Gmail S/MIME

Gmail S/MIME provides Firefox users with S/MIME support for Gmail. S/MIME support is integrated directly into Google's Gmail web interface. Reading and sending of encrypted mail is supported. Signing of messages is supported as of version 0.2.0. Verification of signatures is not supported in the current version. Version 0.2.0 onwards has also addressed several interoperability problems with good support for most major mail clients.

As of version 0.2.0, Gmail S/MIME is developed by Richard Jones and Sean Leonard. This web page is maintained by Richard, so any mistakes are Richard's alone.

News

Saturday August 1st 2009

Version 0.4.2 has been released. Version 0.4.2 is a minor update to existing functionality and provides improved compatibility with the latest version of Gmail. Gmail S/MIME still works on Firefox 1.5 through 3.5. Again, this release is all Sean's work.

Sunday April 12th 2009

Version 0.4.0 has been released. This is a significant update, which has many changes to address compatibility issues with the latest Gmail UI. Several bugs in attachment processing were also fixed, including determining the right type in the Save As dialog box and disabling the advanced attachment upload option automatically (which is incompatible with Gmail S/MIME, and unsafe since advanced attachment uploading uses Flash). Other minor bug fixes were also made. This release is all Sean's work, so all Kudos to him!

Friday October 3rd 2008

Version 0.3.6 has been released and fixes a new UI problem where the native gmail send was not disabled, updating to this release is strongly advised. Fixes were also made for progress message display and autosave disabling.

Sunday July 27th 2008

Version 0.3.5 has been released and fixes several bugs still lingering in the last release.

Friday July 4th 2008

Version 0.3.4 released one day after 0.3.3, those google folks certainly have a sense of humour. This version adapts to another google UI change.

Thursday July 3rd 2008

Version 0.3.3 has been released, this release fixes a major problem triggered by a small UI change made by Google recently. This release also incorporates Firefox 3 support from the 0.3.2 release, which was only made on the firefox addons site.

Sunday February 24th 2008

Sean has released version 0.3.1. This release fixes problems caused by a recent Gmail UI change.

Thursday November 15th 2007

version 0.3.0 has been released. This is a major release which addresses compatibility with Gmail's new interface as well adding many new features and bug fixes. Again, Sean is to thank for most of the improvements. The highlights include:

• Support for the newer version of Gmail.
• Considerably better support for attachments.
• Support for viewing encrypted sent email by storing a self-encrypted copy of outgoing messages.
• Better multilanguage (Unicode) parsing.
• More convenient (but still potentially unsafe) viewing of HTML emails.
• Improved extension options dialog.
• Code cleanup and numerous bug fixes

There are many more visible and non-visible changes. For complete details, please see the CHANGELOG.txt file inside the .xpi.

Tuesday July 31st 2007

version 0.2.4 released. Changes (mostly from Sean) include:

• Disabling of auto-save to avoid disclosure of plain text via saved drafts. Temorary measure until encrypted drafts can be supported.
• Support for encrypted and signed attachments.
• Fix to allow sending of very large emails.
• Many other bug fixes and improvements (my bugs, Sean's fixes and improvements :-) ).

Wednesday May 30th 2007

Thanks to Sean, the extension has been updated to version 0.2.1.

Version 0.2.1 solves some minor UI glitches with 0.2.0, and adds additional features. For example, the toolbar and Sending status text appear better than in 0.2.0. Users can specify if they want certain types of messages signed automatically. Internal changes prevent a Firefox certificate handling error message from popping up when importing certificates, and more detailed signing information is presented to the user.

Monday May 21st 2007

Updated to version 0.2.0.

Thanks to Sean Leonard, many new and useful features have been added to this release. The highlights include:

• Sending of true S/MIME-compliant messages, tested with a variety of popular mail clients.
• Message signing as well as encryption.
• International support: Sending and receiving messages with Unicode characters.
• Better synchronization with Gmail user interface (including no longer requiring the GMAILSMIMEIGNORE empty message hack).
• New options dialog box.
• Several bug fixes from previous versions.

You may view the full list of changes in CHANGELOG.txt.

