Sending encrypted emails using Thunderbird

The present article describes how to use mail encryption with Thunderbird on Ubuntu 14.04. It assumes that you have the below mentioned prerequisites in place and you have an idea about how it works. If not, please consult the links at the ending of the article, under “Resources”.

Prerequisites

  • gnupg package installed
  • thunderbird email client installed
  • thunderbird enigmail extension installed
  • enigmail configured to not encrypt nor sign emails by default
  • public/private key pair generated by enigmail

Notes

  • Send emails in plain text – gnugp doesn’t work very well with HTML emails, so in order to avoid the hassle of making it work, send your emails in plain text. To do this, instead of just clicking on the “Write” button, click it while holding SHIFT. Shift + WRITE will open a normal email composing windows, but editing will be done in plain text.

thunderbird-write

  • Sharing your public key – when first mailing somebody be sure to add your public key so that the receiver can send an encrypted reply using your public key.

After opening a email composing windows, go to the top menu and select Enigmail – Attach my public key

attach-my-public-key

Signing the email

Let’s first test if email signing works by sending a test email to “adele” the GNUPG robot, with any subject/message you prefer. The address is “adele-en@gnupp.de”.

adele-test-email

Don’t forget to attach your public key, so that “adele” can respond with an encrypted email, as mentioned above. Before sending make sure you signed your email, by clicking on the Enigmail button and selecting to “Force Signing”. You can do this using the CTRL+SHIFT+S shortcut also.

thunderbird-engimail-menu

You should receive a reply within several minutes in the following form :

********* *BEGIN ENCRYPTED or SIGNED PART* *********
Hello <your name as appeared in thunderbird>,
here is the encrypted reply to your email.
I have received your public key ID <key id string>, described as
`<your name> <your email>'.
Below please find the public key of adele-en@gnupp.de
the friendly OpenPGP email robot.
Yours sincerely,
adele-en@gnupp.de
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.10 (GNU/Linux)
<a really big hash string>
-----END PGP PUBLIC KEY BLOCK-----
********** *END ENCRYPTED or SIGNED PART* **********

Encrypting the email

Now let’s send another email to Adele, but this time in an encrypted fashion. Before doing that we must have the recipients public key in our settings so that the email gets encrypted with it. This can be done in either of the 2 ways below :

By copying it

Select and copy the part of the reply that looked like below.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.10 (GNU/Linux)
<a really big hash string>
-----END PGP PUBLIC KEY BLOCK-----

Go to the top menu and select Enigmail – Key management. A new window called “Enigmail Key Management” will pop up, where you should go to the top menu and select Edit -> Import from clipboard . A new window will pop up alerting that a new key has been added, as you can see in the “Enigmail Key Management” window.

By searching

In the “Enigmail Key Management” window go to the top menu and select Keyserver – Search for keys

thunderbird-pgp-selectkeyserver

Here you can search for a public key by either email address, recepient name or by a hexadecimal KeyID of 10 characters.

 

After the public key of the recipient is in the Thunderbirds Enigmail Key Management, we can proceed with sending the email. Like in the case of signing, click on the Enigmail button and select “Force Encryption”. You can do this using the CTRL+SHIFT+E shortcut also. You will get a reply from Adele in the following form :

********* *BEGIN ENCRYPTED or SIGNED PART* *********
Hello <your name as appeared in thunderbird>,
here is the encrypted reply to your email. I quote your original message to prove that I could decrypt it.
<original message sent>
Yours sincerely,
adele-en@gnupp.de
********** *END ENCRYPTED or SIGNED PART* **********

Resources

  • http://www.cam.ac.uk.pgp.net/pgpnet/
  • https://www.enigmail.net/documentation/quickstart-ch3.php
  • https://support.mozilla.org/en-US/kb/digitally-signing-and-encrypting-messages