Chrome Extension for gpg in Gmail
Last month we released an alpha version of cr-gpg. This is a simple Chrome extension to enable gpg functionality in gmail (or Apps for Domains). (If you don't know what gpg is, you should first read this and this.)
Installation :
You can grab the extension from [here] and a double click should install it , after the install is completed you should see the image above if you navigate to chrome://extensions :
Options :
Once you have installed the plugin, there are 2 required configuration options:
1) Directory with gpg binary
2) Temp folder path (writable by the browser)
(cr-gpg simply calls out to the gpg installation on your machine. Option [1] therefore is asking where it can find the gpg executable, and Option [2] is looking for a scratch directory to do its work). (We make some effort to ensure that the temp directory is well maintained). You should be able to click "Use Default" on most installations.
The "Encrypt to self" option is fairly self explanatory. If i encrypt (and send) an email to you, the encrypted email will be in my sent-items. I would be unable to read this mail though (since it has been encrypted with your public key, not mines). If you would like to be able to read the mails as well, then simply select this option (and enter your email address in the next field: "Encrypt to self Email Address")
Now click "Save" to save these options. (cr-gpg will do some basic sanity checking on your options). You can return to these options through the extensions window or by clicking the lock icon added to your browser chrome
Convenience Functions :
The other convenience functions enabled through the lock icon allow you to do simple gpg key management, encrypt and sign blocks of text.
Embedded Functions :
When typing an email in GMail, we should now see an additional link: "Encrypt Message"
(If we have the recipients public key,) simply clicking this should encrypt the mail to the recipient as seen below.
When you receive an encrypted email, simply click on "Decrypt Message".
Decrypting an email requires access to your private key (which is usually password protected.) Enter the password, Click "OK" and you should be good to go..
Give it a try [here], and let us know if you have bugs [here], comments, complaints or suggestions..
Installation :
You can grab the extension from [here] and a double click should install it , after the install is completed you should see the image above if you navigate to chrome://extensions :
Options :
Once you have installed the plugin, there are 2 required configuration options:
1) Directory with gpg binary
2) Temp folder path (writable by the browser)
(cr-gpg simply calls out to the gpg installation on your machine. Option [1] therefore is asking where it can find the gpg executable, and Option [2] is looking for a scratch directory to do its work). (We make some effort to ensure that the temp directory is well maintained). You should be able to click "Use Default" on most installations.
The "Encrypt to self" option is fairly self explanatory. If i encrypt (and send) an email to you, the encrypted email will be in my sent-items. I would be unable to read this mail though (since it has been encrypted with your public key, not mines). If you would like to be able to read the mails as well, then simply select this option (and enter your email address in the next field: "Encrypt to self Email Address")
Now click "Save" to save these options. (cr-gpg will do some basic sanity checking on your options). You can return to these options through the extensions window or by clicking the lock icon added to your browser chrome
Convenience Functions :
The other convenience functions enabled through the lock icon allow you to do simple gpg key management, encrypt and sign blocks of text.
Embedded Functions :
When typing an email in GMail, we should now see an additional link: "Encrypt Message"
(If we have the recipients public key,) simply clicking this should encrypt the mail to the recipient as seen below.
When you receive an encrypted email, simply click on "Decrypt Message".
Decrypting an email requires access to your private key (which is usually password protected.) Enter the password, Click "OK" and you should be good to go..
Give it a try [here], and let us know if you have bugs [here], comments, complaints or suggestions..
Thanks! I've been looking for something like this. Are you going to publish it on the Chrome Web Store?
ReplyDeleteThats a great idea Dave. We will kick it through. Please let us know if you have thoughts / ideas / bugs..
ReplyDeleteThanks for a great tool - have been looking for this!
ReplyDeleteIs it open source? Any way to verify security and privacy in this extension for us non-programmers?
Hi Troels.
ReplyDeleteYou are very welcome (in truth we use it a lot too) ;>
The src is available at: https://github.com/RC1140/cr-gpg/ (but this doesn't help too much if you are a non programmer)
What might help is knowing that we intentionally kept the tool really really simple (to minimize our chances of doing stuff wrong). We pass the heavy lifting to gpg (which regularly undergoes scrutiny by many).
