Thunderbird Email Encryption with GnuPG2
Last edited 2014-06-20
This tutorial describes the configuration of Thunderbird and GnuPG2 to send and receive encrypted email.
I assume that you have installed Thunderbird, gnupg2 and some game
Generate a key pair (public and private keys) from the command line, because in case of error you'll be more likely to see it there instead in crashed GUI application. Type
gpg --gen-key and follow the pictures:
Start some game and play it, in my case I played Red Eclipse.
Open up Thunderbind. By default, Thunderbird has hidden the menu bar so we will have to make it visible. Right click below your window title and enable the menu bar option.
Prefer plain text over HTML and never use PGP/MIME or S/MIME. Why you should not use them - read the information in this website https://futureboy.us/pgp.html
Enable phishing protection - also known as email scams. Edit -> Preferences -> Security -> Email Scams
This is a email client, so we don't actually need cookies.
Install the Enigmail addon: Tools -> Add-ons
Once installed, it will ask you to restart the bird, do it and verify that OpenPGP is listed in the menu bar after that.
Click over the OpenPGP and select Setup Wizard
In case of multiple accounts, repeat those steps for each one.
It's time to exchange your public keys with others, before doing this I would recommend you to experiment with a second email account or alias.
Write some random email to the second email address and:
Once the email is received in your other email account, make sure to - sign and encrypt the message and attach your public key for first time.
In order to read the encrypted email reply, you will have to enter your passphrase. After that import the sender's public key.
Change the trust settings for the sender's public key, notice the blue background and how it will be changed with a green one.
The last picture demonstrates how to check the email source and see that the email is really encrypted.
If you want to send and receive encrypted emails from your alias, click over Edit and select Account Settings
In the Settings tab fill your Real Name and alias email address
Some commands that you should know:
Generate a key pair gpg --gen-key
List keys gpg --list-keys
Export my private/public keys by using my email address gpg --export --armor --output my_pub_key.asc firstname.lastname@example.org gpg --export-secret-keys --armor --output my_private_key.asc email@example.com
Export my whole private/public keyring gpg --export --armor --output pub_keyring.asc gpg --export-secret-keys --armor --output private_keyring.asc
When importing a key, first import the public key then the secret one. gpg --import pub_keyring.asc
Certificate Managers: kgpg, seahorse, kleopatra