13334048894_001d3e53d123 years ago, the first public version of PGP (Pretty Good Privacy) was released by Phil Zimmermann.

PGP made it possible for anybody to keep confidential data encrypted. PGP also made it possible for anybody to digitally sign files and emails before sharing them, so that the recipients can verify their authenticity.

Following the specification, the alternative implementation GnuPG was written, and support for PGP was made available for many email clients.

PGP implementations are still actively maintained, and there are no known practical attacks against data encrypted using them.

So, why isn’t everybody using PGP?

The main issue with PGP is not security, but usability. The available tools are complex to use, and even people using them on a daily basis admit not knowing more than 10% of their features.

Another issue is that unlike 23 years ago, most of our time is now spent in a web browser, and on many devices. Having to install and configure a desktop application on every computer is painful. It should be simple and easy to encrypt and decrypt files on any device, anywhere.

The End-to-end Chrome extension is a huge step towards making PGP easy to use, right in a web browser. However, it is definitely not ready for primetime yet.

Introducing Minilock

Minilock is another project we are really excited about, and the first stable version was just made available as a Chrome extension.

Minilock doesn’t try to be compatible with PGP. However, it was designed from the ground up to be as easy to use as possible.

As a Chrome application, it couldn’t be any easier to install, and it will be instantaneously
available on all compatible devices running the browser with the same identity.

By design, no configuration is stored anywhere. When the application starts, it asks for an email address and a password. This combination is all it takes to start encrypting and decrypting files. Files encrypted with a given (email, password) pair can be decrypted on any device just by typing the same (email, password) pair.

Screen Shot 2014-08-03 at 9.29.16 PM

Please note that the email doesn’t have to be a real address. This email is just combined with the password in order to generate the actual encryption key. It makes sure that two users with the same password will not end up with the same key.

In order to encrypt a file, drag-and-drop it to the Minilock window. The encrypted file can then be saved locally. To decrypt a file, the operation is exactly the same.

Screen Shot 2014-08-03 at 9.31.14 PM

The “Minilock ID” is what other people have to use in order to encrypt a file specifically for you. It is a short string, that doesn’t reveal any information about your actual email and password, and that can be safely shared publicly.

Minilock doesn’t have any other features. Simplicity is its strength. And even if cryptographic applications in a web browser remains a controversial topic, we can only support this remarkable effort to build a privacy tool that anybody can use.

Photo Credit: Yuri Yu. Samoilov via Compfight cc

This post is categorized in: