Google Using PGP Encryption for Gmail End-to-End Extension in Chrome
Google will roll out end-to-end encryption for Gmail customers based on the PGP standard to make it harder for people to spy on your messages.

Google has launched End-to-End, an email encryption service which will leverage the power of PGP to make it harder for people to monitor your emails.

Google will soon be offering users of its Gmail service the ability to encrypt all their email communications using a Chrome extension that helps you "encrypt, decrypt, digital sign, and verify signed messages within the browser."

The End-to-End extension will use the well-known encryption standard PGP (Pretty Good Privacy) and will specifically use the OpenPGP standard which is widely used by other open source implementations of PGP.

Google has released the source code for the extension today but won't be offering it to Gmail users yet. It says it wants security researchers to test the code first for vulnerabilities, as it wants the feature to work perfectly before it rolls it out publicly.

Launching the source code, Google said: "The End-To-End team takes its responsibility to provide solid crypto very seriously, and we don't want at-risk groups that may not be technically sophisticated–journalists, human-rights workers, et al–to rely on End-To-End until we feel it's ready. Prematurely making End-To-End available could have very serious real world ramifications."

Major step forward

PGP has been around for more than 20 years but as it is not the easiest to implement, it is not widely used. With Google looking to remove the difficultly barrier to using end-to-end encryption this could be a major step forward for email privacy.

The move will be seen as a direct challenge to the US and UK governments who have been shown in the last 12 months in the leaks from Edward Snowden, to be monitoring much of the communications people carry out online.

With this extension in place, the NSA or GCHQ would be unable to see the contents of your email messages as to decrypt them would require a private key which is only stored on local machines.

It means that even if they had access to Google's email serves they would be unable to see the contents of the message.


However PGP encryption does have a number of limitations, including the fact that unless you are using your home computer you will not be able to access encrypted messages, as the private key needed to decrypt them is only stored on your local machine.

Also, emails using End-to-end will not be searchable, though this is an issue with encryption in general rather than just Google's implementation.

While this will be inconvenient for the user, it also raises the question of how Google is going to be able to continue to scan your emails in order to serve you with targeted ads as it does at the moment.

Security expert Eleanor Saitta told Wired she believes End-to-End was a publicity stunt and Google would shelve the project as it had done with many others down the years.