Gmail S/MIME is a pretty cool Firefox add-on that adds signing and encrypting capabilities to Gmail. The add-on integrates smoothly with the user interface so that you might think Google had added the feature themselves. It still needs some work (it’s currently at version 0.4) but has the potential to be a very useful tool for security-conscious users.

Gmail S/MIME adds signing and encrypting buttons to the toolbar on Gmail’s Compose Mail page. Using Firefox’s certificate store, the add-on is able to determine if it can sign or encrypt your message as you choose to do so. If everything is in order, Gmail S/MIME creates the appropriate attachment and routes the message through Gmail’s secure SMTP server.

It also recognizes S/MIME attachments sent from itself and other mail clients. Encrypted messages and digital signatures do appear as attachments, but the contents are automatically deciphered and displayed for you.

Unfortunately at this time, there is no support for digital signature verification. I sent a signed e-mail to my Gmail account using a signature certificate issued by a certificate authority that was present in my Firefox certificate store, but I was still given a message that the signature was not trusted. All I could do was read the signer and issuer fields.

I’m looking forward to when they add the verification capability. That way, the sender’s certificate will be automatically imported, and it will be easier for less advanced users to encrypt their Gmail messages. Until then, it will still be a nice tool to have when I need something signed or encrypted.

Each Thursday, Security Musings features a security-related technology or tool. Featured items do not imply a recommendation by Gemini Security Solutions. For more information about how Gemini Security Solutions can help you solve your security issues, contact us!

This entry was posted on Thursday, April 9th, 2009 at 6:18 pm by Mike Markiewicz and is filed under Technology & Tool Thursday. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.