06 09 | 2013

WebPG, a PGP addon for web browsers

Written by Tanguy

Classified in : Homepage, Debian, To remember

WebPG logo, i.e. GnuPG logo with a web over a spider web

One problem with PGP, at least with GnuPG, is that it does not interact with the web. There used to be a Firefox addon for that, called FirePGP, but its development was stopped.

So, good news, a new addon has come to fill the gap it left: WebPG, an addons for Firefox and Chrome. I am using it since a while, and it seems to work fine, being able to encrypt, sign, decrypt and check text blocks. Of course, it cannot handle PGP/MIME unless explicitly adapted to the webmail you use, but there seem to be some experimental support for GMail.


saturday 07 september 2013 à 18:42 Lunar said : #1

FireGPG was discontinued because its other was eventually convinced that it was a very bad idea. There is no way to trust a website to not look at the cleartext before encryption/after decryption if that piece of information is accessible through the DOM.

I strongly suggest you read Tails advisory before advertising it further:

thursday 12 december 2013 à 00:21 Tom Dial said : #2

While encryption and web browsers surely are a bad mix, the attacks mentioned on Lunar's reference appear to operate only during message composition and possibly decryption, and point to flaws in FireGPG implementation that may not be present in WebPG. In addition, they do not expose the plain text more (at worst) than not encrypting at all. More importantly, they do not appear to address any issues with the encrypted output which will be stored in gmail (for example).

The transient risk of capture during encryption or decryption probably is much smaller than the risk that unencrypted mail will be captured either during composition, transfer, storage on a providers servers, or while being read by a recipient.

Write a comment

What is the third letter of the word ppbbuf? :