Google has released the source code for End-to-End, a Chrome extension for email encryption promising the first streamlined use of Pretty Good Privacy or PGP in email.
The add-on, still in its alpha stage, is based on OpenPGP open-source encryption standard and is “intended for users who need additional security beyond what we already provide.”
With End-to-End users can generate encryption keys, send encrypted emails and decrypt received mails, and digitally sign their emails as well as verify digital signatures of emails received through their web-based email provider.
“While end-to-end encryption tools like PGP and GnuPG have been around for a long time, they require a great deal of technical know-how and manual effort to use,” Stephan Somogyi, a Google product manager for security and privacy, wrote in a blog post published Tuesday.
“To help make this kind of encryption a bit easier, we’re releasing code for a new Chrome extension that uses OpenPGP, an open standard supported by many existing encryption tools.”
The new tool is yet to make its way to the Chrome Web Store as the company is “just sharing the code today so that the community can test and evaluate it.”
Google wrote on the End-to-End page that “The End-To-End team takes its responsibility to provide solid crypto very seriously, and we don’t want at-risk groups that may not be technically sophisticated — journalists, human-rights workers, et al — to rely on End-To-End until we feel it’s ready. Prematurely making End-To-End available could have very serious real world ramifications.”
Google hasn’t revealed any timeframe for a broad release of End-to-End. However, it has the doors to its Vulnerability Reward Program open for developers to find any security holes in End-to-End, which is likely very difficult as Google said: “We hold ourselves to a higher standard; we started from scratch and created a testable, modern, cryptographic library.”