Chrome extension brings encryption to Gmail


The security and privacy community was abuzz over the weekend after Google said it was open-sourcing E2Email, a Chrome plugin designed to ease the implementation and use of encrypted email. While this is welcome news, the project won’t go anywhere if someone doesn’t step up and take ownership of it.

Interest in secure communications has soared in recent years, and a number of tools bring end-to-end encryption to phone calls, text messaging, and online chats. However, almost three decades after the invention of PGP (Pretty Good Privacy), encrypted email still relies on command-line tools, plugins for IMAP-based email clients, or dedicated mail services such as ProtonMail and Lavabit, putting PGP out of reach for most individuals.

Consider how clunky it can be: A Gmail user can copy and paste the block encrypted in a different tool, and the recipient can do the same into a decryption tool to read the message. There’s a reason why — including, at one point, its inventor, .

Thus, when Google started its research on end-to-end encryption back in 2014 and released the JavaScript cryptographic library as open source shortly after, there was a lot of interest. The fact that E2Email is using this cryptographic library is a good sign for the extension’s future.

, and open-sourcing is a last-ditch effort to keep some of the work alive. The Google engineers noted that future work would need integrate E2EMail with Key Transparency. A recently announced Google project to create a central repository for public cryptographic keys, Key Transparency tackles the problem of discovering and distributing public keys. Any effort that attempts to bring PGP to the masses will need the integration to be successful.