thinkst : thoughts...

Monday, September 19, 2011

Chrome Extension for gpg in Gmail

Last month we released an alpha version of cr-gpg. This is a simple Chrome extension to enable gpg functionality in gmail (or Apps for Domains). (If you don't know what gpg is, you should first read this and this.)

Installation :






You can grab the extension from [here] and a double click should install it , after the install is completed you should see the image above if you navigate to chrome://extensions :

Options :


Once you have installed the plugin, there are 2 required configuration options:
1) Directory with gpg binary
2) Temp folder path (writable by the browser)

(cr-gpg simply calls out to the gpg installation on your machine. Option [1] therefore is asking where it can find the gpg executable, and Option [2] is looking for a scratch directory to do its work). (We make some effort to ensure that the temp directory is well maintained). You should be able to click "Use Default" on most installations.

The "Encrypt to self" option is fairly self explanatory. If i encrypt (and send) an email to you, the encrypted email will be in my sent-items. I would be unable to read this mail though (since it has been encrypted with your public key, not mines). If you would like to be able to read the mails as well, then simply select this option (and enter your email address in the next field: "Encrypt to self Email Address")

Now click "Save" to save these options. (cr-gpg will do some basic sanity checking on your options). You can return to these options through the extensions window or by clicking the lock icon added to your browser chrome

Convenience Functions :




The other convenience functions enabled through the lock icon allow you to do simple gpg key management, encrypt and sign blocks of text.

Embedded Functions :




When typing an email in GMail, we should now see an additional link: "Encrypt Message"
(If we have the recipients public key,) simply clicking this should encrypt the mail to the recipient as seen below.



When you receive an encrypted email, simply click on "Decrypt Message".



Decrypting an email requires access to your private key (which is usually password protected.) Enter the password, Click "OK" and you should be good to go..



Give it a try [here], and let us know if you have bugs [here], comments, complaints or suggestions..

64 comments:

  1. Thanks! I've been looking for something like this. Are you going to publish it on the Chrome Web Store?

    ReplyDelete
  2. Thats a great idea Dave. We will kick it through. Please let us know if you have thoughts / ideas / bugs..

    ReplyDelete
  3. Thanks for a great tool - have been looking for this!

    Is it open source? Any way to verify security and privacy in this extension for us non-programmers?

    ReplyDelete
  4. Hi Troels.
    You are very welcome (in truth we use it a lot too) ;>
    The src is available at: https://github.com/RC1140/cr-gpg/ (but this doesn't help too much if you are a non programmer)

    What might help is knowing that we intentionally kept the tool really really simple (to minimize our chances of doing stuff wrong). We pass the heavy lifting to gpg (which regularly undergoes scrutiny by many).

    Let us know how it goes for you ;>

    ReplyDelete
  5. I could not install the extension, see screenshot here:
    http://malatsblog.blogspot.com/2011/11/cr-gpg.html

    ReplyDelete
  6. Great! I've been looking for something like this for a while. Tell Haroon to give you a promotion!

    ReplyDelete
  7. @Malat..

    We will do a quick check to see whats up (i suspect we've never run it on Win64).

    @Dave

    Done!

    ReplyDelete
  8. please fix it for win64 machines, it's a must have extension!

    ReplyDelete
  9. I'm working on a very similar extension except rather than use the gpg binary I'm working on making a JS library to handle that. Details are at: http://prometheusx.net/introducing-gmail-crypt/ Perhaps there would be some interest in working together?

    ReplyDelete
  10. i will try it Sean, god bless you if works fine :-D

    ReplyDelete
  11. Hi @malat.

    The last Chrome update that people got seemed to have a regression with plugins resulting in that error. (It should work fine on win64 now) and if you are still getting that error (with ours or other extensions), try downloading the file to a different directory (other than downloads) and adding it from there..

    ReplyDelete
  12. Should it work with new gmail theme?

    ReplyDelete
  13. Hi Anon.

    Sadly GOOG didnt give us a heads-up before changing the Theme, so we are playing catch-up. Won't work on the new theme yet (although you can use the icon to use it manually till then)

    We are on it..