Let us know how it goes for you ;>
I could not install the extension, see screenshot here:
ReplyDeletehttp://malatsblog.blogspot.com/2011/11/cr-gpg.html
Great! I've been looking for something like this for a while. Tell Haroon to give you a promotion!
ReplyDelete@Malat..
ReplyDeleteWe will do a quick check to see whats up (i suspect we've never run it on Win64).
@Dave
Done!
please fix it for win64 machines, it's a must have extension!
ReplyDeleteI'm working on a very similar extension except rather than use the gpg binary I'm working on making a JS library to handle that. Details are at: http://prometheusx.net/introducing-gmail-crypt/ Perhaps there would be some interest in working together?
ReplyDeletei will try it Sean, god bless you if works fine :-D
ReplyDeleteHi @malat.
ReplyDeleteThe last Chrome update that people got seemed to have a regression with plugins resulting in that error. (It should work fine on win64 now) and if you are still getting that error (with ours or other extensions), try downloading the file to a different directory (other than downloads) and adding it from there..
Should it work with new gmail theme?
ReplyDeleteHi Anon.
ReplyDeleteSadly GOOG didnt give us a heads-up before changing the Theme, so we are playing catch-up. Won't work on the new theme yet (although you can use the icon to use it manually till then)
We are on it..
Installing this (or attempting) just gives "Package is invalid: CRX_FILE_NOT_READABLE"
ReplyDeleteHi
ReplyDeleteTo fix the Package is invalid: CRX_FILE_NOT_READABLE error please follow the instructions @ (https://github.com/RC1140/cr-gpg/wiki/CRX_FILE_NOT_READABLE ) until Google fixes the issue.
thanks a lot, excellent work...!
ReplyDeleteI tried following the instructions from Jameel, but I still get the same error message.
ReplyDeleteCRX_FILE_NOT_READABLE ?
ReplyDeleteon which OS ?
I also get the "CRX_FILE_NOT_READABLE" error while following Jameel's workaround...using XP SP3 with Chrome...any HELP available?
ReplyDeleteHi Anonymous
ReplyDeleteI am busy looking into this atm and will let you know as soon as I have a solution
Hi Anonymous
ReplyDeleteI have tested this on WinXp SP3 using the latest version of chrome (Stable) with 0.7.5 of the plugin and the plugin works fine.
If you are still having issues drop me a mail at jameel [at] thinkst.com and I will see if I can help you out further.
Still trying to figure out where the "Directory with gpg binary" is. Is this the chrome Extensions directory?
ReplyDeleteHi Anon
ReplyDeleteThis is the directory on your system where the gpg binary is located. If you are not sure where its located , click the 'Use default' link next to the text box.
This will use the default for your system.
Hello,
ReplyDeleteNot yet sure if this is a bug or I am missing something obvious... Installed cr-gpg 0.7.8. It runs under Chromium 18.0.996.0 on Ubuntu 10.04 (32bit, i686).
I compose a message to my second address (and I have the key for that address), press Encrypt message, but nothing happens. When I click Sign message, I see the passphrase prompt, but OK button does nothing.
Hi Dmitri
ReplyDeleteFrom what you mentioned it sounds as if you might have a invalid path to your binary.
Can you please verify that when you save your options you get the options saved alert box.
Also if possible can you verify your options by either posting them here or sending me a mail @ jameel at thinkst.com.
Thank you for the quick reply, Jameel.
ReplyDeleteThere is no 'Options saved' box, but when I view Options next time, the path is correct.
For me the default path on ubuntu was incorrect. You can attempt to find it by typing "locate gpg | grep bin" in the console. For me it turned out to be /usr/bin/
ReplyDeleteWhere are the gpg app on mac os?
ReplyDeleteHi Pan.
ReplyDeleteYou need to install it from a package manager like mac ports or download and install from: http://macgpg.sourceforge.net/
Hi Pan
ReplyDeleteYou can use the command `which gpg` from the console to get the full path to the application (if its installed).
Alternatively its general location should be @ '/opt/local/bin/gpg' which is the default location cr-gpg uses.
I'm using WindowsXP Home. After I install the extension and try to configure the options using Default, I get an error "options saved but parameters provided invalic". It appears the path to the gpg binary is not correct - but I have no idea where it is. I'm not even certain it was installed. I've searched my hard drive for the directory and cannot find anything with "gpg" in the file name.
