HOWTO — Encrypt your e-mail with Thunderbird, Enigmail, and GNUPG

 Everyone should be encrypting all of their e-mail.  Why?  Well, let me ask you a question….would you write your wife, husband, sweetheart, etc… a message on a post card?  Why not?  Because everyone can read it, right?!  So, how would you send it?  You’d write it on paper and put it in an envelope, right?  Well, email is just like the post card.  Left unencrypted, it is just like the post card…anyone can read it.  Encryption works like an envelope so to speak.  It let’s you pack it up so people who come across the message in transit on the internet can’t read it (just like the letter).  Just like the envelope, it can be opened…it just takes lots of time to discover the key and decrypt it.

Need more reasons?  Check out this article.

If you are interested, read more …..

[Update 09-29-2010 17:05:47] Check out this post on another reason you should be encrypting your e-mail (and everything else)

Image of the lock is from Daniel Y. Go via flickr.  Other images below are screenshots by me.

[Prerequisites] [Configuring Thunderbird] [Installing GNUPG] [Installing Enigmail] [Configuring Enigmail] [Adding Keys from Others] [Uploading Your Key] [Setting Up Perrecipiant Rules in Enigmail] [Reading Encrypted Email]


Note, you can click any of the pictures below to get taken to larger ones. From there, you can get even larger–read original size–images

Ok…before I start with this HOWTO, here are some prerequisites:

0) I assume you are using windows PC.
1) I assume you aren’t using Thunderbird or any other email client that you check your e-mail with
2) I assume you don’t use email encryption at the moment and have never messed with it.
3) You need to have an e-mail account you can check with an e-mail client. If you don’t have one, you can get one from google easily here.
4) Download Thunderbird and run through the installer. An existing installation of Thunderbird can be used.
5) Download GNUPG.

The download page is here. You can either scroll down to the BINARIES section, look for “GnuPG 1.4.10b compiled for Microsoft Windows,” and then click on the FTP link to the right to download.
Or you can just click this link to download the file.

 


Configuring Thunderbird

(Note, in the screenshots below, I am using the 3.0.4 PortableApps version for my screenshots)

1) Launch Thunderbird.

2) Enter the information requested in the box and click continue.
ThunderbirdStep01-SetupAccount

3) Wait while Thunderbird determines your settings
ThunderbirdStep02-VerifyAccount

4) Click create account (assuming everything is correct)

5) The screen will refresh and look like this. You can verify everything is ok by clicking the Read Messages link.
ThunderbirdStep03-MainAccountWindow

6) Thunderbird setup is complete.


Installing GNUPG

1) If you haven’t done so already, download GNUPG.

The download page is here. You can either scroll down to the BINARIES section, look for “GnuPG 1.4.10b compiled for Microsoft Windows,” and then click on the FTP link to the right to download.
Or you can just click this link to download the file.

 

2) Find the file you downloaded and double click it. It will show up as either gnupg-w32cli-1.4.10b.exe or gnupg-w32cli-1.4.10b

3) Click the next button
GNUPGStep01

4) Click next again to agree to the license terms
GNUPGStep02

5) Click next again (accept all packages as show in the screenshot)
GNUPGStep03

6) Click next after verifying en-English is selected (unless you speak a different language)
GNUPGStep04

7) Choose your install path. Usually the default will work ok (c:Program FilesGNUGNUPG); however, in the instance below, I picked to install it to my thumbdrive (k:)
GNUPGStep05

8) Click next (this screen creates a menu in your start menu)
GNUPGStep06

9) wait while the program installs
GNUPGStep07

10) When it is done, click next
GNUPGStep08

11) Uncheck the Show Readme checkbox and click finish
GNUPGStep09

12) Installation of GNUPG is done


Installing Enigmail

1) Go to the Enigmail homepage

2) Find the download section of the homepage (in the screenshot below, it is in the top left section of the page and says “v1.0.1 for Windows (32-bit)”)
Enigmail01

3) Right-click the link and copy the URL to your clipboard. In Firefox, choose the “Copy Link Location” option. In Internet Explorer, choose “Copy Shortcut.” In Google Chrome, choose “Copy Link Address.”)

