GMail Encryption using GreaseMonkey

So, you like using Gmail, but don't want other people to be able to read your email? You are probably not alone and that is where the Gmail Encryption extension enters the picture. This is a Greasemonkey script. If you don't have it or don't know what it is, then head over to the Greasemonkey site and install that first. If you are not using Firefox, then I believe there are methods out there to help you use these scripts with other browsers, but I don't know what they are.

I have implemented an RSA type scheme in Javascript. Naturally this is somewhat more cumbersome in GreaseMonkey as the entire scheme needs to live together inside one large file. This, however, solved a number of issues I had with the Solitaire idea.

* Keys can be exchanged securely as you can safely place your public key anywhere.
* Although a seperate public key is required for each person, because they are maintained publically, it is significantly easier to keep track of them.
* All your received emails can be decrypted at any time using your private key. (You still need to keep track of any emails sent in a secure fashion, presumably by encrypting them a second time with your public key.)
* The private key, obviously, needs to remain private for this to work. I wouldn't recommend saving it in an email on the same system that you will be using this script with.

Public key encryption has one major problem and it is especially noticeable in a scripting language like Javascript. It needs a lot of horsepower - especially on the decryption side! So to prevent your machine grinding to a halt if you want to send emails longer than one character, for example, the actual message is encrypted using AES. The keys to AES are then encrypted using RSA. That gives the receiver a small amount of RSA descryption to work through and the bulk of the decryption then takes place using AES which is much less processor intensive.