DeleteSuggestions?
Hi
DeleteThe prefered method for windows is to grab the gpg application from (http://www.gpg4win.org/).
They have a nice installer as well as various applications to get your started without the need to use the command line.
Once you have installed gpg4win the default path should work for you unless you install to a different location. In that case use the example provided as a means to find the gpg binary.
I hope this helps otherwise drop me a mail @ jameel at thinkst.com and I can try to help you out more.
Hi. I´m using GPGtools for mac and all I find is "/usr/local/macgpg2/bin/gpg2" which the addon do not recognize. What am I doing wrong.
ReplyDeleteRegards
Glenn
I found a workaround for OS X lion with GPGtools, Used the above mentioned path, and in the macgpg2 folder I copied and renamed gpg2 to just gpg, and everything works. Thank you very ,much for this excellent addon. Helps alot, Thanks again
ReplyDeleteRegards Glenn
Hi Glenn
ReplyDeleteThanks for providing a solution for others as well. Hopefully this will help others when they need to get setup.
How do you import other people's public keys and your own private keys? Should we just paste the keys in the "import keys" tab? When I try to export the keys using
ReplyDelete$ gpg --export or
$ gpg --export-secret-keys
my gpg doesn't attach the usernames/emails to them so I don't know how importing them would work if cr-gpg can't figure out who it corresponds to. Also, there should be a way to see which keys have been imported.
I can get it to install on both my mac (OS X Lion) or Windows 7 (32 bit) machines.
ReplyDelete* Basic functionality works fine on the Mac
* The "Encrypt Message" link doesn't show up on either
* On windows whenever I try to decrypt i get an invalid password error. I installed gpg to: "C:\Program Files\GNU\GnuPG\", and imported my entire keyring including secret keys using the GPA front end.
I'd really like this to work on my windows box. It's a great tool.
Hi
ReplyDelete@bkode Currently we can only import other users public keys. For you to import your private key you would need to use the base package provided by your OS. Finally we will probably be adding the feature to view existing keys in a future version.
@jason For windows it best if you gpg4win , its been found that the other versions don't seem to work as well. Also you mentioned that you imported all your secret keys , do you have multiple ? If so you need to set the one you want to work with cr-gpg as the default. This is a feature that we want to add in the future as well (the ability to select which secret key to use). Finally when you say the encrypt message doesn't show up , do you have any custom settings such as a different language in use.
Hi.
ReplyDeleteI do have multiple secret keys. How do I set a default?
No custom settings that I'm aware of. On the encrypt issue, I don't even get the "encrypt" link in the page itself. I've only tried the "encrypt" option from the cr-gpg tab pane. And when I do it looks like the computer is thinking & then the window just disappears without producing any encrypted text or putting anything on the clipboard buffer.
Thanks!
Looks nice but I fear putting a pass phrase into a web browser window :-( The WebGP extension let's gpg prompt for the phrase which is better, but it doesn't seem to integrate as well with gmail unless you press show original :-(
ReplyDeleteDoes this still work? Just installed the extension and I dont see the encrypt / decrypt links when using gmail / google apps... :-(
ReplyDeleteHi PC Smith
ReplyDeleteThe plugin is still working , can you provide some info as to your current setup ?
This might help spot a setup issue or incompatibility.
Thanks
Sure... Win 7 x64 Running GPG4win... 1.1.4 I think.
ReplyDeleteI've set up a key pair in the WinPT key manager that comes with it. My gpg binary is in: E:\Program Files\GNU\GnuPG\
I didnt know what to use for a temp folder so I created one in: C:\Users\*username*\AppData\Local\Google\Chrome\User Data\Default\GPG\ which I figured would be writable by the browser.
I dont see an encrypt link on the compose new email page in gmail... I do get a decrypt icon when reading existing mail though... However when I click it and enter my password it always says I entered the wrong PW.
If you'd like to troubleshoot this with me over email I'm at: pcsmith (at) hotmail dot com
i know u are able to reply fast .... nd i m also in such need of fast reply with ur help ...
ReplyDeletei m having my gpg4win installed at this location .... C:\Program Files\GNU\GnuPG\
and temporary file which can be written by browser are C:\temp or C:\Users\Sitaram\AppData\Local\Google\Chrome\User Data\Temp
i tried both of them , but still one thing of error is "options saved but parameters provided are invalid "...
i m hopeless and helpless , hopefully needing ur help on urgent based ....
For everyone not seeing the Encrypt, Decrypt and Verify buttons in Gmail (like me at first), here's what's up.
ReplyDelete1) To encrypt, you need to click "Plain Text" at the end of the Rich Text editing buttons. Then the Encrypt link shows up at the left end of that row of links and icons.
2) The decrypt and verify icons are at the upper top right of the message area when reading email. It doesn't make sense to have a decrpyt and verify button on the Compose screen.
Now, onto my problem :) I am on Windows 7 64-bit. I sent an email to myself to test it out, and it is unable to verify, saying that no public keys were found for the recipient. But when I copy the entire email to Notepad and save it, I am able to verify at the command prompt with
gpg --verify "name of file.txt"
so it appears there's something going on with your plugin. Also, with the manual launcher in the top right corner (excellent for use with other sites, like social networking, btw) I am able to sign and encrypt text but cannot verify. I have to do the same trick to copy the text to Notepad, save it, and verify it from the command prompt. Being able to verify from either GUI implementation would be wonderful. Not working for me, yet. I'm wondering if your code is selecting my full name as well as email address when searching for keys and not just searching for the email address. Besides that, why is your plugin even searching for keys for the recipient in the first place when gpg is able to properly verify from the command line without specifying a key?
Hi Steve
ReplyDeleteWe only use the email when searching for keys. With regards to the verification stating that no public keys were found , It sounds like you may be getting a generic error message that was not intended for that section, this usually happens when then plugin is not communicating with the browser correctly. Can you verify that the plugin is able to encrypt emails for you ?
Hi Jameel. Yes, it Encrypted immediately and without error.
ReplyDeleteHi Steve
ReplyDeleteI will need to look into it a bit more and get back to you, the plugin is running the exact same command that you mentioned in the first post to verify a plugin.
Okay. If it helps, the error message appears twice.
ReplyDeleteWhen I decrypt a message & reply, the encrypted version of the message is quoted in the reply.
ReplyDeleteIs that expected behaviour, or is there any way to quote the decrypted version?
Hi Anon
ReplyDeleteThat is expected , we don't make the decrypted text available anywhere except temporarily when you click the decrypt button. Unfortunately the only way I can think of you quoting text in a reply is with a manual copy and paste. If you think this is a feature others will need then please log an issue over at http://github.com/rc1140/cr-gpg/issues .This will allow us to track the progress and let you know when the feature is released.
hello first off great extension nice to see more ways to encrypt email
ReplyDeletemy question is is there any chance that this can be made portable ie to run off a USB stick
thanks in advance
Glen
so....this is what i did
ReplyDeletedownloaded http://www.gpg4win.org/ as well as the plugin set it the plugin to my install dir,
and no go? what am i missing?
Hi, thanks so much for your work on this much needed package. :-)
ReplyDeleteI installed it yesterday and had it working fine, but today I can no longer see the decrypt button (I can still see the encrypt one, and I can still decrypt manually by cutting and pasting into the tool box). Any suggestions?
I'm using Windows XP, Chrome 19.0.1084.52 and Cr-gpg (Version : 0.7.8)
Thanks, Holly
Awesome extension, big up the thinst.com crew!
ReplyDeleteThis is really great. I have two questions though:
ReplyDelete1.) Being a Google Apps user, I'd like to switch to German language with the general user interface. If I do so, the buttons for Decrypt message and Encrypt message do not show up. When I switch to "English (US)" everything is fine. Any chance to show the buttons also in different languages? ;-) If this is just the German translation missing, I'm happy to help with that.
2.) When decrypting a message, inbound base64 attachments (from multipart messages) are not shown as attachments any more, but just with pure base64 code. Do you see a chance that this can be shown as a regular attachment in the future?
Thank you for developing such an important extension. However, during installation I am asked to grant access to "All data on your computer and the websites that you visit". This does not sound like the kind of thing that I want to do when I am aiming to increase my security situation thru the use of GNU Privacy Guard. I wonder if you might consider completely removing this requirement from the installation. I am unable to use the extension in its current form.
ReplyDeleteHi! I'm trying cr-gpg (0.7.8) on Windows XP (SP3) 32-bit, Google Chrome 21.0.1180.79, Gpg4win 2.1.0.
ReplyDeletecr-gpg installs, but if I try setting the "Directory with gpg binary" and "Temp folder path" options by clicking "Use Default", the paths entered are:
/opt/local/bin/
and
/tmp/
which are obviously incorrect (on a win32 system). If I click Save, I get an error message (as expected): "options saved but parameters provided are invalid."
No matter the incantation used in the path fields, I always see this error message when clicking Save. Here are the paths I've tried:
C:\Program Files\GNU\GnuPG
and
C:\Documents and Settings\username\Local Settings\Application Data\Google\Chrome\User Data\Temp
C:\Program Files\GNU\GnuPG\pub
and
C:\Documents and Settings\username\Local Settings\Application Data\Google\Chrome\User Data\Temp
C/Program Files/GNU/GnuPG
and
C/Documents and Settings/username/Local Settings/Application Data/Google/Chrome/User Data/Temp
C/Program Files/GNU/GnuPG/pub
and
C/Documents and Settings/username/Local Settings/Application Data/Google/Chrome/User Data/Temp
/Program Files/GNU/GnuPG
and
/Documents and Settings/username/Local Settings/Application Data/Google/Chrome/User Data/Temp
/Program Files/GNU/GnuPG/pub
and
/Documents and Settings/username/Local Settings/Application Data/Google/Chrome/User Data/Temp
What am I missing?
Hello... I also cannot configure
ReplyDeleteDirectory with gpg binary
Temp folder path (writable by the browser)
I am using chrome on a MAC with gpgtools
@ Anonymous (August 1, 2012)
ReplyDeleteThe language specific changes have been made to the repo (http://github.com/rc1140/cr-gpg) and will be rolled
into the next version. I am not 100% sure what you are referring to with the attachments , if you could drop
me and email with a bit more details.
@John Brown
This requirement you are referring to is because we use npapi which google does not have control over as such
they mark the plugin as having full access. If you have a look at the manifest.json (https://github.com/RC1140/cr-gpg/blob/master/chromeExtension/manifest.json) which describes the plugin you will see that we currently only
require access to gmail.com and the ability to pop open the options tab when you have not updated your settings.
@Nom De Guerre
The first iteration of your options should work but your temp settings may be a little to long and be causing something
to go wrong internally. Try creating a temp directory like c:\temp and making sure your user has access to the folder.
As mentioned to other users , drop me a mail directly and I can help to see what you are doing differently from the other
users.
@ Anonymous (August 28, 2012)
You can use the command `which gpg` from the console to get the full path to the application.
Alternatively its general location should be @ '/opt/local/bin/gpg' which is the default location cr-gpg uses.
As mentioned to the previous users , drop me a mail so that I can get more details to figure out what might be
different.
This post has gotten quite long , but if you require support drop me a mail @ jameel at thinkst.com
and I will try my best to help you out
Jameel,
ReplyDeleteThank you for the explanation regarding manifest.json. The msg "All data on your computer and the websites that you visit" is unfortunate.
I have another question. When I am composing a gmail using the web interface, I strongly suspect that the web form is auto-saving at frequent intervals. If this is so, then my partially composed message is being transmitted to google's servers multiple times "in the clear" until the cr-gpg "Encrypt message" is clicked. Does cr-gpg disable such auto-saving? What am I missing? thanks...
Too bad General Petraeus and Broadwell didn't know about this.
ReplyDelete;-P
Hi it looks like the new compose window breaks the plugin again. Its possible to bring the buttons back by -> choosing the small down arrow icon in the bottom right -> then selecting 'temporarily switch back to old compose'. Dont know how long gmail will keep that function though.
ReplyDeleteHI the auto save thing mentioned by JohnBrown above seems to kill the use of this plugin? Is there any way to disable that feature?
ReplyDeleteIs this completely abandonded by now? I just found this, and I like the approach to use gpg (the program) directly instead trusting private keys into some javascript! But this doesn't even install anymore as it's NPAPI
ReplyDelete