digg

Facebook Connect Join Digg About

FireGPG: Firefox plugin for GPG in Gmail

firegpg.tuxfamily.org FireGPG is a Firefox extension which brings an interface to crypt, decrypt, sign or verify the signature of a text in any web page, using GPG.

Who dugg this? Made popular Apr 4, 2007

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

53 Comments

show profanity settings
expand all
  • 47knight, on 10/12/2007, -7/+41I'm probably going to be dugg down for this, but what exactly does this add-on do??
  • kahrn, on 10/12/2007, -1/+18ntfs, you're an idiot. Oh wait a second, terrorists are using cars! Let's ban cars. Oh *****! they're breathing in oxygen. Let's ban oxygen. Hey! They're using MSN! Let's ban MSN. Oh to hell with it, let's just ban the internet. They're using our tubes.

    We've been using encryption since before computers were around.. and if things like GPG were not around, then wouldn't terrorists just make their own software and encryption algorithms to achieve what they need to do?

    Privacy is a right. GPG is a way to enforce it in the modern world. If you don't mind people reading your email, stealing your bank details, and all the rest than that's fine. Hey? Wait a second, surely you've used SSL sometime. What makes you so sure terrorists don't use SSL for communication? Pretty much every shopping site uses SSL, and it's also used in all sorts of communications and applications.
  • inactive, on 10/12/2007, -1/+18It adds the ability to us GPG (GPL encryption/decryption) with GMail.
    http://en.wikipedia.org/wiki/GNU_Privacy_Guard

    You can encrypt your emails as they go out to certain people, and anyone with your public key can decrypt them. You can also decrypt emails that you have the public keys for.
  • anjori, on 10/12/2007, -3/+16I wish I could digg your comment down twice.
  • fulldecent, on 10/12/2007, -1/+12Privacy is good. You, my good sir, do not belong on digg.
  • ajbarnes, on 10/12/2007, -1/+11Yes, it's a replacement for the PGP suite of cryptographic software, released under the GNU General Public License.
  • TechCF, on 10/12/2007, -1/+10Maybe you got something to hide? I see locks on your door and your home
  • ajbarnes, on 10/12/2007, -1/+9You shouldn't get dugg down, but let me try to answer that question,


    It's an extension for firefox that encrypts the text of emails within Gmail.

    I just installed it myself. It communicates directly with GPG that you should have installed on your system to encrypt the text.

    Does that make any sense? Hope it does
  • hometoast, on 10/12/2007, -0/+7FYI: This does NOT require WinPT. It only requires a valid installation of gpg. I'm using it with GnuPG cli
  • TechCF, on 10/12/2007, -0/+7Found a bug, reported it, and got an answer right back within the hour. Great :)

    Basically it will not eat hyphens in the start and end of pass phrases. The author tells me it will be fixed soon
  • bugeyedmonster, on 10/12/2007, -1/+7The comment about it not working on Mac is BS. I tried it before I read the download page properly -- :D -- and it works GREAT. I'm completely wrapped!
  • blubloblu, on 10/12/2007, -2/+8I was looking for something like this, the other option is to use Gmail with Thunderbird + Enigmail. I'm not sure if I would trust this extension though, even the spelling on the website is a bit iffy.
  • chapium, on 10/12/2007, -1/+6It allows you to encrypt and decrypt gmail messages. See this for more info: http://en.wikipedia.org/wiki/Public-key_cryptography
  • ZenMasterJG, on 10/12/2007, -1/+6No, GPG is, sort of. This just allows you to more easily use GPG within gmail.
  • TechCF, on 10/12/2007, -0/+5It gets encrypted with whatever key and encryption strength your key and gpg is configured for.
  • cinnix, on 10/12/2007, -6/+11No I totally agree with him. Who wants encrypted information? All sensitive data should be stored in plain text only. And we should abolish all secure protocol because if we do, there will be no more adulterers, pedophiles, or any other type of criminal left in the world.
  • Neiby, on 10/12/2007, -1/+6@ntfs: Please stop commenting. It will save the rest of us the trouble of digging all your comments down.
  • elusive, on 10/12/2007, -0/+4"I'm not sure if I would trust this extension though, even the spelling on the website is a bit iffy."

