Mailvelope

Frequently Asked Questions

Origins

What is the purpose of this project?

Mailvelope is an easy-to-use web-browser extension which brings OpenPGP encryption to webmail services such as Gmail™, Yahoo™ and others. With its unintrusive interface fully integrated into your webmail service, Mailvelope instantly secures your personal and professional email communications.

What is the history of this project?

A well-known ancestor of this project is FireGPG developed by Maximilien Cuony and others starting around 2007 and discontinued in 2010. Mailvelope is a new project without dependencies to GPG. It's based on OpenPGP.js which is an open source project that was initially developed by recurity-labs.com. Mailvelope's development started in March 2012 and has been available in the Chrome Web Store since August 2012.

Features

Is message signing supported or will this be supported in the future?

Yes, signing of cleartext messages is supported. Signing of encrypted messages is a planned feature.

What if I forget my password?

Mailvelope does not have a password recovery mechanism. If you forget your password or lose your private key, there is no way to recover any encrypted message.

Is feature xyz supported or are there any plans to do so?

Please check first if there is already a feature request in the list of planned enhancements. You can also follow the status of development here. If you can't find your proposal, create a new issue or just send an email to support@mailvelope.com.

Security

Where are my keys stored?

Mailvelope stores the keys in the local storage of the browser and only there. This is a file in the user data directory of Chrome or the profiles folder of Firefox. If you clear temporary browsing data this will not affect the key storage of Mailvelope. If you delete the Mailvelope Chrome extension, then the key storage will also be removed from your file system. On Firefox there is an additional confirmation dialog once you remove the Mailvelope add-on that allows to delete all keys or leave them in the profile folder of the system.

How is the private key protected? Can anyone with access to my computer get the private key?

The private key in general is locked with a password. That means for all operations that require a private key like decrypting or signing of a message both components are required: the private key and the password. When exporting a private key to an armored text file (the one starting with BEGIN PGP PRIVATE KEY BLOCK) the secret part of the private key is encrypted with the password. This is also the format used to store the private key in the local storage of the browser. So Mailvelope stores and exports the private key in encrypted form.

Additional notes:
  • The OpenPGP standard also allows private keys without password, although they are rarely used. Usage of such keys with Mailvelope is not recommended.
  • Given the scenario that an attacker is able to steal the private key, the resilience against brute-force attacks on the encrypted private key depends on the quality of the password. An ideal password should be complex and consist of a mixture of upper-case letters, lower-case letters, numbers and/or special characters.
  • Mailvelope, as end-to-end encryption software in general, relies on secure endpoints. If one of the computers on both sides of the communication is compromised (e.g. with a key logger) encryption won't help. Among other measures, unrestricted access to your computer should be avoided.
  • GPG follows a similar security model for private keys: the keyring as such is not encrypted, only the individual private keys. Anyone with local access can export private keys with: gpg --export-secret-key -a
  • The setting "Automatically send usage statistics and crash reports to Google" in Chrome should not be activated, because in the event of a crash, parts of memory containing private key material might be sent to Google.

When I install the extension it asks for the following permissions: "This extension can access: Your data on all websites, Your tabs and browsing activity." Why is this required?

The reasons why these permissions are required are the following:

Why data on websites?

Mailvelope scans the website of your webmail provider for PGP messages. As soon as a message is found it injects a small portion of HTML into the site to display the user interface elements for Mailvelope, such as the encryption buttons, the frame that is drawn around the PGP text, etc. For these operations, Mailvelope requires access to data on websites.

Why data on all websites?

Mailvelope comes preconfigured for a set of webmail providers, but it can be extended to work theoretically with all providers. This means you can add your favorite webmail provider to a watch list and it is then also part of the scanning process described above. Since Mailvelope cannot know which providers will be added, it needs to have access to all websites to stay customizable.

Why your tabs and browsing activity?

This permission is required to open the options page when you click on Mailvelope's 'Options' browser action. It also allows Mailvelope to inject the elements for its user interface as described above.

How does the automatic update process work for Mailvelope?

