Gmail may be an excellent Web-based email application, but there is no easy way to use it with privacy tools like GnuPG. The FireGPG extension for Firefox is designed to solve this problem. It integrates nicely into Gmail's interface and allows you to sign and encrypt not only email messages but also text snippets from any Web page.
As with any other Firefox extension, installing FireGPG is a matter of a few clicks. However, since FireGPG relies on GnuPG, there are a couple of things you have to take care of in order to make FireGPG work properly. First, you have to make sure that GnuPG is installed on your system. You might also want to install a graphical front end to it -- for example, KGpg on (K)Ubuntu -- that you can use to manage keys. Finally, you have to generate the key pair required to encrypt and sign mails and text snippets.
Generating a key pair using KGpg is a straightforward process. Launch KGpg and choose Keys -> Generate Key Pair. In the Key Generation dialog box, enter your name and email address. Select the desired key size; the default 1,024 is strong enough, but stronger keys are also available, if necessary. Next, select the desired algorithm (KGpg supports the RSA and DSA/ElGamal algorithms). Press OK, enter the desired passphrase when prompted, and wait until the utility generates the key pair.
Now you can start using FireGPG.
Since FireGPG integrates tightly into Gmail, using it to sign and encrypt emails couldn't be easier. Simply select the entire message body, or just the part you want to sign or encrypt, and press either the Sign or Crypt button. Enter the password you specified when you created the key pair, then select the key you want to use, and press OK. This signs or encrypts the messages or the text selection. Keep in mind that when signing the message, you should choose your private key, and when encrypting the email, you have to use the recipient's public key (you can import it into KGpg using the Keys -> Import Key command).
The FireGPG extension also adds buttons that allow you to manage signed and encrypted messages received from other users. You can use the buttons to easily verify a sender's signature or decrypt a message.
In a similar manner you can sign and encrypt a selected text fragment on any Web page. This can be useful if you want to encrypt the selected snippet before you insert it into an email message or a text document. To do this, simply select the text snippet you want and use the available commands under the Tools -> FireGPG menu to sign or encrypt the selection.