    ReplyDelete
  14. Installing this (or attempting) just gives "Package is invalid: CRX_FILE_NOT_READABLE"

    ReplyDelete
  15. Hi

    To fix the Package is invalid: CRX_FILE_NOT_READABLE error please follow the instructions @ (https://github.com/RC1140/cr-gpg/wiki/CRX_FILE_NOT_READABLE ) until Google fixes the issue.

    ReplyDelete
  16. thanks a lot, excellent work...!

    ReplyDelete
  17. I tried following the instructions from Jameel, but I still get the same error message.

    ReplyDelete
  18. CRX_FILE_NOT_READABLE ?
    on which OS ?

    ReplyDelete
  19. I also get the "CRX_FILE_NOT_READABLE" error while following Jameel's workaround...using XP SP3 with Chrome...any HELP available?

    ReplyDelete
  20. Hi Anonymous

    I am busy looking into this atm and will let you know as soon as I have a solution

    ReplyDelete
  21. Hi Anonymous

    I have tested this on WinXp SP3 using the latest version of chrome (Stable) with 0.7.5 of the plugin and the plugin works fine.

    If you are still having issues drop me a mail at jameel [at] thinkst.com and I will see if I can help you out further.

    ReplyDelete
  22. Still trying to figure out where the "Directory with gpg binary" is. Is this the chrome Extensions directory?

    ReplyDelete
  23. Hi Anon
    This is the directory on your system where the gpg binary is located. If you are not sure where its located , click the 'Use default' link next to the text box.

    This will use the default for your system.

    ReplyDelete
  24. Hello,

    Not yet sure if this is a bug or I am missing something obvious... Installed cr-gpg 0.7.8. It runs under Chromium 18.0.996.0 on Ubuntu 10.04 (32bit, i686).

    I compose a message to my second address (and I have the key for that address), press Encrypt message, but nothing happens. When I click Sign message, I see the passphrase prompt, but OK button does nothing.

    ReplyDelete
  25. Hi Dmitri

    From what you mentioned it sounds as if you might have a invalid path to your binary.

    Can you please verify that when you save your options you get the options saved alert box.

    Also if possible can you verify your options by either posting them here or sending me a mail @ jameel at thinkst.com.

    ReplyDelete
  26. Thank you for the quick reply, Jameel.

    There is no 'Options saved' box, but when I view Options next time, the path is correct.

    ReplyDelete
  27. For me the default path on ubuntu was incorrect. You can attempt to find it by typing "locate gpg | grep bin" in the console. For me it turned out to be /usr/bin/

    ReplyDelete
  28. Where are the gpg app on mac os?

    ReplyDelete
  29. Hi Pan.

    You need to install it from a package manager like mac ports or download and install from: http://macgpg.sourceforge.net/

    ReplyDelete
  30. Hi Pan

    You can use the command `which gpg` from the console to get the full path to the application (if its installed).

    Alternatively its general location should be @ '/opt/local/bin/gpg' which is the default location cr-gpg uses.

    ReplyDelete
    Replies
    1. I'm using WindowsXP Home. After I install the extension and try to configure the options using Default, I get an error "options saved but parameters provided invalic". It appears the path to the gpg binary is not correct - but I have no idea where it is. I'm not even certain it was installed. I've searched my hard drive for the directory and cannot find anything with "gpg" in the file name.

      Suggestions?

      Delete
    2. Hi

      The prefered method for windows is to grab the gpg application from (http://www.gpg4win.org/).
      They have a nice installer as well as various applications to get your started without the need to use the command line.

      Once you have installed gpg4win the default path should work for you unless you install to a different location. In that case use the example provided as a means to find the gpg binary.

      I hope this helps otherwise drop me a mail @ jameel at thinkst.com and I can try to help you out more.

      Delete
  31. Hi. I´m using GPGtools for mac and all I find is "/usr/local/macgpg2/bin/gpg2" which the addon do not recognize. What am I doing wrong.