4) Go back to Thunderbird and click Tools -> Addons
Enigmail02

5) Click the Install button
Enigmail03

6) In the filename box, paste (hit the ctrl key + c at the same time) what is on your clipboard. it should look something like this
Enigmail04

7) Click the open button

8) Wait while the file is downloaded. When the window refreshes, click the Install Now button
Enigmail05

9) Click the restart thunderbird button
Enigmail06

10) Wait while Thunderbird restarts. When it does, Enigmail will be installed


Configuring Enigmail

1) Go to OpenPGP->Setup Wizard
Enigmail07

2) Choose “Yes I would like the wizard to get me started” and click Next
Enigmail08

3) Choose “Yes I want to sign all of my e-mail” and click Next
Enigmail09

4) Choose “No, I will create per-recipiant rules for those that send me their public key” and click Next
Enigmail10

5) Make sure yes is selected and click next (this will make some configuration changes to Thunderbird to make sure encryption works well)
Enigmail11

6) Enter a passphrase. Pick something nice and strong. Here, here, and here are some rules for creating strong passwords
Enigmail12

7) Click the Next button

8) Click the next button when presented with the summary
Enigmail13

9) Click next to generate your key
Enigmail14

10) Wait while your key is made

11) Click the finish button
Enigmail15


Adding Keys from Others

1) Open up Thunderbird

2) Choose OpenPGP->Key Management from the menu
Enigmail16

3) Choose Keyserver->Search for Keys in the OpenPGP key Managment Window
KeyManagement01

4) Enter your search criteria into the Search for Key box and hit ok. You can use name, email address, or a partial match. If you want to search for my key, use my e-mail address mjncj@maxsons.org
KeyManagement02

5) Results are shown like this. For any keys you want to import, make sure the checkbox is checked then click the ok button
KeyManagement04

6) You’ll get a message that they keys were imported. Click ok
KeyManagement05

7) If you want to see the keys you have, click the display all keys by default checkbox
KeyManagement06

8) Click the X to close the window.


Uploading Your Key

1) Open up Thunderbird

2) Choose OpenPGP->Key Management from the menu
UploadingKeys01

3) Highlight your key
UploadingKeys02

4) Go to Keyserver->Upload Public Keys
UploadingKeys03

5) Hot the OK button to search using the default keyserver
UploadingKeys04

6) The key will upload
UploadingKeys05

7) Now you can simply close the Key Management window and people can find your public key to send you e-mail.


Setting Up Per-recipiant Rules in Enigmail

1) Open up Thunderbird

2) Choose OpenPGP->Preferences from the menu
AddingRules01

3) Click the Display Expert Settings Button
AddingRules02

4) Go to the Key Selection tab and click the Edit Rules button
AddingRules03

5) Click the add button in the new window that pops up
AddingRules04

6) Fill out the window like:

Set Open PGP Rules for enter the person’s email address
Apply Rule if Recipiant is exactly
Use the following keys See steps 7 and 8
Signing Choose Always from the dropdown
Encryption Choose Always from the dropdown

7) To choose the keys, hit the Select Key(s) button
AddingRules05

8) A new window will open. Check the checkbox next to the person’s key you want to use. Also, select your key! IF YOU DO NOT you will not be able to read any e-mail you send to this person.
AddingRules06

9) If you want to set a rule to encrypt your e-mail to me, it would look like this:
AddingRules07

10) Click the ok button. Then, click the ok button two more times (once for the key management window and once for the OpenPGP preferences window). You will return to Thunderbird.

11) Test it out and send someone an e-mail.

12) You should type the e-mail just like normal. When you click the send button, it should ask for your password. Enter the password entered in the Configuring Enigmail section #6
EncryptingEmail01


Reading Encrypted Email

1) Launch Thunderbird

2) When you are looking at e-mail in your inbox, there is nothing that tells you it is encrypted or not.
EncryptingEmail02

3) However, when you go to open an encrypted message, you will be prompted for your password. Enter it and you will see the message like normal.
EncryptingEmail01

4) Once it is open, you should see this
EncryptingEmail03

5) Take a look at the green bar at the top. Green is Good…red is dead so to speak. It tells you that the message is encrypted and everything is ok. If you don’t see this bar, then the e-mail hasn’t been encrypted.
EncryptingEmail04

If you have questions about any of this, contact me.

[Update 04-11-2010 07:10] I’ve added instructions on uploading your key to a keyserver with pictures. They can be found in the Uploading Your Key section.

[Update 04-10-2010 17:10:39] I had someone follow the instructions above and send me an e-mail.  But, I forgot to write instructions on uploading your key to a key server so people can send you encrypted e-mail.  I’ll follow with some pictures later, but here are the steps:

Open thunderbird
Go to OpenPGP->Key Management
Pick your key
Go to keyserver->upload public key
Hit ok.

[Update 2012-12-26 10:12:00] Edited some incorrect links

Leave a Reply

Your email address will not be published. Required fields are marked *