Thunderbird Email Encryption with GnuPG2

Want to support HowtoForge? Become a subscriber!
 
Submitted by howtoforge (Contact Author) (Forums) on Fri, 2014-06-20 09:51. :: CentOS | Debian | Fedora | Linux | SuSE | Ubuntu | Desktop | Email

Thunderbird Email Encryption with GnuPG2

Version: 1.0
Author: Aaron
Last edited 2014-06-20

This tutorial describes the configuration of Thunderbird and GnuPG2 to send and receive encrypted email.

I assume that you have installed Thunderbird, gnupg2 and some game

Generate a key pair (public and private keys) from the command line, because in case of error you'll be more likely to see it there instead in crashed GUI application. Type gpg --gen-key and follow the pictures:


Start some game and play it, in my case I played Red Eclipse.

Click to enlarge

Open up Thunderbind. By default, Thunderbird has hidden the menu bar so we will have to make it visible. Right click below your window title and enable the menu bar option.

Click to enlarge

Prefer plain text over HTML and never use PGP/MIME or S/MIME. Why you should not use them - read the information in this website https://futureboy.us/pgp.html

Click to enlarge

Enable phishing protection - also known as email scams. Edit -> Preferences -> Security -> Email Scams

Click to enlarge

This is a email client, so we don't actually need cookies.

Click to enlarge

Install the Enigmail addon: Tools -> Add-ons

Click to enlarge

Once installed, it will ask you to restart the bird, do it and verify that OpenPGP is listed in the menu bar after that.

Click to enlarge

Click over the OpenPGP and select Setup Wizard


In case of multiple accounts, repeat those steps for each one.

It's time to exchange your public keys with others, before doing this I would recommend you to experiment with a second email account or alias.

Write some random email to the second email address and:


Once the email is received in your other email account, make sure to - sign and encrypt the message and attach your public key for first time.


In order to read the encrypted email reply, you will have to enter your passphrase. After that import the sender's public key.


Change the trust settings for the sender's public key, notice the blue background and how it will be changed with a green one.


The last picture demonstrates how to check the email source and see that the email is really encrypted.

If you want to send and receive encrypted emails from your alias, click over Edit and select Account Settings


Click add


In the Settings tab fill your Real Name and alias email address


Some commands that you should know:

Generate a key pair
gpg --gen-key

List keys gpg --list-keys
Export my private/public keys by using my email address gpg --export --armor --output my_pub_key.asc user@email.com gpg --export-secret-keys --armor --output my_private_key.asc user@email.com
Export my whole private/public keyring gpg --export --armor --output pub_keyring.asc gpg --export-secret-keys --armor --output private_keyring.asc
When importing a key, first import the public key then the secret one. gpg --import pub_keyring.asc
Certificate Managers: kgpg, seahorse, kleopatra

Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.