Engineers at Google for several years have been doing battle against the perception that end-to-end email encryption necessarily must be complex and hard to use. They've been cooking up a project called E2EMail that's designed to offer a simpler alternative to PGP for Gmail through a Chrome Extension, and now they're taking the project to the open-source community.
Google's internal security team at the firm released the extension over a year ago, and hope that going open source will advance the project and easy-to-use email encryption.
According to the engineers, Google initiated the project because PGP in command-line form "clumsily interoperates with Gmail" and is "too hard to use."
E2Email integrates OpenPGP in a simpler-to-use extension that keeps cleartext of the message exclusively on the client. This announcement follows close on the heels of another made last month about another open source initiative called Key Transparency, which Google believes fits hand-in-glove with E2Email.
The Google security team kicked off the Key Transparency project to tackle the challenges of discovery and distribution in OpenPGP implementations. The goal is to create an open-source and transparent directory of public keys with an ecosystem of mutually auditing directories.
"We’ve spent a lot of time working through the intricacies of making encrypted apps easy to use and in the process, realized that a generic, secure way to discover a recipient's public keys for addressing messages correctly is important," wrote Ryan Hurst and Gary Belven of Google's security and privacy team last month. "Not only would such a thing be beneficial across many applications, but nothing like this exists as a generic technology."
They explain that the manual verification required by the PGP web-of-trust model has proven over the last 20 years to be too difficult to gain widespread use. They believe that the relationships between online personas and public keys need to be automatically verifiable and publicly auditable, and that's what the Key Transparency project intends to strive for.
When it comes to email encryption, the Google security team believes that Key Transparency is "crucial" to E2Email's evolution and that's where it hopes to lead the open source efforts in the near future. Google's encouraging community participation by directing interested contributors to the E2Email repository on GitHub.