Google Open Sources Code for End-to-End Email Encryption

E2EMail will give users a way to encrypt email messages beyond what is currently available by default with email clients.

email security

Google has released an experimental version of its E2EMail end-to-end encryption technology to the open-source community.

The tool is intended to give users a way to more easily encrypt their email beyond what Google already offers by default with Gmail.

In a blog post, Google engineers KB Sriram, Eduardo Vela Nava and Stephan Somogyi described the E2EMail code as a Chrome extension for integrating OpenPGP into Gmail with little of the complexity that is otherwise involved in doing it.

The goal, according to a Google description on GitHub, is to give email users a way to improve data confidentiality for occasional small messages in a way that makes it impossible even for the email provider to extract message content once it has been encrypted.

E2EMail runs independently of Gmail’s web interface and acts as a sort of sandbox for reading and writing encrypted email. “When launched, the app shows just the encrypted mail in the user’s Gmail account,” Google said in its description on GitHub. “Any email sent from the app is also automatically signed and encrypted.”

E2EMail offers a simple way for nontechnical users to send and receive private messages over Gmail, but it is not a full-featured OpenPGP or email client. It also offers no protection against attacks on the local device, and neither can it be used to conceal user identity or the subject line of the email, according to Google.

The version of E2EMail released on GitHub hosts its own keyserver for distributing encryption keys. The log-term goal is to adapt it to use services like Google’s evolving Key Transparency method for looking up secure keys. “Key discovery and distribution lie at the heart of the usability challenges that OpenPGP implementations have faced,” the Google engineers said in their blog post.

Approaches like Key Transparency will facilitate interoperability of E2EMail and mitigate the risk of the keyserver generating spurious keys.

End-to-end encryption, where the contents of an email are encrypted from the moment it leaves the user’s browser until it is received and decrypted by the intended recipient, has long been considered the best way to protect messaging data from interception and surveillance. Interest in end-to-end encryption has heightened in the last few years following former National Security Agency contractor Edward Snowden’s leaks about the U.S. government’s compelled data disclosure programs.

Some messaging tools like WhatsApp, iMessage and Google’s own Allo offer end-to-end encryption as a default with their applications at least partly in response to concerns stemming from those disclosures.

Google’s own efforts with E2EMail began in June 2014. At the time, the company described it as a Chrome extension for encrypting, decrypting, digitally signing and verifying messages within a browser using OpenPGP.

Since then, Google has been actively tweaking and testing the application with help from members of the open-source community. The company is committed to working with the open-source community to adapt E2Mail with the Key Transparency server when that becomes available, Sriram, Vela Nava and Somogyi said.

Jaikumar Vijayan

Jaikumar Vijayan

Vijayan is an award-winning independent journalist and tech content creation specialist covering data security and privacy, business intelligence, big data and data analytics.