The present article describes how to use mail encryption with Thunderbird on Ubuntu 14.04. It assumes that you have the below mentioned prerequisites in place and you have an idea about how it works. If not, please consult the links at the ending of the article, under “Resources”.
- gnupg package installed
- thunderbird email client installed
- thunderbird enigmail extension installed
- enigmail configured to not encrypt nor sign emails by default
- public/private key pair generated by enigmail
- Send emails in plain text – gnugp doesn’t work very well with HTML emails, so in order to avoid the hassle of making it work, send your emails in plain text. To do this, instead of just clicking on the “Write” button, click it while holding SHIFT. Shift + WRITE will open a normal email composing windows, but editing will be done in plain text.
- Sharing your public key – when first mailing somebody be sure to add your public key so that the receiver can send an encrypted reply using your public key.
After opening a email composing windows, go to the top menu and select Enigmail – Attach my public key
Signing the email
Let’s first test if email signing works by sending a test email to “adele” the GNUPG robot, with any subject/message you prefer. The address is “firstname.lastname@example.org”.
Don’t forget to attach your public key, so that “adele” can respond with an encrypted email, as mentioned above. Before sending make sure you signed your email, by clicking on the Enigmail button and selecting to “Force Signing”. You can do this using the CTRL+SHIFT+S shortcut also.
You should receive a reply within several minutes in the following form :
********* *BEGIN ENCRYPTED or SIGNED PART* ********* Hello <your name as appeared in thunderbird>, here is the encrypted reply to your email. I have received your public key ID <key id string>, described as `<your name> <your email>'. Below please find the public key of email@example.com the friendly OpenPGP email robot. Yours sincerely, firstname.lastname@example.org -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.10 (GNU/Linux) <a really big hash string> -----END PGP PUBLIC KEY BLOCK----- ********** *END ENCRYPTED or SIGNED PART* **********
Encrypting the email
Now let’s send another email to Adele, but this time in an encrypted fashion. Before doing that we must have the recipients public key in our settings so that the email gets encrypted with it. This can be done in either of the 2 ways below :
By copying it
Select and copy the part of the reply that looked like below.
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.10 (GNU/Linux) <a really big hash string> -----END PGP PUBLIC KEY BLOCK-----
Go to the top menu and select Enigmail – Key management. A new window called “Enigmail Key Management” will pop up, where you should go to the top menu and select Edit -> Import from clipboard . A new window will pop up alerting that a new key has been added, as you can see in the “Enigmail Key Management” window.
In the “Enigmail Key Management” window go to the top menu and select Keyserver – Search for keys
Here you can search for a public key by either email address, recepient name or by a hexadecimal KeyID of 10 characters.
After the public key of the recipient is in the Thunderbirds Enigmail Key Management, we can proceed with sending the email. Like in the case of signing, click on the Enigmail button and select “Force Encryption”. You can do this using the CTRL+SHIFT+E shortcut also. You will get a reply from Adele in the following form :
********* *BEGIN ENCRYPTED or SIGNED PART* ********* Hello <your name as appeared in thunderbird>, here is the encrypted reply to your email. I quote your original message to prove that I could decrypt it. <original message sent> Yours sincerely, email@example.com ********** *END ENCRYPTED or SIGNED PART* **********