    Regards
    Glenn

    ReplyDelete
  32. I found a workaround for OS X lion with GPGtools, Used the above mentioned path, and in the macgpg2 folder I copied and renamed gpg2 to just gpg, and everything works. Thank you very ,much for this excellent addon. Helps alot, Thanks again

    Regards Glenn

    ReplyDelete
  33. Hi Glenn

    Thanks for providing a solution for others as well. Hopefully this will help others when they need to get setup.

    ReplyDelete
  34. How do you import other people's public keys and your own private keys? Should we just paste the keys in the "import keys" tab? When I try to export the keys using
    $ gpg --export or
    $ gpg --export-secret-keys
    my gpg doesn't attach the usernames/emails to them so I don't know how importing them would work if cr-gpg can't figure out who it corresponds to. Also, there should be a way to see which keys have been imported.

    ReplyDelete
  35. I can get it to install on both my mac (OS X Lion) or Windows 7 (32 bit) machines.

    * Basic functionality works fine on the Mac
    * The "Encrypt Message" link doesn't show up on either
    * On windows whenever I try to decrypt i get an invalid password error. I installed gpg to: "C:\Program Files\GNU\GnuPG\", and imported my entire keyring including secret keys using the GPA front end.

    I'd really like this to work on my windows box. It's a great tool.

    ReplyDelete
  36. Hi
    @bkode Currently we can only import other users public keys. For you to import your private key you would need to use the base package provided by your OS. Finally we will probably be adding the feature to view existing keys in a future version.

    @jason For windows it best if you gpg4win , its been found that the other versions don't seem to work as well. Also you mentioned that you imported all your secret keys , do you have multiple ? If so you need to set the one you want to work with cr-gpg as the default. This is a feature that we want to add in the future as well (the ability to select which secret key to use). Finally when you say the encrypt message doesn't show up , do you have any custom settings such as a different language in use.

    ReplyDelete
  37. Hi.

    I do have multiple secret keys. How do I set a default?

    No custom settings that I'm aware of. On the encrypt issue, I don't even get the "encrypt" link in the page itself. I've only tried the "encrypt" option from the cr-gpg tab pane. And when I do it looks like the computer is thinking & then the window just disappears without producing any encrypted text or putting anything on the clipboard buffer.

    Thanks!

    ReplyDelete
  38. Looks nice but I fear putting a pass phrase into a web browser window :-( The WebGP extension let's gpg prompt for the phrase which is better, but it doesn't seem to integrate as well with gmail unless you press show original :-(

    ReplyDelete
  39. Does this still work? Just installed the extension and I dont see the encrypt / decrypt links when using gmail / google apps... :-(

    ReplyDelete
  40. Hi PC Smith

    The plugin is still working , can you provide some info as to your current setup ?
    This might help spot a setup issue or incompatibility.

    Thanks

    ReplyDelete
  41. Sure... Win 7 x64 Running GPG4win... 1.1.4 I think.

    I've set up a key pair in the WinPT key manager that comes with it. My gpg binary is in: E:\Program Files\GNU\GnuPG\

    I didnt know what to use for a temp folder so I created one in: C:\Users\*username*\AppData\Local\Google\Chrome\User Data\Default\GPG\ which I figured would be writable by the browser.

    I dont see an encrypt link on the compose new email page in gmail... I do get a decrypt icon when reading existing mail though... However when I click it and enter my password it always says I entered the wrong PW.

    If you'd like to troubleshoot this with me over email I'm at: pcsmith (at) hotmail dot com

    ReplyDelete
  42. i know u are able to reply fast .... nd i m also in such need of fast reply with ur help ...

    i m having my gpg4win installed at this location .... C:\Program Files\GNU\GnuPG\
    and temporary file which can be written by browser are C:\temp or C:\Users\Sitaram\AppData\Local\Google\Chrome\User Data\Temp

    i tried both of them , but still one thing of error is "options saved but parameters provided are invalid "...

    i m hopeless and helpless , hopefully needing ur help on urgent based ....

    ReplyDelete
  43. For everyone not seeing the Encrypt, Decrypt and Verify buttons in Gmail (like me at first), here's what's up.

    1) To encrypt, you need to click "Plain Text" at the end of the Rich Text editing buttons. Then the Encrypt link shows up at the left end of that row of links and icons.

