Mailvelope is an easy-to-use web-browser extension which brings OpenPGP encryption to webmail services such as Gmail™, Yahoo™ and others. With its unintrusive interface fully integrated into your webmail service, Mailvelope instantly secures your personal and professional email communications.
A well-known ancestor of this project is FireGPG developed by Maximilien Cuony and others starting around 2007 and discontinued in 2010. Mailvelope is a new project without dependencies to GPG. It's based on OpenPGP.js which is an open source project that was initially developed by recurity-labs.com. Mailvelope's development started in March 2012 and has been available in the Chrome Web Store since August 2012.
Yes, signing of cleartext messages is supported. Signing of encrypted messages is a planned feature.
Mailvelope does not have a password recovery mechanism. If you forget your password or lose your private key, there is no way to recover any encrypted message.
Please check first if there is already a feature request in the list of planned enhancements. You can also follow the status of development here. If you can't find your proposal, create a new issue or just send an email to firstname.lastname@example.org.
Mailvelope stores the keys in the local storage of the browser and only there. This is a file in the user data directory of Chrome or the profiles folder of Firefox. If you clear temporary browsing data this will not affect the key storage of Mailvelope. If you delete the Mailvelope Chrome extension, then the key storage will also be removed from your file system. On Firefox there is an additional confirmation dialog once you remove the Mailvelope add-on that allows to delete all keys or leave them in the profile folder of the system.
The private key in general is locked with a password. That means for all operations that require a private key like decrypting or signing of a message both components are required: the private key and the password. When exporting a private key to an armored text file (the one starting with
BEGIN PGP PRIVATE KEY BLOCK) the secret part of the private key is encrypted with the password. This is also the format used to store the private key in the local storage of the browser. So Mailvelope stores and exports the private key in encrypted form.
gpg --export-secret-key -a
The reasons why these permissions are required are the following:
Why data on websites?
Mailvelope scans the website of your webmail provider for PGP messages. As soon as a message is found it injects a small portion of HTML into the site to display the user interface elements for Mailvelope, such as the encryption buttons, the frame that is drawn around the PGP text, etc. For these operations, Mailvelope requires access to data on websites.
Why data on all websites?
Mailvelope comes preconfigured for a set of webmail providers, but it can be extended to work theoretically with all providers. This means you can add your favorite webmail provider to a watch list and it is then also part of the scanning process described above. Since Mailvelope cannot know which providers will be added, it needs to have access to all websites to stay customizable.
Why your tabs and browsing activity?
This permission is required to open the options page when you click on Mailvelope's 'Options' browser action. It also allows Mailvelope to inject the elements for its user interface as described above.
The normal installation and update procedures are as follows:
Mailvelope is initially downloaded from the Chrome Web Store by the user. Chrome will automatically check for updates on the Chrome Web Store and install them. Google ensures the security of the download and update mechanism of Mailvelope in the same way as the automatic update mechanism of the Chrome browser itself.
Mailvelope is initially downloaded from our server download.mailvelope.com. Firefox by default will regularly check for updates on our server and download and install them automatically. The download.mailvelope.com server provides HPKP therefore a TOFU (Trust on first use) model is applied: the user has to trust the first download, all subsequent checks for updates are secured with the certificate pinning of HPKP. You can also verify the first download as described in: How can I verify Mailvelope downloads?
Before sending a bug report, please always restart the browser and check if the problem persists.
Ctrl+Shift+Jand add any errors in red to the report
When downloading the Mailvelope Add-on you receive an error message: This add-on could not be downloaded because of a connection failure on download.mailvelope.com
Besides the normal installation procedure described in How does the automatic update process work for Mailvelope? we also offer signed installation packages on GitHub: https://github.com/mailvelope/mailvelope/releases.
For all installation packages of Chrome and Firefox:
there is a corresponding
.asc file that contains a signature of our Mailvelope code signing key 16F4 5CCC 1848 12B4 AC93 0EF3 60DD 1F16 B339 0CD1 that can be used to verify authenticity and integrity of the installation packages.
With GPG, after you have imported the code signing key, you can verify e.g. the Firefox installation package with:
gpg --verify mailvelope.firefox.xpi.asc mailvelope.firefox.xpi
You can unzip the
mailvelope.chrome.zip file and then load the extension into Chrome as described in: Load unpacked extension. Alternatively, you can drag and drop the
mailvelope.chrome.crx file onto
chrome://extensions. For both options automatic updates are not supported, which means you have to manually download and install updates with the same procedure.
Drag and drop the
mailvelope.file.xpi onto Firefox to manually install Mailvelope. Alternatively use: Tools > Add-ons > Install Add-on from File...
Automatic updates as described in How does the automatic update process work for Mailvelope? are active by default in Firefox also for the manually installed Mailvelope add-on. You can turn off automatic updates in the
about:addons section of Firefox, but you then have the responsibility to manually update in order to not miss any critical security updates.