, the public and private key. By installing the plugin in your browser (available for Chrome for now, Firefox is under development) you first have to create a public & private key for yourself using your email. Then you got to share your public key with other contacts of your choice and add your contact’s public key in your Mailvelope account for enabling you to send encrypted Mailvelope emails to them. Once done, you are ready to send some secured email to your contacts. That simple. Who thought PGP was that simple until we have this plugin in place. For a complete overview of how to use Mailvelope, you can view any of the videos below teaching you step by step on how to use it efficiently. 

Video 1: Hak5 Show

Video 2: Tutorial by Cyber Intelligence Sdn Bhd (Security Consultation Company)

How to send an Encrypted Email in 7 Minutes?

SecureGmail

SecureGmail is another browser plugin which uses symmetric algorithm to encrypt its email. This means the message can be encrypted and decrypted using one passphrase shared among the sender and the recipient. The concept is the same as Mailvelope where you install this plugin in your browser (only Chrome is supported) and you will see this beautiful icon beside your Compose button in your Gmail email (image as below)

Instead of clicking the normal Compose button to send an email, click on the Padlock icon to send an encrypted email and you will be presented with a red barred email composition box as below;

So now you just have to type in your email content, recipient and the subject and click Send. Once you click send the plugin will prompt you to set a passphrase for this email. Now that’s where your security comes in. It is like sending a .ZIP file with password protection. This is how you are going to send your email with password protection. Only when you insert a passphrase in the prompt box (as below) then only the message will be sent to the recipient.

Now your recipient will receive the encrypted email, enter the password you set (make sure you share it with the recipient) and then he can read the encrypted message. That simple. With these 2 plugins, you can at least sleep tight at night knowing that your emails are being sent in a protected way and no Tom, Dick and Harry in the Net can view your email without having their computer’s processing speed exhausted (idiom to crack your keys that is used to encrypt your email).

Mailvelope vs. SecureGmail

Now we have seen the two great plugins to ensure security for your emails. Let’s now see how this plugins differs from one another.

Conclusion 

Now this is my final thoughts of these 2 plugins discussed. Mailvelope is certainly having a big advantage where the encryption blocks are larger than SecureGmail which suggests it takes a longer time to crack the key and since it has 2 keys to be cracked, the amount of time taken to do this is certainly irrelevant. But however the whole process of generating the public key, sharing with other person and get their public key and insert it in our repository would be tedious. If you are using a different computer other than your original ones, you might have to store the public key of the contact somewhere accessible for you in order to use them. Even though this is all a one time effort before getting it running smoothly, there are still a lot of work. For SecureGmail, the advantage is the accessibility of using this plugin anywhere you like. You don’t have to store any keys anywhere and if you want to send an encrypted email its as simple as getting Chrome browser running with SecureGmail installed and you are ready to go. But to be remembered, does not mean if your email has password it is secured. If your password is “1234567890” or “admin1234”, it is as good as you not using the plugin to send an encrypted message as these type of passwords can be easily cracked. If you want to use SecureGmail, you got to practice creating a strong password i.e. combination of alphanumeric and special characters with a minimum 10 characters long. That is how you roll if you want to use SecureGmail instead of Mailvelope.

So I hope I covered quite a bit of the plugins mentioned above. You can give a try for both of the plugin and do leave a comment in what is your favorite or some other plugins you find better to be used. Until my next post, see you guys and Happy Encrypting Your Emails.