[liberationtech] Announcing PassLok for Email beta

Francisco Ruiz fruiz500 at gmail.com
Thu Apr 21 09:15:58 PDT 2016 

I am pleased to announce the open beta for PassLok for Email, a free Chrome
extension that adds easy, secure end-to-end encryption to email services.
Currently Gmail, Yahoo, and Outlook online are supported.

You can get it from this private link:
https://chrome.google.com/webstore/detail/passlok-for-email/ehakihemolfjgbbfhkbjgahppbhecclh

PassLok for Email is based on the same crypto engine as PassLok Privacy, a
free standalone app that can be found at https://passlok.com and other
mirrors, plus the Chrome, Android, and iOS stores. This ensures
compatibility with users outside the supported email services.

We have worked hard to make PassLok for Email secure, powerful, and
user-friendly. Some features:

- Based on the NaCl crypto engine: 256-bit Xsalsa20 symmetric cipher plus
Curve25519 ECDH asymmetric functions.

- Written in JavaScript, BUT sandboxed as Chrome extension content scripts,
out of reach for other extensions and the outside world. PassLok for Email
interacts with the email services exclusively through DOM elements in the
email page and makes no outside calls.

- Key exchange is fully automated. Users never have to deal with private or
public keys, which so many find hard to understand. This is possible
because the public keys are very short (50 base36 characters), and can be
added to every message without bloat.

- PassLok for Email has no options to set or change.

- A help page can be loaded as a separate tab with the click of a button.
First-time users get special instructions on the interface. The technical
document is linked from the help page (link below).

- Choice between two kinds of encryption: Signed (stored messages can be
decrypted later, as often as necessary), and Read-once (messages can be
decrypted only once). Perfect forward secrecy in Read-once mode is achieved
through ephemeral key pairs that are switched at every message sent or
received.

- Users can also create encrypted Chat Invitations which, when decrypted,
start a real-time WebRTC chat session with participants directly connected
to one another. The chat session can involve text, files, audio, and even
video.

- Encrypted attachments are supported, one per encrypted message.

- Open source: https://github.com/fruiz500/passlok4email

For under-the-hood details on how PassLok for Email is put together:
https://passlok.com/files/passlok4email_technical_document.pdf

If you like it enough to recommend to others to join the beta, go right
ahead. PassLok for Email has a built-in method for spreading itself by
means of Invitation messages. This email ends with my invitation, in case
you want to establish an encrypted email conversation with me (
fruiz500 at gmail.com).

Please report bugs and submit feature requests at the project's GitHub
page. Let’s work together to make this app the one where Johnny finally can
encrypt ;-)

Thank you.

-- 
Francisco Ruiz

Invitation created by PassLok for Email follows:
--------------------------------------------------------------


The gibberish below contains a message from me that has been encrypted
with *PassLok
for Email*. To decrypt it, do this:

   1. Install the PassLok for Email Chrome extension by following this
   link:
   https://chrome.google.com/webstore/detail/passlok-for-email/ehakihemolfjgbbfhkbjgahppbhecclh
   2. Reload your email and get back to this message.
   3. Click the *PassLok* logo above (orange key). You will be asked to
   supply a Password, which will not be stored or sent anywhere. You must
   remember the Password, but you can change it later if you want.
   4. When asked whether to accept my new Password (which you don't know),
   go ahead and click *OK*.


----------begin invitation message encrypted with PassLok--------==

327k7e5x30ntbfkkonLetazzy5Ldxc7tebexLp04ysnfv50ipg at ppipK+rJrZi6A6YeEwe
M%S5iVqKPTDK0j+AR2deQG/caYO1lczA7aTRd6iFLxPl5N+xeR/C6XCZFwUF+S8EQ+Dp9L
GX4rIYy99IUfmzn2gF4FG3ITY6Vq+VyhDtZsWetdP3Eiikc77TmW66i9PHd0qjdIMcE2iQ
mNduVa98uvi4HUawIf8OqzHCLGCH0gp6M9TSM7kYGhZ6TuTUPl/cyjJk/UyDEq/QWjtbx5
P3iYA2KVqoFhSyy76JwyxUOCYY72Su2lY9A8Dd/CxXi7AvrAsiCqG4hM1leQ6ICFGPP2sd
RQPqzEaELF1Km89w

==---------end invitation message encrypted with PassLok-----------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20160421/d592b204/attachment.html>

More information about the liberationtech mailing list