announced an alpha Google Chrome extension called "End-to-End" for sending and receiving emails securely, in wake of former NSA contractor Edward Snowden’s revelations about the global surveillance conducted by the government law-enforcements.
Finally, the company has announced that it made the source code for its End-to-End Chrome extension open source via GitHub.
Google is developing a user-friendly tool for individuals to implement the tough encryption standard known as Pretty Good Privacy (PGP) in an attempt to fully encrypt people’s Gmail messages that can’t even be read by Google itself, nor anyone else other than the users exchanging the emails.
PGP is an open source end-to-end encryption standard for almost 20 years, used to encrypt e-mail over the Internet providing cryptographic privacy and authentication for data communication, which makes it very difficult to break. But implementing PGP is too complicated for most of the people, therefore, the new tool was designed to make encryption easy.
Bringing PGP to the Gmail service will result in a much stronger end-to-end encryption for emails. End-to-End Chrome extension tool is based on OpenPGP and is still in the developing phase, but the company released an update about the progress of its project and moved the code for the project from its own Google Code repository to GitHub, so that researchers can review it.
"We've always believed strongly that End-To-End must be an open source project, and we think that using GitHub will allow us to work together even better with the community," Stephan Somogyi, Security and Privacy Product Manager for Google, wrote in a blog post on Tuesday.
The project includes contributions from Yahoo!’s security team and Alex Stamos, Yahoo's Chief Security Officer, is officially working on End-to-End. In August during the Black Hat USA conference in Las Vegas, Stamos announced that he would participate in the project.
End-to-End extension for Chrome is still in alpha but once it become more stable, the search engine giant will release it on the Chrome Web Store.
"We aren't yet making End-To-End available in the Chrome Web Store," Somogyi added. "We don't feel it’s as usable as it needs to be. Indeed, those looking through the source code will see references to our key server, and it should come as no surprise that we're working on one."
Previously, when Google released the code for the new Chrome extension on Google Code repository and asked community to test and evaluate it, the company offered financial rewards of tens of thousands of dollars to find any security bugs under its Vulnerability Reward Program. The company thanked those who submitted bugs against the first alpha release and rewarded bounty for two vulnerabilities reported.
According to Somogyi, foremost challenge for engineers for now is to develop an adequate system to handle key management and distribution process.
"Key distribution and management is one of the hardest usability problems with cryptography-related products, and we won’t release End-To-End in non-alpha form until we have a solution we're content with," Somogyi said.
The web giant believes that this End-to-End extension for Chrome will make end-to-end PGP encryption quicker and easier for people, so that they'll get an extra layer of security while communicating via emails. The extension could be released as "alpha" sometime next year.