Back in june this year, Google announced an alpha Google Chrome extension called End-to-End for sending and receiving emails securely, in wake of former NSA contractor Edward Snowden’s revelations about the global surveillance conducted by the government law-enforcements. Finally, the company has announced that it made the source code for its End-to-End Chrome extension open source via GitHub. Google is developing a user-friendly tool for individuals to implement the tough encryption standard known asPretty Good Privacy (PGP) in an attempt to fully encrypt people’s Gmail messages that can’t even be read by Google itself, nor anyone else other than the users exchanging the emails.
PGP is an open source end-to-end encryption standard for almost 20 years, used to encrypt e-mail over the Internet providing cryptographic privacy and authentication for data communication, which makes it very difficult to break. But implementing PGP is too complicated for most of the people, therefore, the new tool was designed to make encryption easy. Bringing PGP to the Gmail service will result in a much stronger end-to-end encryption for emails. End-to-End Chrome extension tool is based on Open PGP and is still in the developing phase, but the company released an update about the progress of its project and moved the code for the project from its own Google Code repository to GitHub, so that researchers can review it.
The project includes contributions from Yahoo!’s security team and Alex Stamos, Yahoo’s Chief Security Officer, is officially working on End-to-End. In August during the Black Hat USA conference in Las Vegas, Stamos announced that he would participate in the project. End-to-End extension for Chrome is still in alpha but once it become more stable, the search engine giant will release it on the Chrome Web Store.
Previously, when Google released the code for the new Chrome extension on Google Code repository and asked community to test and evaluate it, the company offered financial rewards of tens of thousands of dollars to find any security bugs under its Vulnerability Reward Program. The company thanked those who submitted bugs against the first alpha release and rewarded bounty for two vulnerabilities reported. According to Somogyi, foremost challenge for engineers for now is to develop an adequate system to handle key management and distribution process.
The web giant believes that this End-to-End extension for Chrome will make end-to-end PGP encryption quicker and easier for people, so that they’ll get an extra layer of security while communicating via emails. The extension could be released as “alpha” sometime next year.