    That would probably be because both developers are French. If you are weary someone could audit the code. Just unzip the plugin package to get to it.
  • mogydy, on 10/12/2007, -0/+4"both developers are French"

    not true actually, one of them is French, but the other is Moroccan.

  • ryanknapper, on 10/12/2007, -2/+6"the other is Moroccan."
    You take that back!
  • ubuwalker31, on 10/12/2007, -1/+4@ntfs
    "great, more technology to aid terrorists and child porn distributors :eyeroll:"

    There should be a new logical fallacy, similar to Reductio ad nazium / Reductio ad hitlerum, which should be Reductio ad terrorum et pedophillum.

    There are a variety of legitimate uses for encryption in the public sphere: encrypting sensitive corporate e-mails that contain trade secrets; encrypting doctor patient communications; encrypting lawyer client communications; encrypting e-mails between journalists and anonymous sources; encrypting love letters; encrypting a list of items you want to buy for Christmas.

    It is a legitimate concern that terrorists, pedophiles, and murderers will encrypt their illegal activities too. Therefore, when they are caught, they should be required by a court order to turn over their encryption keys. That is the current rule, and it works, and allows everyone the freedom to communicate privately, with the *least amount of restriction possible*. No rights are absolute -- but if they are restrictions on those rights -- those restrictions must be carefully tailored, and be the least detrimental alternative means available to protect the governmental and societal interest in that restriction. Banning cryptography outright is too overbroad...but banning its use for terrorists and child porn is fine.
  • aallaann, on 10/12/2007, -0/+3FireGPG does not store any keys. It is just an interface to Gnu Privacy Guard (GPG) which handles all the keys. Your private key is protected by a passphrase (which is only as good as you make it...) If you have GPG on your computer, I think the threats to your key are pretty much the same whether you use FireGPG to acces it or not. A browser bug that gives local file access to a remote site would be one way to lose your key store. A keylogger would be another way to do mischief. The combination of the two would be a complete break. That would be true whether or not you use FireGPG.
  • misterjangles, on 10/12/2007, -1/+3As they say, there's no stupid questions - only stupid answers. GPG has always been a little confusing and difficult to set up anyway.

    One other cool think you can do is allow your visitors can fill out a form on your site and have GPG encypt and send it you your email. That's useful for taking orders or collecting sensitive information. Setting up GPG on the receiving end has always been the difficult part, so hopefully this FireFox plugin offers an easier alternative. SimpleSecure is a free Perl script that you can use on your site to do that: http://www.verysimple.com/products.page
  • diegoman, on 10/12/2007, -0/+2It seems it can only verify text that is on screen, It would be nice if it could verify source code, for web pages signed with PGP/GPG.
  • SjRaptor, on 10/12/2007, -0/+2@ iamcitizen, to correct you and to clear up any misunderstanding on public key crypto:

    You generate two keys, a public key and a private key. You store your private key in a safe and secure location and do not let anyone have access to it besides you. This key is used to decrypt messages. If you delete this key, it's gone. No way to get it back. Ok, so now what about the public key? The public key is distributed and exchanged with others you wish to communicate securely with. You get other people's public keys, and they get your public key.

    Onto email,
    you encrypt email using the (intended) recipients public key. once the recipient gets the email, they can decrypt it then using their private key. You cannot decrypt messages using public keys. When they send a message back to you, they encrypt the message using your public key which you then will be able to decrypt using your private key.

    Hope this clears up any confusion for the original poster.
  • AlanCayce, on 10/12/2007, -0/+2Anyone see the encryption rate?
  • kaervas59, on 10/12/2007, -0/+2Crap! I don't have any other reason for not sign my email :(
  • TechCF, on 10/12/2007, -0/+2I'm using it with Gpg4win. Just give it the path to gpg.exe and reload the options and select the default key.
  • Stonekeeper, on 10/12/2007, -1/+3crypt is actually an encryption method.

