Google End-to-End encrypted email code goes open-source

Programmers can now get their hands on the E2EMail code to bolster email encryption services.
Written by Charlie Osborne, Contributing Writer

Google has announced that E2EMail, an experimental end-to-end encryption system, has now been given to the open-source community with no strings attached.

Whether you are concerned about government surveillance and spying, man-in-the-middle (MiTM) attacks by threat actors or you are an enterprise player with the need to keep communications as secure and private as possible, end-to-end encryption is viewed as a method to prevent snooping.

Not every email service provider offers end-to-end encryption -- the best-known being PGP -- although, in the wake of former NSA contractor Edward Snowden's disclosures concerning the mass-spying efforts of the US government, more services have popped up or increased in popularity, including ProtonMail, Wire, WhatsApp, and Signal.

As we become more concerned with digital threats and surveillance, everything from email services to apps and social network chats is being locked up with cryptographic methods.

However, end-to-end encryption is yet to reach a wider audience -- and this is where Google intends to make a difference.

Last week, Google engineers KB Sriram, Eduardo Vela Nava, and Stephan Somogyi said in a blog post that as part of the tech giant's End-to-End research efforts, E2EMail is going open-source.

Built on the Javascript crypto library developed at Google, E2EMail offers a way to integrate OpenPGP into Gmail via a Chrome Extension while keeping cleartext of messages exclusively on the client.

Google is keen to emphasize that E2EMail is not a Google product, but thanks to the efforts of security engineers from across the spectrum, it is now a "fully community-driven open-source project."

The current form of E2EMail is rather bare when it comes to keyserver testing. However, Google's Key Transparency, made available earlier this year, may improve the security of the service far beyond its current incarnation.

"Key discovery and distribution lie at the heart of the usability challenges that OpenPGP implementations have faced," Google's engineers say. "Key Transparency delivers a solid, scalable, and thus practical solution, replacing the problematic web-of-trust model traditionally used with PGP."

"We look forward to working alongside the community to integrate E2EMail with the Key Transparency server, and beyond," the team added.

See also: Linus Torvalds on SHA-1 and Git: 'The sky isn't falling'

If you're interested, you can check out the e2email-org/e2email repository on GitHub.

Last week, Google gave the "Upspin" project to the open-source community. Upspin aims to reduce the fragmentation of current services such as Dropbox, Google Storage and Apple's iCloud and the amount of time wasted on "multi-step copying and repackaging" by creating a global namespace for files. Upspin is a set of protocols and standards which puts secure sharing at the forefront and is enabled with end-to-end encryption by default.

5 things you should know about VPNs

Editorial standards