GPG Encryption & Signatures for GMail and Apple Mail
I recently bemoaned the lack of PKI support in Google Mail, only to be proven wrong when I happened upon the FireGPG project this morning: A firefox extension that uses an external GPG binary to handle ASCII armoured email signatures and encryption. The embedded ASCII armoured signature flavour involves adding a block of text at the end of an email, and sometimes requires adding escape characters into the email itself which is kinda clunky and ugly. The developers are working on adding PGP/Mime signature attachments though — where all the GPG gunk is ferretted away into an attachment so that the body of the email is left untouched — providing the other missing part of my requirements for taking Google Mail seriously.
The FireGPG project seems to be very active and is releasing often, so I’m hoping that the PGP/MIME support will be available by the time Google has set a Gears enabled offline capable GMail loose.
Although I use Safari as my primary browser, I also keep a copy of Firefox around for occasional sites that don’t work in Safari (cough my bank! cough), and for web development, so I don’t lose anything by launching Firefox to read my email instead of Mail.app, where I currently have to install and configure the GPGMail bundle to get encryption and digital signature support. But more about that in another post…
2 Responses so far
2007.06.05@11:47 am
Neat – i currently use GMail quite a lot, and this should come in quite handy.
With regard to FireFox, 9 times out of 10 it seems to run noticeably slower on my macbook – something is very wrong when in 2007 you can’t even scroll a webpage without it lagging and using up questionable amounts of memory. Though of course for web development, it beats everything else to a pulp – so i guess its an acceptable compromise.
Personally i just use Camino for normal browsing, which nicely integrates with the Mac OS X keychain, plus its not as slow. The only problem is, it doesn’t really support extensions, let alone FireGPG
Although… perhaps some applescript hacking could help to provide the equivalent functionality.
2007.06.05@12:16 pm
Hi James,
Yeah, I’ve found that when I’m using FF, it’s good to start it up, do what I gotta do, and then shut it down. Safari on the other hand, I often leave running for weeks on end before it starts to suck all the spare cycles out of my CPU.
I haven’t actually tried FireGPG, so it might not be a great implementation. I presume that Google will open source the Safari Gears bundle, and FireGPG already proves that it’s technically feasible to brute force signature/encryption glue into a GMail message. All the hard work has been done, it’s just a Simple Matter Of Programming (TM) to take the eventual Safari Gears bundle sources, and hack in a FireGPG-a-like GPG callout
Not to mention a great way to gain hacker kudos for the person who actually does it…