    2) The decrypt and verify icons are at the upper top right of the message area when reading email. It doesn't make sense to have a decrpyt and verify button on the Compose screen.

    Now, onto my problem :) I am on Windows 7 64-bit. I sent an email to myself to test it out, and it is unable to verify, saying that no public keys were found for the recipient. But when I copy the entire email to Notepad and save it, I am able to verify at the command prompt with

    gpg --verify "name of file.txt"

    so it appears there's something going on with your plugin. Also, with the manual launcher in the top right corner (excellent for use with other sites, like social networking, btw) I am able to sign and encrypt text but cannot verify. I have to do the same trick to copy the text to Notepad, save it, and verify it from the command prompt. Being able to verify from either GUI implementation would be wonderful. Not working for me, yet. I'm wondering if your code is selecting my full name as well as email address when searching for keys and not just searching for the email address. Besides that, why is your plugin even searching for keys for the recipient in the first place when gpg is able to properly verify from the command line without specifying a key?

    ReplyDelete
  44. Hi Steve

    We only use the email when searching for keys. With regards to the verification stating that no public keys were found , It sounds like you may be getting a generic error message that was not intended for that section, this usually happens when then plugin is not communicating with the browser correctly. Can you verify that the plugin is able to encrypt emails for you ?

    ReplyDelete
  45. Hi Jameel. Yes, it Encrypted immediately and without error.

    ReplyDelete
  46. Hi Steve
    I will need to look into it a bit more and get back to you, the plugin is running the exact same command that you mentioned in the first post to verify a plugin.

    ReplyDelete
  47. Okay. If it helps, the error message appears twice.

    ReplyDelete
  48. When I decrypt a message & reply, the encrypted version of the message is quoted in the reply.

    Is that expected behaviour, or is there any way to quote the decrypted version?

    ReplyDelete
  49. Hi Anon

    That is expected , we don't make the decrypted text available anywhere except temporarily when you click the decrypt button. Unfortunately the only way I can think of you quoting text in a reply is with a manual copy and paste. If you think this is a feature others will need then please log an issue over at http://github.com/rc1140/cr-gpg/issues .This will allow us to track the progress and let you know when the feature is released.

    ReplyDelete
  50. hello first off great extension nice to see more ways to encrypt email

    my question is is there any chance that this can be made portable ie to run off a USB stick

    thanks in advance

    Glen

    ReplyDelete
  51. so....this is what i did
    downloaded http://www.gpg4win.org/ as well as the plugin set it the plugin to my install dir,
    and no go? what am i missing?

    ReplyDelete
  52. Hi, thanks so much for your work on this much needed package. :-)

    I installed it yesterday and had it working fine, but today I can no longer see the decrypt button (I can still see the encrypt one, and I can still decrypt manually by cutting and pasting into the tool box). Any suggestions?

    I'm using Windows XP, Chrome 19.0.1084.52 and Cr-gpg (Version : 0.7.8)

    Thanks, Holly

    ReplyDelete
  53. Awesome extension, big up the thinst.com crew!

    ReplyDelete
  54. This is really great. I have two questions though:

    1.) Being a Google Apps user, I'd like to switch to German language with the general user interface. If I do so, the buttons for Decrypt message and Encrypt message do not show up. When I switch to "English (US)" everything is fine. Any chance to show the buttons also in different languages? ;-) If this is just the German translation missing, I'm happy to help with that.

    2.) When decrypting a message, inbound base64 attachments (from multipart messages) are not shown as attachments any more, but just with pure base64 code. Do you see a chance that this can be shown as a regular attachment in the future?

    ReplyDelete
  55. Thank you for developing such an important extension. However, during installation I am asked to grant access to "All data on your computer and the websites that you visit". This does not sound like the kind of thing that I want to do when I am aiming to increase my security situation thru the use of GNU Privacy Guard. I wonder if you might consider completely removing this requirement from the installation. I am unable to use the extension in its current form.

