Open Bug 357310 Opened 16 years ago Updated 8 years ago
PGP/GPG encryption and signing support for Firefox
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; sl; rv:184.108.40.206) Gecko/20060909 Firefox/220.127.116.11 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; sl; rv:18.104.22.168) Gecko/20060909 Firefox/22.214.171.124 Sorry for reporting this thing here, because this is more like feature request. I was reading this blog: http://www.links.org/?p=130 and comments, and got an idea how to enable better security for users using web mail. My idea is to build GPG into Firefox or at least integrate it. GPG keyring (user's private and public key) should be an object similar to certificate. User will be able to create/import it into Firefox, export it or delete it. Keyring could be secured with password (with FireFox security device), and additionaly with passphrase. Public keys could be easily retrieved from public key servers. How decryption will work? If FireFox will detect PGP/GPG code (in a form), it will enable decryption. When decrypted, it will be "grabbed", decrypted and shown in plaintext. Similar to Enigmail extension for Thunderbird. And since there is a portable Firefox for Windows (http://portableapps.com/), user will be able to use strong encryption from his/her USB drive. Sorry again for posting this here, I was unable to find direct "feature request". Please just think of this idea. It should be developed in more detail, of course. But if it will be implemented, it will bring strong encryption for broad audience of users. And the problem of scurity of the webmail will be solved. Reproducible: Always
see bug 56052 / bug 22687 for GPG / PGP support, but that's for normal mail. Why isn't TLS (or SSL) support enough to protect pages with webmail. Are you trying to use locally stored certificates, to ensure that only *your* browser is able to decode those messages? Why can't this be done by the webserver, and then sent to you inside TLS/SSL so that nobody can intercept it ? Are you not trusting the webmail host ?
That is exactly the problem. SSL protect you ONLY against eavesdropping between webmail server and your browser. But corrupted sysadmin of webbrowser can read your e-mail. Another problem is also that totalitarian government can seize webmail server (even with subpoena). For security end-to-end encryption is essential. And - GPG/PGP enables digital signatures also.
Confirming because this is a legit enhancement request, and taking the liberty of updating the summary because you want PGP specifically not "public key" encryption in general (SSL and S/MIME are both public key mechanisms, and both already supported in Mozilla code). This would get a lot more traction written as an extension first, especially since the main GPG library I know (GnuPG) is GPL'd an incompatible with the MPL license on the rest of Firefox. The OpenPGP:SDK appears to have a suitable license (http://openpgp.nominet.org.uk/cgi-bin/trac.cgi) but I don't know whether it's stable/comlpete or not -- the "roadmap" is empty and there are no tarballs, just a SVN repository.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: Public key encryption support for Firefox → PGP/GPG encryption and signing support for Firefox
FireGPG (http://firegpg.tuxfamily.org/) is a GnuPG add-on for Firefox, aiming at what is requested here.
You need to log in before you can comment on or make changes to this bug.