Google's End-to-End Email Encryption Effort Makes Progress | eWeek

Google’s End-to-End Email Encryption Effort Makes Progress

email encryption
Dec 18, 2014
3 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Google’s efforts to deliver an end-to-end encryption tool for Chrome users are taking shape with help from Yahoo and members of the open-source community.

The company this week released an updated alpha version of its End-to-End Chrome extension to the GitHub code hosting service. The prerelease version contains several contributions from the security team at Yahoo, led by its Chief Security Officer Alex Stamos, Google Product Manager of Security and Privacy Stephan Somogyi said in a blog post.

The End-to-End project wiki too has been updated with new documentation for developers and security researchers interested in contributing or learning more about the project, Somogyi said.

But it will be sometime yet before Google is ready to make End-to-End available in the Chrome Web Store, he added.

“We don’t feel it’s as usable as it needs to be,” he said. “Key distribution and management is one of the hardest usability problems with cryptography-related products, and we won’t release End-To-End in non-alpha form until we have a solution we’re content with.”

New documentation on the project provides some details about Google’s plans to enable the end-to-end encryption using a centralized key server model. The approach is different from and easier to use than the decentralized key distribution and verification models used by other email encryption methods, Google said.

With the centralized key server model, a user wanting to send or receive an encrypted email would first need to register with a Key Directory operated by the user’s email provider. The Key Directory would then assign a public key to the user’s email, which anyone could use to send an encrypted email to that user.

The goal is to eliminate the need for users to know anything about how to use encryption keys while also giving them the assurance that the encryption scheme can be trusted, Google said in its documentation.

“The model of a key server with a transparency backend is based on the premise that a user is willing to trust the security of a centralized service, as long as it is subject to public scrutiny, and that can be easily discovered if it’s compromised,” according to the documentation.

Google announced its plans for End-to-End in June. At that time, the company described the Chrome extension as an easy-to-use tool for those looking to encrypt email messages, digitally sign them or verify signed messages within the browser. The Chrome extension is based on the OpenPGP standard, a nonproprietary email encryption protocol that is used widely in products from multiple vendors.

Unlike encryption tools such as PGP and GnuPG, Google’s End-to-End extension will require little technical know-how or manual effort to use, the company has claimed.

Google has shared the source code for the tool with the open-source community from the outset, and releasing it into GitHub will enable even better collaboration, according to Somogyi. “We’ve always believed strongly that End-To-End must be an open source project, and we think that using GitHub will allow us to work together even better with the community,” he said.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.