1 - Install xmail
chrome store logo

xmail is a Google Chrome extension downloadable from the chrome app store with one click.

It’s free!

2 - Choose passphrase

Opening Gmail prompts you to create your secret passphrase. xmail forges your lock and key. xmail uses this lock for all messages sent to you.

3 - Gmail is secure
gmail logo

Actually, there’s no step three. Use Gmail normally. Look for lock to know your webmail is secure.

That’s it.

How it works

Sending xmail

Say you are sending an email to Alice. When you type her email address into the recipients field, xmail gets her lock. Then, xmail locks your message and attachments with Alice’s lock and sends it to her.

Green lock means your message is secure. Rest assured only Alice can read it because only she has the key to her lock.

If for some reason you don’t want to protect your message, you can click on the lock. But don’t forget, this will send it as a regular email so someone other than Alice could read it.

xmail works with recipients that are using xmail. xmail warns you that unsecure email will be sent if you try to send to a non-xmail recipient. So, invite your family, friends and colleagues to use xmail. So Alice and all her Wonderland contacts can rest easy.

Say you receive an xmail back from Alice. The green lock confirms only your key can open it. The green checked person confirms it was written by Alice.

This message is for your eyes only. You have the key to open it.

This message was sent to you unsecurely; We hope it’s not confidential!

The xmail was authored by the person whose email address you received it from. Mouse over to see it came from alice@gmail.com.

Be very careful if you see this. You need to worry. The person who wrote it is not the same person with the email address you received it from. Beware, it could be the Queen of Hearts trying to impersonate Alice to trick you.
Receiving xmail

Frequently asked questions

How does it work?

Let’s say you want to share a secret with someone. In order to do so, you ask for a lock which only this person has a key that opens. With that, you are able to lock your secret in a box and send it over, knowing that only this person can open it. This is effectively what xmail does. When you enter your passphrase, your lock and key is created. People can then get your lock from our server to secure messages that are for you. Since only you have the key, only you can open it. At Shwyz we only have locks and never have any keys on our servers; only you have the key.

Is xmail right for me?

Everyone that doesn’t require military grade encryption system should use xmail. We believe privacy is a right and xmail secures that right. Gmail without xmail does not secure your right for privacy. For example, when you click the “I Agree” button when you create your Gmail account, you grant Google rights to read all your email. By agreeing to their terms you can compromise things like Non Disclousure Agreements and Client-Attorney privilleges. But it’s not just these special situations, but ALL your correspondence should be private; whether it’s your kids sending you photos or conversations with your friends. If you agree privacy is a right, not a privillege. xmail is right for you.

Do I have to do anything special to send xmails?

Once the extension is installed and you forged your lock and key with your passphrase, xmail works in the background to make sure that all your correspondence to xmail recipients is private. You just use your email as usual. The green lock lets you know when you are sending to an xmail recipient that will be secure. Likewise, when you get an xmail, the green lock confirms it was sent securely. xmail gives you peace-of-mind without having to do anything differently.

Why is my passphrase so important?

To make sure you are protected, we don’t have your key. You can only generate your lock and key using your passphrase. If someone else knows your passphrase, they can use it to either read your private messages or impersonate you. It also means that if you lose or foget your passphrase we have no way to get it back for you. Your locked content will be unaccessible. Think of this like having a Swiss bank account number to a multi-million dollars account. If someone steals the number, they will get the money. If you lose the number, you can’t get the money. So, keep your passphrase very private and safe.

How can I keep my passphrase safe?

xmail works in the background, and doesn’t need your passphrase once you have created your lock and key. So, chances are you will forget your passphrase. So, write it down and put it in a safe place. Don’t xmail it to yourself as you won’t be able to read it when you need it. If you would like a key holder or escrow services for your passphrase, please contact us as it is not part of the personal security level provided by xmail for free.

How do I use xmail on all my devices?

Your email address has one lock and key forged from your passphrase. So on a new device you enter the same passphrase to generate the same key.

Is this lock and key thing just cryptography?

Yes it is. We believe one of the main problems with the low adoption of security systems is the fact that it relies on terms and concepts coined by geniuses. Some of these terms are more than 40 years old and still enigmatic to the majority of people. We have created an easy way to think about cryptography that is closer to the real world: a lock and key. Just as people don’t need to know about mechanics to drive a car well, people can use cryptography well without knowing about rsa, aes, bit length, and public and private keys.

I’m a techie. Which kind of cryptografy is in use?

We use a hybrid approach generating a random symetric content key for each message to encrypt with AES and encrypt this content key to each recipient using RSA. We believe the state of the art of cryptografic systems is more than enough to increase significantly the average level of protection of end users and the problem we face with low adoption of these technologies is more due to usability aspects than the mathmatical properties.

My physical safety and life depend on messages being sent securely, should I use xmail?

You probably shouldn’t. It’s not that our security model isn’t good, but, to favour usability, some trade-offs have been made. We don’t recommend for your case to use a key generated from a passphrase, for example, and depending on your needs you shouldn’t rely on a browser extension for your high level security needs. If you are an investigative journalist or activist, please consider taking all the time needed to learn PGP.


xmail, works with Gmail and was first released on May 2014 as a Google Chrome Extension, but we plan to support multiple platforms soon.