Note: This blog entry has been updated to reflect new information from the WhiteOut.io creators! All good stuff!
We’re just launching Whiteout Mail, an integrated solution for adding end-to-end encryption to your existing email address. Think of it as Thunderbird+Enigmail+GPGTools, all integrated, easy to use, and running in the browser and on your mobile devices. Installed in six minutes or less. Open source and free. So that more people can start encrypting their important messages.Oliver wasn't kidding! I've covered how you can encrypt your email/SMS/Evernote notes using free, open source tools like ParanoiaWorks, as well as file attachments, and/or use Mozilla Thunderbird with ENIGMAil or Mailvelope.
This integrated encrypted email solution makes encryption your email communications fairly easy. It currently works on some popular platforms and more are coming:
As you can see from the image above, iOS, Windows and Firefox OS are not yet supported...and it doesn't seem to work in Firefox browser. Still, if you're a Google Chrome browser user, this will work fine both as an app or in your Google Chrome web browser!
You can use an existing PGP private key, or create a new one. In the future, you will be able to load PGP keys from your computer's clipboard (coming soon in a future release!)!
The problem I ran into using a text file was that my PGP key lacked a "asc" filename extension.
UPDATE: As of 02/03/2015, the ".asc" filename extension requirement has been removed! Yay!However, you can take your text file your PGP private keys and then change the filename extension (e.g. mykeys.asc). Or, once you create a new set of PGP keys, you can export your keypair via Whiteout.io
If you export your keypair--which you'll want to save in a safe place, probably encrypted in a Veracrypt drive or at least protected by ParanoiaWorks SSE encryption tool--you can share the public key with others so they can send you encrypted email:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: OpenPGP.js v0.9.0Comment: Whiteout Mail - https://whiteout.io
-----END PGP PUBLIC KEY BLOCK-----
One of the caveats of this service worth mentioning:
As we are based on the OpenPGP standard we protect your message content but not its metadata and we do not provide anonymity. Sender, recipient, subject and date are transmitted via standard SMTP in the clear. You may want to keep that in mind when deciding if and when to use our app.So, this presents a problem. That's why other solutions like Tutanota.de and ProtonMail.ch are worthwhile alternatives, providing encryption. You can see email below:
|Here's an encrypted email in Gmail...but if you look at it in Whiteout, the message simply appears after you login:|
Some of their features:
- Whiteout Mail can be used with your existing email provider over IMAP. Also, coming soon, with an encrypted mailbox hosted by us, offering seamless integration with the app.
- End-to-end encryption and private/public key management is implemented via the OpenPGP protocol. Our source code is published and open for inspection.
- Your message is encrypted on the client and will never be transmitted or stored in the clear.
One question came to mind:
Is Mailvelope easier to use? Not surprisingly, I was able to import--copy-n-paste or exported keypair file--my Whiteout generated PGP public/private keys into Mailvelope, and decrypt Oliver's encrypted email to me from within Gmail. So, yes, this is quite easy and less trouble. Benefit of Whiteoutio is that I didn't have to consciously worry about it...I just did it by sending a secure email.
One of the questions I had was about key management. Essentially, will Whiteout.io handle key management for users? This may be the biggest draw for folks who are looking for an easy way to handle things, and not mess with keys. With tools like Mailvelope, etc., you have to manage public keys from folks "out there." This can be a real hassle.
It appears from this blog entry, that Whiteout handles getting ahold of people's public keys:
This is why we, as a service provider for encrypted email, believe that one major way we can provide value to users is key management. Not only does Whiteout Mail automate public key discovery when typing in a recipient's email address, we also want to make private key management so easy that it becomes basically invisible to users (unless users explicitly want to dig deeper, of course).
I would love to read more about this. Key management is a big time-saver, especially if it syncs up to some public key server somewhere. I'm still not sure how to add public keys from friends I find online who may haven't synced things up to a key server, but that would be interesting to see/try.
Thanks to Oliver for the heads-up about this exciting new email encryption tool, Whiteout.io!!
View my Flipboard Magazine.
Make Donations via PayPal below:
Everything posted on Miguel Guhlin's blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure