14 DAY TRIAL // Apart from the fact that it is a heck of a browser, Firefox has gained a reputation due to its flexibility given by the support for add-ons and extensions. With the default settings it may not look much, but add some accessories and it'll feel like a different browser. No matter what you want it to be equipped with, it can be done: mouse gestures, torrent download, RSS, selective domains JavaScript to be run from, embedded FTP, webcam viewers, you name it, it's all there.
Many of the extensions are not working properly, but you will soon find out that the list offers replacements for them. Do I have to say about the themes that can be added? You can practically make Firefox look like IE or give it a clean Mac interface in just seconds.
However, out of the avalanche of add-ons compatible with Firefox, I just found one that deals with the security of your online messages. FireGPG is another way to bring an interface to GPG encryption/decryption engine. Being web browser add-on FireGPG it is restricted to the tasks centered on text.
And if you combine it with a GMail account then all your emails can be crypted and transmitted over the web in just a few clicks. Suffice to select the text you want to encrypt and choose one of the options provided by FireGPG.
As mentioned above, FireGPG's capabilities are limited to a front end to the real thing. That is why you will have to install GPG4Win first for the Firefox extension to do its job properly. If more details are needed regarding the GPG encryption system, take a peek in here and learn how you can create your public keys and handle them the easy way. If you want a direct link to the application try this.
After all the settings have been made in GPA (GPG Privacy Assistant) and your personal public key has been created, you can proceed to doing your bidding with FireGPG. The application integrates perfectly with Mozilla Firefox and can be found under the tools menu as well as in web browser's context menu.
Working with the application is fairly easy once all the settings have been done and it allows you to simply select the text and choose one of the available alternatives: sign it with the public key, verify the signature in case the text is a received encrypted message, crypt it the GPG way, decrypt it or open it in the built in editor. Import and Export options are reserved for the public keys you may come across the Internet or those received with the encrypted messages.
By using these two functions of the application you no longer have to launch GPA or WinPT and handle the keys. They are immediately imported by simply selecting the text in the browser and selecting Import option. Export is to be used whenever there is the need of backing up your key.
The configuration panel of the application is composed of three tabs. General section deals with generic settings like enabling the display of a result or signature in a separate dialog, asking for saving the password, set the default private key or choosing to encrypt to yourself, with no purpose of sending the message to someone else.
GMail tab comprises options that let you choose what buttons to be shown in the FireGPG menu. You can also enable the support for GMail. Support for Google's mail service is defined by the fact that the message window acts as a GPG editor itself, thus eliminating the need of employing FireGPG's editor or even a third party application like Notepad or Wordpad. This type of support is not extended to other free email services so in the case of Yahoo! Mail you will have to encrypt the text in FireGPG's editor or use the Clipboard (after encrypting a selected text in a webpage it is automatically displayed in the built in editor and can then be copied and pasted in a text editor of your choice).
GPGAuthentication tab could save you some time when receiving encrypted messages from certain servers. Here you can enable automatic decryption of the messages received from a defined server address. Here's the explanation of the developer on the server authentication works:
"1. The user generates an encrypted token of random data (encrypted to the service's Public Key), and stores the unencrypted version locally. 2. That encrypted token is sent to the server with the username of the associated account. 3. The server checks to see if the username exists, if it does, it retrieves the Fingerprint of the associated Public Key. 4. The server checks to see if the Public Key has been revoked. 5. The server generates an encrypted token of random data (encrypted to the users Public Key), and stores the unencrypted version locally. 6. The server sends the unencrypted user token, and the encrypted server token to the user. 7. At this point the user receives the decrypted token back, and checks to make sure it matches the originally encrypted data. 8. If the client is satisfied the server has authenticated, it decrypts the encrypted server token received and sends it to the server. 9. The server compares the un-ecrypted text sent from the client to make sure it matches. If the server is satisfied, the authentication is completed."
The method is extremely valuable if you do not want to be the victim of website spoofing. The above mentioned steps stand for service verification and user verification thus enforcing protection against weak authentication, theft or keyloggers.
The Good
The application integrates perfectly in Firefox and the GMail support is one of its main advantages. The editor allows you to review and modify the text before the encryption.
It is easy to use and all you need is select the text in the webpage, crypt it from the context menu and choose a key to code it with.
The Bad
I experienced one pretty big problem when using the extension. After deleting all the keys and creating a new one, FireGPG displayed an error message because of a previously deleted key. The resulting effect was the inability to use the application, despite the numerous uninstalls. In my case re-installing Mozilla Firefox solved the problem.
The Truth
During our testing the app worked like a charm until the aforementioned issue occurred. However, the problem is not that big considering that FireGPG still needs GPG4Win to function. And in case this happens you can always employ the original software to continue with your bidding.
