Note: This blog entry has been updated to reflect new information from the WhiteOut.io creators! All good stuff!
Earlier today, I received an email from Oliver at Whiteout:
We’re just launching Whiteout Mail, an integrated solution for adding end-to-end encryption to your existing email address. Think of it as Thunderbird+Enigmail+GPGTools, all integrated, easy to use, and running in the browser and on your mobile devices. Installed in six minutes or less. Open source and free. So that more people can start encrypting their important messages.
Oliver wasn’t kidding! I’ve covered how you can encrypt your email/SMS/Evernote notes using free, open source tools like ParanoiaWorks, as well as file attachments, and/or use Mozilla Thunderbird with ENIGMAil or Mailvelope.
This integrated encrypted email solution makes encryption your email communications fairly easy. It currently works on some popular platforms and more are coming:
As you can see from the image above, iOS, Windows and Firefox OS are not yet supported…and it doesn’t seem to work in Firefox browser. Still, if you’re a Google Chrome browser user, this will work fine both as an app or in your Google Chrome web browser!
You can use an existing PGP private key, or create a new one. In the future, you will be able to load PGP keys from your computer’s clipboard (coming soon in a future release!)!
The problem I ran into using a text file was that my PGP key lacked a “asc” filename extension.
UPDATE: As of 02/03/2015, the “.asc” filename extension requirement has been removed! Yay!
However, you can take your text file your PGP private keys and then change the filename extension (e.g. mykeys.asc). Or, once you create a new set of PGP keys, you can export your keypair via Whiteout.io
If you export your keypair–which you’ll want to save in a safe place, probably encrypted in a Veracrypt drive or at least protected by ParanoiaWorks SSE encryption tool–you can share the public key with others so they can send you encrypted email:
—–BEGIN PGP PUBLIC KEY BLOCK—–
Version: OpenPGP.js v0.9.0
Comment: Whiteout Mail – https://whiteout.io
—–END PGP PUBLIC KEY BLOCK—–
One of the caveats of this service worth mentioning:
As we are based on the OpenPGP standard we protect your message content but not its metadata and we do not provide anonymity. Sender, recipient, subject and date are transmitted via standard SMTP in the clear. You may want to keep that in mind when deciding if and when to use our app.
So, this presents a problem. That’s why other solutions like Tutanota.de and ProtonMail.ch are worthwhile alternatives, providing encryption. You can see email below:
|Here’s an encrypted email in Gmail…but if you look at it in Whiteout, the message simply appears after you login:|
Some of their features:
- Whiteout Mail can be used with your existing email provider over IMAP. Also, coming soon, with an encrypted mailbox hosted by us, offering seamless integration with the app.
- End-to-end encryption and private/public key management is implemented via the OpenPGP protocol. Our source code is published and open for inspection.
- Your message is encrypted on the client and will never be transmitted or stored in the clear.
Is Mailvelope easier to use? Not surprisingly, I was able to import–copy-n-paste or exported keypair file–my Whiteout generated PGP public/private keys into Mailvelope, and decrypt Oliver’s encrypted email to me from within Gmail. So, yes, this is quite easy and less trouble. Benefit of Whiteoutio is that I didn’t have to consciously worry about it…I just did it by sending a secure email.
This is why we, as a service provider for encrypted email, believe that one major way we can provide value to users is key management. Not only does Whiteout Mail automate public key discovery when typing in a recipient’s email address, we also want to make private key management so easy that it becomes basically invisible to users (unless users explicitly want to dig deeper, of course).
Make Donations via PayPal below: