HOWTO — Encrypt your e-mail with Thunderbird, Enigmail, and GNUPG

 Everyone should be encrypting all of their e-mail.  Why?  Well, let me ask you a question….would you write your wife, husband, sweetheart, etc… a message on a post card?  Why not?  Because everyone can read it, right?!  So, how would you send it?  You’d write it on paper and put it in an envelope, right?  Well, email is just like the post card.  Left unencrypted, it is just like the post card…anyone can read it.  Encryption works like an envelope so to speak.  It let’s you pack it up so people who come across the message in transit on the internet can’t read it (just like the letter).  Just like the envelope, it can be opened…it just takes lots of time to discover the key and decrypt it.

Need more reasons?  Check out this article.

If you are interested, read more …..

[Update 09-29-2010 17:05:47] Check out this post on another reason you should be encrypting your e-mail (and everything else)

Image of the lock is from Daniel Y. Go via flickr.  Other images below are screenshots by me.

[Prerequisites] [Configuring Thunderbird] [Installing GNUPG] [Installing Enigmail] [Configuring Enigmail] [Adding Keys from Others] [Uploading Your Key] [Setting Up Perrecipiant Rules in Enigmail] [Reading Encrypted Email]

Note, you can click any of the pictures below to get taken to larger ones. From there, you can get even larger–read original size–images

Ok…before I start with this HOWTO, here are some prerequisites:

0) I assume you are using windows PC.
1) I assume you aren’t using Thunderbird or any other email client that you check your e-mail with
2) I assume you don’t use email encryption at the moment and have never messed with it.
3) You need to have an e-mail account you can check with an e-mail client. If you don’t have one, you can get one from google easily here.
4) Download Thunderbird and run through the installer. An existing installation of Thunderbird can be used.
5) Download GNUPG.

The download page is here. You can either scroll down to the BINARIES section, look for “GnuPG 1.4.10b compiled for Microsoft Windows,” and then click on the FTP link to the right to download.
Or you can just click this link to download the file.


Configuring Thunderbird

(Note, in the screenshots below, I am using the 3.0.4 PortableApps version for my screenshots)

1) Launch Thunderbird.

2) Enter the information requested in the box and click continue.

3) Wait while Thunderbird determines your settings

4) Click create account (assuming everything is correct)

5) The screen will refresh and look like this. You can verify everything is ok by clicking the Read Messages link.

6) Thunderbird setup is complete.

Installing GNUPG

1) If you haven’t done so already, download GNUPG.

The download page is here. You can either scroll down to the BINARIES section, look for “GnuPG 1.4.10b compiled for Microsoft Windows,” and then click on the FTP link to the right to download.
Or you can just click this link to download the file.


2) Find the file you downloaded and double click it. It will show up as either gnupg-w32cli-1.4.10b.exe or gnupg-w32cli-1.4.10b

3) Click the next button

4) Click next again to agree to the license terms

5) Click next again (accept all packages as show in the screenshot)

6) Click next after verifying en-English is selected (unless you speak a different language)

7) Choose your install path. Usually the default will work ok (c:Program FilesGNUGNUPG); however, in the instance below, I picked to install it to my thumbdrive (k:)

8) Click next (this screen creates a menu in your start menu)

9) wait while the program installs

10) When it is done, click next

11) Uncheck the Show Readme checkbox and click finish

12) Installation of GNUPG is done

Installing Enigmail

1) Go to the Enigmail homepage

2) Find the download section of the homepage (in the screenshot below, it is in the top left section of the page and says “v1.0.1 for Windows (32-bit)”)

3) Right-click the link and copy the URL to your clipboard. In Firefox, choose the “Copy Link Location” option. In Internet Explorer, choose “Copy Shortcut.” In Google Chrome, choose “Copy Link Address.”)

4) Go back to Thunderbird and click Tools -> Addons

5) Click the Install button

6) In the filename box, paste (hit the ctrl key + c at the same time) what is on your clipboard. it should look something like this

7) Click the open button

8) Wait while the file is downloaded. When the window refreshes, click the Install Now button

9) Click the restart thunderbird button

10) Wait while Thunderbird restarts. When it does, Enigmail will be installed

Configuring Enigmail

1) Go to OpenPGP->Setup Wizard

2) Choose “Yes I would like the wizard to get me started” and click Next

3) Choose “Yes I want to sign all of my e-mail” and click Next

4) Choose “No, I will create per-recipiant rules for those that send me their public key” and click Next

5) Make sure yes is selected and click next (this will make some configuration changes to Thunderbird to make sure encryption works well)

6) Enter a passphrase. Pick something nice and strong. Here, here, and here are some rules for creating strong passwords

7) Click the Next button

8) Click the next button when presented with the summary

9) Click next to generate your key

10) Wait while your key is made

11) Click the finish button

Adding Keys from Others

1) Open up Thunderbird

2) Choose OpenPGP->Key Management from the menu

3) Choose Keyserver->Search for Keys in the OpenPGP key Managment Window

4) Enter your search criteria into the Search for Key box and hit ok. You can use name, email address, or a partial match. If you want to search for my key, use my e-mail address

5) Results are shown like this. For any keys you want to import, make sure the checkbox is checked then click the ok button

6) You’ll get a message that they keys were imported. Click ok

7) If you want to see the keys you have, click the display all keys by default checkbox

8) Click the X to close the window.

Uploading Your Key

1) Open up Thunderbird

2) Choose OpenPGP->Key Management from the menu

3) Highlight your key

4) Go to Keyserver->Upload Public Keys

5) Hot the OK button to search using the default keyserver

6) The key will upload

7) Now you can simply close the Key Management window and people can find your public key to send you e-mail.

Setting Up Per-recipiant Rules in Enigmail

1) Open up Thunderbird

2) Choose OpenPGP->Preferences from the menu

3) Click the Display Expert Settings Button

4) Go to the Key Selection tab and click the Edit Rules button

5) Click the add button in the new window that pops up

6) Fill out the window like:

Set Open PGP Rules for enter the person’s email address
Apply Rule if Recipiant is exactly
Use the following keys See steps 7 and 8
Signing Choose Always from the dropdown
Encryption Choose Always from the dropdown

7) To choose the keys, hit the Select Key(s) button

8) A new window will open. Check the checkbox next to the person’s key you want to use. Also, select your key! IF YOU DO NOT you will not be able to read any e-mail you send to this person.

9) If you want to set a rule to encrypt your e-mail to me, it would look like this:

10) Click the ok button. Then, click the ok button two more times (once for the key management window and once for the OpenPGP preferences window). You will return to Thunderbird.

11) Test it out and send someone an e-mail.

12) You should type the e-mail just like normal. When you click the send button, it should ask for your password. Enter the password entered in the Configuring Enigmail section #6

Reading Encrypted Email

1) Launch Thunderbird

2) When you are looking at e-mail in your inbox, there is nothing that tells you it is encrypted or not.

3) However, when you go to open an encrypted message, you will be prompted for your password. Enter it and you will see the message like normal.

4) Once it is open, you should see this

5) Take a look at the green bar at the top. Green is Good…red is dead so to speak. It tells you that the message is encrypted and everything is ok. If you don’t see this bar, then the e-mail hasn’t been encrypted.

If you have questions about any of this, contact me.

[Update 04-11-2010 07:10] I’ve added instructions on uploading your key to a keyserver with pictures. They can be found in the Uploading Your Key section.

[Update 04-10-2010 17:10:39] I had someone follow the instructions above and send me an e-mail.  But, I forgot to write instructions on uploading your key to a key server so people can send you encrypted e-mail.  I’ll follow with some pictures later, but here are the steps:

Open thunderbird
Go to OpenPGP->Key Management
Pick your key
Go to keyserver->upload public key
Hit ok.

[Update 2012-12-26 10:12:00] Edited some incorrect links

Leave a Reply

Your email address will not be published. Required fields are marked *