Sunday April 22nd 2007

Recent versions of Firefox 2.x have fixed the certificate import bug mentioned in the previous news item.

Friday January 26th 2007

There is currently a bug in Firefox 2.x which prevents the import of email certificates. This greatly impacts the utility of this extension. The bug has been fixed but it is unclear when the fix will hit a Firefox release. Firefox 2.x will continue to work with certificates you have already imported. if you rely on the extension, you can still get full functionaility from Firefox 1.5.

Sunday October 1st 2006

Updated to version 0.1.10 to allow installation on Firefox 2.0.

Sunday March 19th 2006

The merry pranksters at Google have changed back from sp_compose to spck_compose. This requires the version 0.1.9 release to re-enable encrypted sending. This version will work with BOTH element id forms in case Google feels whimsical again tomorrow. Hey, maybe they'll choose a third form tomorrow which will keep the version numbers in step with the day-of-month :-).

Saturday March 18th 2006

Version 0.1.8 released in order to fix broken mail sending. For those who are interested, Google changed the identifier of an element from "spck_compose" to "sp_compose" which confused the sending code. Apologies to those inconvenienced.

Monday January 30th 2006

Version 0.1.7 has been released. Firefox 1.5 is now supported (1.0.x is not). Please ignore the ugly hack that requires an empty email be sent to yourself for each encrypted email sent. I've used a static subject for these emails so that you can filter them if desired. For Linux users, please note that there is a double memory free bug triggered by the extension. Some distributions have libc set to abort an application when this condition is found. If this is the case for your distribution you may need to add an: export MALLOC_CHECK_=1 to your Firefox launch script.

Wednesday July 27th 2005

It seems I only half fixed the problems arising from the changes to the Gmail domain name. This release fixes issues with sending encrpyted messages (due to a change in the form URL by Google, the previous release sent the [still encrypted] messages into a black hole). This requires an update which has been released as version 0.1.3.

Saturday June 25th 2005

Google has changed the gmail domain from gmail.google.com to mail.google.com. This requires an update which has been released as version 0.1.2.

Saturday April 23rd 2005

Released version 0.1.1 - Fixed a bug in the about dialog. Will require an uninstall of previous version before proceeding with the upgrade.

Sunday April 17th 2005

Released version 0.1 - AKA 'Bugs Bunny'.

Screenshots

The following screenshot shows the new Lock icon indicating the encryption status in the Gmail compose email screen.

Installing Gmail S/MIME

• Download the latest release of Firefox. Gmail S/MIME has been verified to work with Firefox 1.5.x , 2.0.x, 3.0.x and 3.5.x.
• Install the Gmail S/MIME extension. Restart your browser after installation.
• Obtain an S/MIME email certificate and install it into the Firefox certificate database.

Using Gmail S/MIME

• Once you have installed the Gmail S/MIME extension and your email certificate, using Gmail to send and read email is straightforward. Gmail S/MIME adds a lock icon to the Gmail compose and reply screens. Initially this lock will be shown unlocked. After you enter the recipient's email address, the lock will change to the locked state if there is an entry for that user in the Firefox certificate database. Gmail S/MIME does not currently support multiple recipients, so the lock will remain unlocked if there is more than one recipient entered. If you wish to send unencrypted email to a user for whom you have a certificate, you can click on the lock to toggle the encrypted state.

  Emails can be signed by clicking on the sign icon (to the left of the lock icon). You will be prompted for the password manager password in order to access your private key for signing your email.

  When you click the Send button, the body of the email and any attachments are placed in an S/MIME attachment and encrypted with the recipient's public key. This encrypted attachment is then sent to Google for delivery.

  Drafts are currently stored unencrypted, so you should avoid using this feature whilst sending secure email. Auto-saving of drafts is disabled by default so explicit "Save Now" actions are required to save insecure drafts.

• Receiving encrypted email is automatic. When you view a Gmail message which has an S/MIME attachment it will be decrypted and displayed in the Gmail message content window. Only plain text content is displayed by default, HTML mail may be viewed on a case-by-case basis or by turning on the "Authmatically view HTML" option in the extensions preference dialog. Note that HTML emails may contain unsafe active content that the current extension does not attempt to filter before display. Image attachments are also displayed inline where appropriate. As of version 0.3.0 other encrypted attachments can also be viewed/downloaded.

