More than half a year ago, Google announced that it was working on an email encryption Chrome plugin that would make it very easy for anybody to encrypt their emails. Now, it looks like this tool is getting a bit closer to launch.
While it’s not ready for a wider release yet, Google this week moved its so-called “End-to-End” tool to GitHub to encourage a wider range of developers to take a look at it and make sure it’s secure. It also released a few more details on how it expects the service to work.
Email encryption has always been a hassle to use. That’s not so much because public-key cryptography is all that complex (though the concept behind it is a bit unintuitive at first), but mostly because nobody ever really figured out how to make it easy for mainstream users. Mailvelope is one of the easier Chrome plugins to use to encrypt email right now and that still assumes at least some basic understanding of the concepts behind it.
While End-to-End is still a work in progress, Google has now also shared some if its plans for how it will approach some of the more complex issues behind making its encryption service easy to use. Google will host its own key server, for example. Most other OpenPGP-based systems rely on a web of trust to ensure that a public key really belongs to its owner. “This requires a significant amount of work by the user, and is a hard concept to grasp for average users,” Google’s End-to-End team writes in its documentation.
With its key server, Google is taking a more centralized approach. Users’ public keys will be automatically registered with the server and the directory will publish the key. When somebody then wants to send an encrypted email to another End-to-End user, the system will check the key directory for the right key and encrypt it. You can read more about the exact details for how this is going to work here, but the main point is that this should take away at least one layer of complexity.
It looks like the plugin will also offer other web applications access to its encryption services. That’s great to see, because a service that only supports Gmail isn’t quite as interesting as one that also supports other web-based messaging systems (including, for example, instant messaging). Yahoo already started contributing to the project, so there is a chance we will see some support from other major vendors as well.
Google says it won’t release an open alpha of End-to-End until it has fully solved all the usability problems around key distribution, but it looks like the team is expecting a launch sometime next year.