    ReplyDelete
  56. Hi! I'm trying cr-gpg (0.7.8) on Windows XP (SP3) 32-bit, Google Chrome 21.0.1180.79, Gpg4win 2.1.0.
    cr-gpg installs, but if I try setting the "Directory with gpg binary" and "Temp folder path" options by clicking "Use Default", the paths entered are:

    /opt/local/bin/
    and
    /tmp/

    which are obviously incorrect (on a win32 system). If I click Save, I get an error message (as expected): "options saved but parameters provided are invalid."

    No matter the incantation used in the path fields, I always see this error message when clicking Save. Here are the paths I've tried:

    C:\Program Files\GNU\GnuPG
    and
    C:\Documents and Settings\username\Local Settings\Application Data\Google\Chrome\User Data\Temp

    C:\Program Files\GNU\GnuPG\pub
    and
    C:\Documents and Settings\username\Local Settings\Application Data\Google\Chrome\User Data\Temp

    C/Program Files/GNU/GnuPG
    and
    C/Documents and Settings/username/Local Settings/Application Data/Google/Chrome/User Data/Temp

    C/Program Files/GNU/GnuPG/pub
    and
    C/Documents and Settings/username/Local Settings/Application Data/Google/Chrome/User Data/Temp

    /Program Files/GNU/GnuPG
    and
    /Documents and Settings/username/Local Settings/Application Data/Google/Chrome/User Data/Temp

    /Program Files/GNU/GnuPG/pub
    and
    /Documents and Settings/username/Local Settings/Application Data/Google/Chrome/User Data/Temp

    What am I missing?

    ReplyDelete
  57. Hello... I also cannot configure
    Directory with gpg binary
    Temp folder path (writable by the browser)

    I am using chrome on a MAC with gpgtools

    ReplyDelete
  58. @ Anonymous (August 1, 2012)
    The language specific changes have been made to the repo (http://github.com/rc1140/cr-gpg) and will be rolled
    into the next version. I am not 100% sure what you are referring to with the attachments , if you could drop
    me and email with a bit more details.

    @John Brown
    This requirement you are referring to is because we use npapi which google does not have control over as such
    they mark the plugin as having full access. If you have a look at the manifest.json (https://github.com/RC1140/cr-gpg/blob/master/chromeExtension/manifest.json) which describes the plugin you will see that we currently only
    require access to gmail.com and the ability to pop open the options tab when you have not updated your settings.

    @Nom De Guerre
    The first iteration of your options should work but your temp settings may be a little to long and be causing something
    to go wrong internally. Try creating a temp directory like c:\temp and making sure your user has access to the folder.
    As mentioned to other users , drop me a mail directly and I can help to see what you are doing differently from the other
    users.

    @ Anonymous (August 28, 2012)
    You can use the command `which gpg` from the console to get the full path to the application.
    Alternatively its general location should be @ '/opt/local/bin/gpg' which is the default location cr-gpg uses.
    As mentioned to the previous users , drop me a mail so that I can get more details to figure out what might be
    different.

    This post has gotten quite long , but if you require support drop me a mail @ jameel at thinkst.com
    and I will try my best to help you out

    ReplyDelete
  59. Jameel,
    Thank you for the explanation regarding manifest.json. The msg "All data on your computer and the websites that you visit" is unfortunate.

    I have another question. When I am composing a gmail using the web interface, I strongly suspect that the web form is auto-saving at frequent intervals. If this is so, then my partially composed message is being transmitted to google's servers multiple times "in the clear" until the cr-gpg "Encrypt message" is clicked. Does cr-gpg disable such auto-saving? What am I missing? thanks...

    ReplyDelete
  60. Too bad General Petraeus and Broadwell didn't know about this.
    ;-P

    ReplyDelete
  61. Hi it looks like the new compose window breaks the plugin again. Its possible to bring the buttons back by -> choosing the small down arrow icon in the bottom right -> then selecting 'temporarily switch back to old compose'. Dont know how long gmail will keep that function though.

    ReplyDelete
  62. HI the auto save thing mentioned by JohnBrown above seems to kill the use of this plugin? Is there any way to disable that feature?

    ReplyDelete

 
home | blog | contact us | Copyright 2011 - thinkst.com