    See:
    http://www.mkssoftware.com/docs/man1/crypt.1.asp
    http://uk3.php.net/crypt
    http://crypt.rubyforge.org/

  • lengau, on 10/12/2007, -0/+2FireGPG would work fine, but you would have a problem with WinPT. Whoever does this would have to change the FireGPG source to accept a Portable Apps-ized version of WinPT. Once that's done, however, I'll probably start using Portable Firefox + FireGPG for sending e-mail when I'm not at home (rather than just not sending e-mail when I'm away from my computer).
  • inactive, on 10/12/2007, -3/+4Evolution works fine for me, and it integrates with Seahorse in GNOME 2.18 nicely. Pretty much no setup, it just reads your ~/.gnupg folder.
  • bugeyedmonster, on 10/12/2007, -1/+2The main thing I'm already using this for -- and I only downloaded it half an hour ago -- is to encrypt sensitive information on our corporate intranet. Some items -- in particular passwords -- are kept there, but should only be readable by authorized members of my team. We have been cutting and pasting up 'til now, but as of tomorrow, this plugin is going to be mandatory for all team members!
  • nlschd, on 10/12/2007, -0/+1Seems to work to me although I would not recommend this for production cooperate environment just yet as it is still in beta.
  • markekeller, on 07/31/2008, -0/+1Considering how they want to be able to spy on us all - I think not.

    And this plugin sounds great! Just what I was looking for!
  • Brivido, on 10/12/2007, -0/+1Anyone tried to make a portable version of Firefox with GPG and FireGPG (similar to Thunderbird with Enigmail: http://portableapps.com/apps/internet/thunderbird_portable )?

    Thanks
  • kingbin, on 10/12/2007, -0/+1Has anyone taken the time to see how the secure key is stored? I just wonder if some firefox exploit would expose the private key leaving the only layer of protection that long passphrase seed. Even then, does it attempt to cache the passphrase for ease of use? Could someone using this extension shed a little light on some of the interaction of the util? I'm a little weary using this...
  • kaervas59, on 10/12/2007, -0/+1WinPT is not portable but if you copy your folder on usb key it worsk.

    So the setup is

    Portable Firefox + FireGPG + Folder of WinPT

    Verify the folder reference in FireGPG for not screw everything.

    That setup works fine for me.
  • chrismar, on 10/12/2007, -0/+1@TechCF: Did all that, still getting an error about an invalid password. :
  • hakujin, on 10/12/2007, -0/+1I have mine setup but still need a public key. How are we windows users to point to a public key server since we have no conf file?

    using GnuPG binary for Windows and this extension...

    @TechCF: what do you mean, 'default key'?
  • SharkyTech, on 10/12/2007, -3/+3"interface to crypt, decrypt"
    Are you sure it doesn't 'encrypt' rather than 'crypt'? Does it have something to do with a tomb??
  • chrismar, on 10/12/2007, -2/+1It doesn't seem to work with GnuPG 1.4.7 or Gpg4win 1.0.9 (http://www.gpg4win.org/index.html).
  • inactive, on 10/12/2007, -3/+1sounds like hokeywhiteboy is having a guilttrip
  • skinjester, on 10/12/2007, -10/+6its a reasonable question 47knight. Even with a basic understanding, I'm not entirely sure how this would be used day to day. Would anyone care to share a walkthrough? For example, if I wanted to encrypt my communication with my mother, what would she have to do?
  • HomieAS, on 10/12/2007, -10/+5I want to know the same thing!
  • hiPpymIck, on 10/12/2007, -6/+1free easy encrypted email..
    https://www.hushmail.com/
  • eihwaz, on 10/12/2007, -12/+6For those who want to know: no, it's not for Mac.
  • ntfs, on 10/12/2007, -12/+1if you're building cars with a bomb compartment in the backseat then yeah, that should probably be banned
  • zmigliozzi, on 10/12/2007, -15/+3So is this like a spin off of Zimmermans Pretty Good Privacy?
  • inactive, on 10/12/2007, -18/+2
    Incidentally, this Firefox plugin was developed by the Bush administration.
  • Fetching more discussions...
    Show 51 - 53 of 53 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.