This demonstration will use the Chrome Extension and Gmail, although Mailvelope is designed to work with all major webmail providers.
- Go to Mailvelope Chrome Extension
- Click on “Add to Chrome” to add the extension to Chrome.
- Once the extension is installed you will find the screen below:
- To generate a key, open the Mailvelope extension and go to the "Generate Key" tab as shown below.
- Fill out the necessary information and hit "Generate". For maximum privacy, it is a good idea to click on the advanced button and enable 4096-bit key lengths instead of 1024 or 2048. Make sure that you assign a very strong password to your keys, they are your final line of protection. After you hit Generate, it will take some time to generate the keys. Click the checkbox to upload your Public key to the Mailvelope server if you wish to. Uploading the public key to either the Mailvelope server or MIT PGP Key Server helps people to send PGP email messages to you using your public key. One can search for public keys using the search option on MIT PGP Key Server.
- Now you have generated a key pair, you have a public key and a private key in your keyring. You can see your keypair in the "Display Keys" tab as shown below.
As said before, in PGP encryption there is a public key, and a private key. In order for someone to be able to send you secure messages, they have to have your public key. In order for you to send others secure messages, you have to have to have their public key.
To find out what your public key is, you can use the "export" drop-down menu in the "display keys" tab. You will have to enter your password to get to your keys.
Saving your keys
Save your public key and private key (do not share this with anyone) on your local machine. It is a good idea to back up your private key.
So, what you want to do is import this public key into Mailvelope, so it knows which public key to use when I want to send an email to firstname.lastname@example.org. Below, I have pasted the email@example.com’s public key into the field in the import tab.
- Once you have completed importing your recepient’s public key, you are ready to send secure emails to him/her with no worry of being intercepted or the message being deciphered.
- Let’s send a PGP-encrypted email to firstname.lastname@example.org from my email address email@example.com
Let’s see how Mailvelope works. When you begin to compose a new message in Gmail you will see a small overlay button that looks like a pencil and notepad. You click that button to start writing a secure message offline. You then write your message in the window that pops up.
Once you have entered the recipient’s email address, you click the "encrypt" button at the bottom. This encrypts your email message with the appropriate keys. You'll see the PGP encrypted message in the Gmail window, ready to be sent, like you can see below.
The message cannot be deciphered by anyone, except for those with access to the appropriate private keys. The private keys are never transmitted in this process, and they are securely stored locally by Mailvelope. It does take a couple of attempts to learn this, but this is simpler than older methods of using PGP. Once you are thorough with this, you can encrypt an email very quickly.
Decrypting and reading PGP email with Mailvelope
So now you know how to securely compose a message to send out. You also need to know how to receive messages with Mailvelope. This is easy too!
When you receive an email that is PGP encrypted in your webmail service of choice, Mailvelope should detect it as a PGP encrypted message automatically. Mailvelope then allows you decrypt the message using your keys. You'll see the Mailvelope overlay window pop up automatically with the "secure mail" icon as you see below.
If you wish to read your PGP encrypted message, you have to click on icon and fill out the password. (remember? the password you set up in Step 5)
After you decrypt your message it will be perfectly readable, as shown below.
It is important to know that Mailvelope is decrypting all messages locally. This means that your decrypted messages are never exposed to Gmail or any other provider. If you click the small "x" in the upper right corner of the overlay window (next to the lock) when you are finished reading your message, you can see the original, fully encrypted email as you can see below.
So, that’s it. Very high security PGP encrypted email via an easy to use interface. After using Mailvelope a few times I am used to the process and can encrypt and decrypt messages in a few seconds.