Interoperability Issues

Due to improvements made in version 0.2.0, Gmail S/Mime should work on a wide range of mail clients. Please let us know if you find interoperability problems with any mail clients.

Implementation Overview

Gmail S/MIME is implemented as a Firefox extension using Javascript and XPCOM. It *should* work on all platforms Firefox supports. The extension operates by capturing important browser events and injecting content into the existing Gmail interface.

After loading, the extension waits for the browser to load a page under a Gmail controlled domain. It then traps page loads, attempting to find either compose/reply forms or message displays. If compose or reply forms are found, the extension captures defocussing events from the recipient fields. Exiting the recipient fields triggers the message lock evaluation. The compose/reply form submit function is also intercepted. This allows the GMail S/MIME extension to capture the form details such as recipient, message body etc. and pass them on to the code responsible for packaging the attachment.

Prior to version 0.2.0 sending was done via the form submit path usually used in the gmail interface. However to avoid several ugly hacks, the extension now uses arbitrary SMTP servers for sending encrpyted mail. The default is to use the server provided by Google for POP users not directly using the Gmail UI.

A Javascript/XPCOM multipart form encoder object has been implemented which deals with building and sending arbitrary binary data. This object is used to create the hand-crafted S/MIME encrypted and/or signed message. Message encryption is done using the nsICMSSecureMessage interface.

The display of secure attachments is triggered when the Gmail S/MIME extension finds a .p7m file attachment. The attachment is decrypted (again using nsICMSSecureMessage) and unwrapped into its parts. The code uses its own multipart decoder as the XPCOM decoder didn't appear to work (probably due to Richard's ignorance). Parts with content types handled by the extension are displayed by inserting the content into the Gmail message display. 'image/*' types are also displayed inline if appropriate. Other attached data is displayed for download. Signatures are not verified, but any previously unknown public keys found in the signature are added to the Firefox certificate database.

Gmail S/MIME is available for use on Gmail under the conditions of the GPL.

Security Issues

• You still need to trust Google. If Google wanted to, they could change their Javascript to submit your plaintext message via another channel. Google take their 'do no evil' philosophy fairly seriously, so I don't think this is a major risk. This is also no different than trusting any other S/MIME-aware mail application.
• You need to trust the authors. This one is much riskier :-), so if you are paranoid, view the source Luke. Still, It's possible that future Gmail changes may lead the extension to inadvertantly send your plaintext email whilst the lock icon is indicating that the email is secure. This is not Google's fault, this is our fault. We've tried to avoid sending information accidentally in the case where Google changes its form fields and Sean Leonard has made further changes to decreases the chances of this happening. Just be aware that changes to Gmail's interface might interact with our extension in unpredictable ways.
• It's worth repeating that drafts are not stored securely. This will be addressed in a future release.

Other Comments

• How will Google feel about Gmail S/MIME? Google appears to be focussed on providing the best webmail service possible. Where this clashes with their ability to target users with advertising, they have chosen usability over advertising revenue (POP access, email forwarding). Hopefully Google tolerates Gmail S/MIME in the same even-handed way it has approached the vast majority of third-party tools - benevolent indifference.
• Firefox provides a great platform for developing code like this. There were, however, a number of issues that arose during development (some of which have been fixed since initial development).
• So, you've been using Gmail S/MIME to communicate your plans for the revolution. Shortly afterwards you are accosted by representatives of a Three Letter Agency, your plaintext emails in hand. Fortunately, not our problem. Neither Richard Jones nor Sean Leonard take any responsibility for any loss (especially of liberty) incurred during the use of Gmail S/MIME.
• On a related note, Google does not endorse, maintain or support Gmail S/MIME.

Acknowledgements

• The entire Mozilla development team - particularly the people on #developers.
• Jamie Curmi, who helped out with testing Gmail S/MIME interoperability with Mail.app on Mac OS X.