Google introduced E2EMail system as a Chrome app to help people easily exchange private email. Google aimed at crafting an encrypted email solution that wasn’t complex.
Now, Google has open sourced the code for this experimental encryption system and its code is available on GitHub.
This is an experimental version of a simple Chrome application – a Gmail client that exchanges OpenPGP mail. At this stage, we recommend you use it only for testing and UI feedback.
E2EMail is a simple way for non-technical users to exchange private text mail over Gmail, but is not a fully-featured email or OpenPGP client.
It is a Chrome app that runs independent of the normal Gmail web interface. It behaves as a sandbox where you can only read or write encrypted email, but is otherwise similar to any other communication app.
When launched, the app shows just the encrypted mail in the user’s Gmail account. Any email sent from the app is also automatically signed and encrypted.
With the help of Chrome Extension for E2EMail, the users can integrate OpenPGP into Gmail. This process carefully preserves all the cleartext of the message body exclusively on the client.
E2EMail is being developed to provide an easy and intuitive way for non-technical users to exchange confidential email.
The goal is to improve data confidentiality for occasional small, sensitive messages. This way even the mail provider, Google in the case of Gmail, is unable to extract the message content.
However, it does not protect against attacks on the local device, and, as usual with PGP, the identities of the correspondents and the subject line of the mail is not protected.
The initial version only supports ordinary text email, and focuses on new users who all use E2EMail to read PGP/MIME mail.
The GitHub page of E2EMail calls it independent of the normal Gmail web interface, which behaves like a sandbox that can only read/write encrypted email. When one launches the app, it only shows the encrypted email in one’s Gmail account.
It should be noted that in its initial version, E2EMail hosts its own keyserver. In future, for better security, Google hopes that it’ll use Google’s evolving Key Transparency method for looking up the keys.
Talking about the limitations, E2EMail only supports text-based email messages, and there’s no email formatting and file attachments. In future releases, the development team hopes to encrypt email headers for better anonymity.