Encrypt Your Email With Thunderbird and Enigmail
Why Encrypt Email?
Encrypting email is unfortunately not as simple as it should be, so why bother to do it? Well, there are a number of reasons, but the chief one is always privacy.
Encrypting your email helps to protect you from both criminal activity and corporate data mining. On a personal level, it helps to protect private and sensitive information. For businesses, encrypting email communications can help protect corporate information, even if a device is lost or stolen.
There are a bunch of ways to go about encrypting your email. The most universal and straightforward way to do so is by using open source tools like Thunderbird and GnuPG. Both are freely available across multiple platforms and have a proven track record. They’re also fairly easy to use.
Head over to Mozilla’s download page and grab the latest version of Thunderbird. Launch the .exe and run through the installation process. It’s all very straightforward, and you can probably just spam “Ok” through it.
Thunderbird is available in the default repositories on just about every Linux distribution. Install it with your pacakge manager.
$ sudo apt install thunderbird
# dnf -y install thunderbird
# pacman -S thunderbird
The next piece of the equation is GnuPG. It handles the encryption and decryption of the email content.
GnuPG for Windows is still developed by the Free Software Foundation, and provided free of charge. It’s bundled with a convenient graphical front end too. Head over to the project’s download page, and grab the installer.
Once again, the installer is very simple. Walk through, and install GnuPG.
Being an FSF project, GnuPG is available in every distribution’s repositories. Install it with your package manager.
$ sudo apt install gnupg2
# dnf -y install gnupg2
# pacman -S gnupg
The final piece that you need is a Thunderbird plugin called Enigmail. It makes handling encrypted email through Thunderbird much simpler. It’s available in the Thunderbird add-on repository.
Open Thunderbird. Click on the Thunderbird menu. It looks like three stacked lines in the top right corner of the screen. When you do, the menu will open up. Click on “Add-ons.” It should have a green puzzle piece icon next to it.
Thunderbird will open up the Add-ons tab. You can either search for Enigmail on the tab, or it may be one of the highlighted add-ons. Either way, find it. When you arrive on its page, click the button to add it to Thunderbird.
Restart Thunderbird when you’re done.
Create A Key
You can finally set up your keys. Enigmail makes everything as simple as possible. There’s no need to use any external tools. Enigmail uses a series of graphical menus to walk you through everything.
Depending on your screen size, you’ll either find Enigmail on the top menu of Thunderbird or under the main menu that you clicked on before.
Select the “Setup Wizard” option. A new window will pop open. On it, you’ll find a few different options for how to run the Enigmail configuration process. The first option, “I prefer the standard configuration,” is the best choice.
The window will change over to allow you to create your key. Select your email address. If you never added one to Thunderbird, now would be the time to go back and get that done. Then, create a password for yourself. Make sure that it’s both secure and memorable. There is no way to recover it if it’s lost.
It’ll take a bit of time to generate the key. When it’s done, Enigmail will ask you to generate a revocation certificate. You can use that if you ever need to invalidate your certificate and make a new one. Save it some place where you know that you’ll have a backup. When you’re done, click the final “Next” button to complete the setup.
Before you can actually use encrypted email, you need to exchange public keys with the person that you’re sending the email to. This is the only way that you can actually decrypt each other’s messages.
There are a couple of ways to handle this. The first, and most obvious, is to use the included Enigmail feature to attach your key and send a message to the person that you want to correspond with. Ask them for their key in return.
When you receive the other person’s public key, right click on the attachment and select “Import OpenPGP Key.” Thunderbird will ask you if you are sure that you want to import the key. Confirm it, and you’ll be able to exchange encrypted correspondence with that person.
Then, when you both have each other’s keys, you can click the button on the top of the message composition window to encrypt your messages to them.
There is another way to share keys, though. You can upload your public key to a keyserver. Anyone who wants to send you encrypted email can then pull your key from the server and send you an email. You can access public keyservers from Enigmail at any time.
Sending An Email
Click on “Write” on the top menubar in Thunderbird. Compose your message like you normally would. When you’re ready to send your message, click on the lock icon to encrypt your message. Click the pen icon too to sign it. That’s all you need to do. Your message will be encrypted and sent. The recipient will need your public key to open the message.
When an encrypted message arrives, you’ll be notified just like you would with a normal message. When you go to open it up, Thunderbird will prompt you to enter the password for your encryption key. Enter it, and the message will display like normal.
You are now ready to send and receive encrypted email. There isn’t all that much to the process, once you get it set up. It’s also important to note that you won’t need to do it again.
The biggest challenge to using encrypted email is getting your friends to do it. Not all that many people actually use encrypted email. The process seems to scare away quite a few.
It’s also important to note that the person that you’re corresponding with doesn’t need to be using Thunderbird. If they’re using a different email client or even a service like ProtonMail, you can still exchange encrypted email with them.