A little bit 'o' privacy for gmail in a bookmarklet
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


Cryptlet :: A little bit 'o' privacy for Gmail in a bookmarklet.

What it does

Provides very basic, insecure encryption and decryption in Gmail, through a bookmarklet. Uses the Stanford Javascript Crypto Library.

The SJCL defaults are left alone. This means Cryptlet generates a 128 bit symmetric AES key using randomized salts and initialization vectors, and encrypts in CCM mode.


  • Safari : Paste the bookmarklet into the URL bar after navigating to Gmail. Alternatively, add it as a bookmark and hit it after navigating to Gmail.
  • Chrome : Add the bookmarklet as a bookmark and hit it after navigating to Gmail. Chrome doesn't support pasting a bookmarklet this long.
  • Firefox: Not supported. Yet.

To encrypt: Compose a message, and click the "Encrypt" button before sending your mail. Enter in a good password. Don't forget it, because the body will disappear. Yes, Gmail's auto-save renders this insecure. Cryptlet doesn't recognize the composition area for replies right now, so you'll have to compose a fresh email.

To decrypt: You'll notice that emails now have a "Decrypt" link at the end of their text. If you received an encrypted email, click "Decrypt" and enter the password it was encrypted with. If you enter the right password, you will see the original message. The decrypted message will not persist if you navigate away from the page.

Is this a good way to secure my email?

Absolutely not. Do NOT use this to secure your email. You should use PGP and a non-webmail client for actual security. Ideally, cryptlet is 'kinda neat'. Nothing more.

Building / Requirements

After editing cryptlet.js, you can regenerate cryptlet.bookmarklet by running make. You will need an installation of node.js and uglifyjs.


0.0.2 : Loads before any events fire. 0.0.1 : First version