Google open-sources its end-to-end email encryption plugin for Chrome

padlock-597495_1280

Google Inc. has announced that its experimental end-to-end encryption system E2Email is being released as open source code.

The Chrome plugin and its underlying code allows users to encrypt, decrypt, digitally sign and verify signed messages within their browser using OpenPGP, a protocol for encrypting email communication using public key cryptography based on the original PGP (Pretty Good Privacy) standard.

In more simple terms, the tools gives users a way to easily encrypt their email beyond what Google already offers with Gmail so as to keep communications as secure and private as possible. The plugin itself runs independently of Gmail’s web interface and acts as an interface for reading and writing encrypted email.

“When launched, the app shows just the encrypted mail in the user’s Gmail account,” a description on Github reads. “Any email sent from the app is also automatically signed and encrypted.”

The overall goal of the project is to improve data confidentiality for occasional small, sensitive messages, meaning that a mail provider, even Google with Gmail, is unable to extract the message content. Google made the code for E2Email publicly available in 2016, but with the new announcement it has moved the project from being a Google-based one to a “fully community-driven open source project.”

“E2EMail is built on a proven, open source Javascript crypto library developed at Google,” the security and privacy engineering team at Google said in blog post. “It’s now a fully community-driven open source project, to which passionate security engineers from across the industry have already contributed.”

The code, however, is not perfect at this stage. Security Week noted that the Chrome extension is still not ready for general use. Others are suggesting that the decision to open-source the code, despite the spin, may actually be Google’s way of saying that it has abandoned the project. Regardless of the motives, the cause of data protection is still worthwhile.

Image: Pixabay