We have discussed how to secure your email from prying eyes using PGP in Windows (see Secure your email with Gpg4win Part 1 and Part 2 ). However, even a quick glance at those articles will tell you that while very secure, the process is far from easy and requires technical know-how and quite a bit if fiddling around to set up (a process that everyone you wish to securely communicate with will need to go through).
For casual secure encryption of all your email and messaging, the Encrypted Communication extension for Firefox provides a secure easy-to-use alternative. It uses end-to-end encryption so that a message is encrypted on your computer and only decrypted on a recipient’s computer (i.e. when travelling over the internet it is always encrypted) using a 256-bit AES cypher (the cypher used by the US government for its secure communications).
The only requirement for a recipient to decrypt the email is for them to be using Firefox with the Encrypted Communication extension installed, and to know the password you have specified. This can be either a shared secret, or passed on through a different channel of communication (in-person is best, but a secure IM session using something like Pidgin + OTR is a good alternative).
We should note that there are other extensions available which seem to offer similar functionality, and which we often see recommended on the internet, but which should be avoided. Both SafeMail for Chrome and Enlocked (multiplatform) send your email to their servers for decryption, which means it at least as vulnerable as mail sent to Hushmail (i.e. they do not offer end-to-end encryption). Furthermore, the SafeMail decryption page is not even SSL encrypted!
1. Go to the Download page, click ‘ + Add to Firefox’, followed by ‘Install now’ and ‘Restart Now’.
3. You will be asked to enter a password of your choosing.
4. The message is now encrypted and can be sent off as normal.
1. The recipient will find the message encrypted. If they are using Firefox with the Encrypted Communication extension installed (see above, there is also a link to the download page included in the encrypted email), they can right-click anywhere in the body of the message and select ‘Decrypt Communication’.
2. Simply enter the password specified by the sender (and verify a second time), et voilà, the message is decrypted. It really couldn’t be simpler!
One of the best things about the Extended Communications extension is that it can be used most places where there is a text box to fill in. We tried it with Facebook, and while we couldn’t post an encrypted message to our Wall, it worked a treat when used with Facebook Chat/Message.
PGP encrypted communication using shared key exchange is the most guaranteed and effective way of securing your email communication. However, the Extended Communication extension for Firefox provides a high degree of security while also being ridiculously easy to use, which makes it ideal for non-techies and for non-critical communication.