Mailvelope

Installation

Google Chrome

Click on the icon below to get transferred to the Chrome Web Store. Choose + Add to Chrome to install Mailvelope as an extension of your browser.

After installation a locker icon is displayed in the main Google Chrome toolbar, right of the address bar, which leads to Mailvelope's main menu.

Firefox

Find the latest testing packages for Firefox in the releases section on GitHub. Official release planned for Firefox 27.

Basics

Public-key Cryptography

OpenPGP and therefore Mailvelope uses public-key cryptography which means a key is split up in two parts: public and private key with different purposes:

|| public key: used to encrypt a message. Can and should be available to everybody
|| private key: used to decrypt a message. Needs to be stored securely. Access is restricted by password.

This concept is explained on the page "How Gpg4win works" in an illustrative way. Gpg4win is another application based on OpenPGP and the shown principles also apply to Mailvelope.

Key Exchange

Before one can send encrypted emails to a peer it is required to have the public key of this person. Therefore before a secure communication can happen between two partners it is required to exchange the public keys of each other. There are multiple ways how the public key can be distributed:

|| Send by email to specific correspondence partners. See section Key Export how this can be done with Mailvelope
|| Publish the key on a website for access to everybody.
|| Upload a key to a keyserver


Message Formats

Public and private keys, as well as encrypted messages in OpenPGP are encoded in a certain text format that allows to exchange these entities or store them in text files.

For example a public key would look like as follows:

We see encoded data surrounded by rows that mark the beginning and end of this key.


Key Handling

Click on Mailvelope's locker icon in the browser extension toolbar to open the main menu. Choose Options to navigate to the key ring with all your keys:

Key Generation

To use Mailvelope at least one key pair (consisting of public and private key) must be available. 
We can either generate a new key pair as explained in this section, or import an existing key pair as described below.

Click on Generate Key to open the key generation dialog:

Fill in all required information. 
After Submit the key generation process will start and the result can be viewed by navigating back to the key list with Display Keys

Key Generation
 
Existing keys can be imported in the Import Key dialog:

Paste any keys in text format as shown above in the section Message Formats into the textarea. 

Again, check Display Keys after successful import to view the result.

Key Export
 
Key export functionality is used to extract keys in a text format. 
We can use this as the basis to publish public keys or to make a backup of a public-private-keypair in a secure place.

Key export is available in the Display Keys view. 
Select a key and press Export to view the dialog:

The following options are available:

| Display public key. 
A popup appears with the public key. 
Copy to Clipboard and Create file are possible options.
| Send public key my mail. 
This will try to open your mail application and insert the public key as text into a new email. 
Limitations: will only work if the public key does not exceed a certain length.
| Display private key. 
Same options as with public key.
| Display key pair. 
Same as before. Key pair is displayed in two separate key blocks. Preferred method to make a backup of complete key pair.


Messages

Mailvelope extends the user interface of Webmail (e.g. Gmail™, Yahoo® Mail etc.) with controls that allow encryption and decryption of email.

Message Encryption

Encryption in external editor

Starting with Mailvelope v0.6 the default procedure is to compose and encrypt messages in an external editor.

The compose button is displayed in all mail compose areas of the mail provider and will launch Mailvelope's external editor.

Click on the compose button will open a new popup with a separate editor. This ensures that the mail creation and encryption process is completely isolated from the mail provider.

The mail can now be composed and afterwards we click on the encrypt button to display the encrypt dialog. 
Here we can choose the recipients resp. the person that should be allowed to decrypt the message and Add them to the list. 
The precondition is that we have imported already their public keys as described in Key Import.

The following text encodings are possible:
 
| HTML (default if available): messages are extracted from the compose area in HTML. This allows to preserve the rich text format of the email. Safe to use if the correspondence partner uses also Mailvelope or any other OpenPGP application that supports HTML.
| Text. Message is encrypted in text format.

Multiple recipients can be added to the Encrypt for section. All persons listed here will be able to decrypt the message. It can be useful to add here also yourself as it is then possible to decrypt and read the messages in your Send folder.

Mailvelope tries to identify the recipient's email address. It will be preselected once the decrypt dialog opens.

Click on OK to encrypt the email. The email text will be replaced with the encrypted message.  

The undo button will revert the content back to the unencrypted text and you can restart the process.

The final step is to copy the encrypted message back to the mail provider. A click on Transfer will do this and close the external editor.

Now the encrypted message can be sent as usual.

Warning: don't use mail provider while the external editor is open. For a successful transfer of the encrypted message back to the mail provider window, it is essential that you do not navigate away from the mail compose view of your mail provider.  

Encryption in mail provider editor

Mailvelope offers also a second mode where messages are encrypted directly on the mail provider page. See section Security on how this mode can be activated and what are the implications on the security level of Mailvelope.

Message decryption

Whenever Mailvelope detects an encrypted text in an email it marks it with an overlay as follows:

If we click with the mouse inside this area the password dialog opens:

Mailvelope tries to find the private key that is required to decrypt the message. And if the correct key is found in the key ring then corresponding User and Key ID are displayed.

After unlocking the key with the password the message is decrypted and directly shown in the marked area.

Watch List

Mailvelope comes preconfigured to work with the following email services:

• Gmail™
• GMX™
• Outlook.com™
• Yahoo!^®Mail

With its general approach it can be configured to work with any email provider.

This can be done in the Preferences section of the Options view.

The watch list defines a set of web sites are enhanced with the functionality provided by Mailvelope. 

Deactivate Mailvelope for site

By default Mailvelope is active for all sites in the watch list.
To deactivate one site click on Edit in the corresponding row and change the Active value. Confirm with Update.

Add website to Watch List

BLoad the web site you want to add to the watch list in a browser tab (the active tab).
Click on the locker icon in the browser extension toolbar to open the main menu.
Choose Add Page.
The Browser will open a new tab with Mailvelope's Options page and will add the web site to the watch list.
Reload web site to activate Mailvelope.

By choosing Add page Mailvelope analyses the web site's frame structure and add this information to the watch list. As the internal structure of the web site might change in different scenarios it is recommended to follow the following procedure when adding new web sites:
1. Open your Webmail provider and login
2. Navigate to your inbox and open a mail
3. Choose: Add page from Mailvelope's main menu
4. A new tab opens and a new item is added to the watch list
5. Switch back to your Webmail: compose a new mail
6. Again click on locker and choose: Add page
7. Reload the Webmail tab with F5

Advanced: when expanding a row in the watch list we see the frames that will be scanned for encrypted mails and mail compose areas. If we can identify irrelevant frames [e.g. from ads] we can set the Scan value to false and thereby minimizing the scanning effort.

It is also possible to manually add web sites and their frames structure to the watch list. But this is not part of this documentation.


Remove website from Watch list

Load the web site you want to add to the watch list in a browser tab (the active tab).
Click on the locker icon in the browser extension toolbar to open the main menu. Choose Remove page.
The browser will open a new tab with Mailvelope's Options page and after confirmation will remove the web site from the watch list

Alternative directly remove entries in the watch list with Delete button.




























...to be continued