Basic Internet Security

Webmail and PGP

The current browsers on the market unfortunately do not come bundled with PGP support. When you are using PGP to send e-mail, your encrypted e-mail messages cannot automatically be decyphered by your browser. You will see garbled text instead of messages. Nevertheless there exists a Firefox plugin called FireGPG which does add PGP support to the browser.

In this chapter we will describe how to use FireGPG to be able to combine the use of PGP with webmail. We will use a gmail account as an example. FireGPG has extra uses as well. In fact, using FireGPG you can encrypt just about any plain text communication one the web (like forum post, blog messages etc.) with PGP.

Caveats with using webmail

In general it is best to use a mail program like Thunderbird in stead of using Webmail. Accessing your webmail from an untrusted environment like an Internet café is discouraged, because you cannot guarantee your password or traffic will not be intercepted. Using PGP in that situation may even make matters worse. Your secret key and passphrase, which you carry around on an USB-stick, may be read by a malicious program on the computer. In short, only use FireGPG to access your webmail in an environment you trust.

Installing FireGPG

NOTE: The latest official version of FireGPG supports only Firefox 3.6. During the creation of this manual we also worked on making an updated version of the plugin for Firefox 4.0. It should hopefully become available on the website of the developer soon. If you are keen on using FireGPG now, you will have to stick to Firefox 3.6

Please also note that using gmail with FireGPG is problematic at best. There used to be special support for gmail in FireGPG, but it is no longer up-to-date.

These are the steps necessary to install FireGPG.

1. Go to the website

2. On the upper side of the website, click on Install > Install FireGPG.

3. Download the extension by clicking on

4. Firefox will ask you whether you want to allow to install the extension. Click on Allow.

5. Firefox will ask you whether you want to begin installing the extension. Click on Install now.

5. The installation window should appear like below. Click on Next to begin.

6. You should have GnuPG installed, as has been described in the chapters about Installing PGP. In the next window of the FireGPG installer, it tells us it has found GnuGPG. Click on Next.

7. In the next window FireGPG asks you whether you want to enable special gmail functions. Alas, those functions are broken. Click on 'Enable gmail support' to disable the option. Click Next.

8. In the next window FireGPG asks you for your default secret key to decrypt messages with. If you have more than one e-mail address with PGP, you can select the preferred one. If you select 'Ask for private key' FireGPG will ask you for the key every time you sign a message. In the example below we have selected the single secret PGP key we will use. After you have made a decision, click Next.

9. FireGPG asks you for installation components. The default components are fine. Click on Next.

10. The installation should now be finished. Click on Close.

Working with FireGPG

FireGPG works by selecting blocks of plain text in text boxes and doing actions on the them, like decryption, encryption, signing, etc. You can actually also use FireGPG to do basic key management like importing a public key.

The keyring FireGPG works with is the same one that you use with Thunderbird, so your PGP actions will be compatible and synchronized.

Example of decrypting an e-mail or text

A PGP encrypted message directed to yourself should automatically be detected by FireGPG. You can recognize a decrypted message by the following icon.

Click on 'Decrypt' to display the message.

Example of encrypting an e-mail or text

When you have the public key of the recipient on your keyring, select the piece of text you want to encrypt by mouse, then right-click on it. You will a sub-menu called FirePGP. Select FirePGP > Encrypt. See the example below.

A window will appear. Select the recipient from the list of available public keys. Then press 'Ok.'

You will now see the encrypted message in the mail window. A PGP encrypted message is nothing but a bunch of characters delimited by special lines with dashes. Selecting the entire body of the PGP message, including the lines with BEGIN and END, and then going to the FireGPG menu, will allow you to manually decrypt, or do other actions.