The normal installation and update procedures are as follows:

Google Chrome

Mailvelope is initially downloaded from the Chrome Web Store by the user. Chrome will automatically check for updates on the Chrome Web Store and install them. Google ensures the security of the download and update mechanism of Mailvelope in the same way as the automatic update mechanism of the Chrome browser itself.

Firefox

Mailvelope is initially downloaded from our server download.mailvelope.com. Firefox by default will regularly check for updates on our server and download and install them automatically. The download.mailvelope.com server provides HPKP therefore a TOFU (Trust on first use) model is applied: the user has to trust the first download, all subsequent checks for updates are secured with the certificate pinning of HPKP. You can also verify the first download as described in: How can I verify Mailvelope downloads?

Bugs

What should I include in a bug report?

Before sending a bug report, please always restart the browser and check if the problem persists.

A bug report should include the following information:
  • Short description of the problem
  • Type and version of operating system
Google Chrome
  • Browser version, type about:version in the address bar
  • If Mailvelope does not report any error message, the logs might have valuable information:
    • On the tab of your webmail provider hit Ctrl+Shift+J and add any errors in red to the report
    • Additionally, open the extensions page by typing chrome:extensions into the address bar
    • On the top right of the page enable developer mode
    • In the Mailvelope entry on the page click on background.html
    • A new browser window comes up, ensure that the tab Console is active and again add any errors in red to the report.
Firefox
  • Browser version, see find version.
  • If Mailvelope does not report any error message, the logs might have valuable information:
    • Restart the browser
    • Try to reproduce the problem
    • Open the browser console with + + (for Mac: + + ). And add the content of the console window to the report.

Installation

Connection failure when downloading the Firefox add-on

When downloading the Mailvelope Add-on you receive an error message: This add-on could not be downloaded because of a connection failure on download.mailvelope.com

There exist the following possible solutions:
  • Temporarily deactivate antivirus software and other installed Firefox add-ons listed in the about:addons section
  • Manually install the Mailvelope add-on:
    • Right click on download.mailvelope.com and choose Save link as... to download the mailvelope.firefox.xpi file. Should this fail in Firefox, downloading the file in other browsers like Google Chrome or Internet Explorer is an alternative.
    • Enter about:addons in the address bar of Firefox to navigate to the Add-on Manager.
    • Click on the gear wheel, choose Install Add-on from file... and then select the downloaded mailvelope.firefox.xpi.
    • Confirm the installation process.

How can I uninstall Mailvelope?

How can I verify Mailvelope downloads?

Besides the normal installation procedure described in How does the automatic update process work for Mailvelope? we also offer signed installation packages on GitHub: https://github.com/mailvelope/mailvelope/releases.

For all installation packages of Chrome and Firefox:

  • mailvelope.chrome.crx
  • mailvelope.chrome.zip
  • mailvelope.firefox.xpi

there is a corresponding .asc file that contains a signature of our Mailvelope code signing key 16F4 5CCC 1848 12B4 AC93 0EF3 60DD 1F16 B339 0CD1 that can be used to verify authenticity and integrity of the installation packages.

With GPG, after you have imported the code signing key, you can verify e.g. the Firefox installation package with:

gpg --verify mailvelope.firefox.xpi.asc mailvelope.firefox.xpi

Notes on manual installation of Mailvelope:
Chrome

You can unzip the mailvelope.chrome.zip file and then load the extension into Chrome as described in: Load unpacked extension. Alternatively, you can drag and drop the mailvelope.chrome.crx file onto chrome://extensions. For both options automatic updates are not supported, which means you have to manually download and install updates with the same procedure.

Firefox

Drag and drop the mailvelope.file.xpi onto Firefox to manually install Mailvelope. Alternatively use: Tools > Add-ons > Install Add-on from File...

Automatic updates as described in How does the automatic update process work for Mailvelope? are active by default in Firefox also for the manually installed Mailvelope add-on. You can turn off automatic updates in the about:addons section of Firefox, but you then have the responsibility to manually update in order to not miss any critical security updates.