Encrypting and signing Emails is crucial since they are sent as plain text messages. Anybody sniffing the connection traffic on routes used to deliver the message could have a look at your private e-mail or manipulate contents without having to open any envelope. Therefore this tutorial is about encrypting your e-mails using PGP (= Pretty Good Privacy). This cipher is 100% proof against cracking attempts if the private/public keys are chosen/generated well. This tutorial can be used with any popular email account like Yahoo! Mail, G-Mail, GMX, Web.de,etc. You will not have any costs for encrypting your e-mails pretty good ;) . This way you are also able to create unique signatures for e-mails, files, etc. This way users can ensure the authenticity of a received e-mail.
(As follows I am using Screenshots of the German tutorial - this will be updated - you are welcome to submit appropriate screenshots by email)
time exposure : 20 - 40 minutes
Software used : - GnuPG
- Enigmail is gonna be installed by the addon manager of Mozilla Thunderbird
1. Install GnuPG for Windows:
We start with downloading the latest exe file and executing it. Following picture are showing the installation process step by step:
Choose your language and press OK
Following Pictures are showing the installation process step by step (The pictures are taken from the German tutorial - feel free to submit screenshots if you got appropriate ones by email)
After downloading the setup file we execute it. Following dialog or something similar will show up :
2.1.1 Setting up a Thunderbird Email Account:
First we click at E-Mail to create a new account.
Following dialog also opens up when we fire up Firebird the first time -
Since we do not want to use a new email address we have to pay for but our already existing free account at yahoo! mail,gmail,gmx,web.de,etc. we klick at
(Means : Skip and use my already existing Email-Address)
Now we have to enter name, email-address, password for your email hoster and click next.
Thunderbird will now determine the correct settings for us.
Short details about IMAP and POP:
The Internet Message Access Protocol (IMAP) : Messages are downloaded for each direct request for opening an e-mail. Your message list gets synced by downloading the headers of the messages. Your Advantage : Data and Folders(Inbox,Trash,Sent,etc.) remain on your Server and you can access them from all over the world as last time you have seen them. With Thunderbird you got the option to completely synchronize folders and subfolders to work offline with your messages.
The Post Office Protocol (POP) : All Folders and Data remains on the local computer you downloaded the messages to. You can also configure Thunderbird to let a copy remained at your server but usually it gets deleted at the server if you synchronize your messages.The disadvantage: You cannot access any message from any computer. So it is hard to continue working with your emails if you have to access your mails for instance from a public terminal.
2.2 Install The Enigmail Addon:
Click at extended options(upper corner to the right) => Add-Ons. Now type in enigmail at the searchbox and execute the search.By clicking install we are installing Enigmail.
2.3 Configure Thunderbird:
If you already generated the key by command line you can skip the following step.
2.3.1. Generate a PGP Key with Thunderbird.
First click at extended options(upper corner to the right) and then choose the sub menu Key Management. Now click the option the right Generate/Create and choose new keypair.
Now we need to enter and acknowledge the password which we are asked for when we want to sign/encrypt/decrypt messages. validity period is by default 1 year.
By default the key strenght is set to 2048Bit. I recommend to ensure its set to 4096 Bit.
Clicking at "generate/create keypair" will start the key generation.
After creating the keypair we should create a revoke certificate to be able to revoke the key anytime it got lost or otherwise compromised. You have to save this at a save place (extended hd/flashcard/etc.).
To secure the accessability to your keychains you need to enter your passphrase from time to time.
2.3.2 checking the existing keypair: extended options => OpenPGP => Key Management
If you can lookup your email-adress nothing has gone wrong.
Now open up your account settings : extended options => account settings. There you choose your email account and click "Extended..."on the lower corner to the right.
This will open up the following dialog:
Check the box at "attach public key to messages", to ensure your new generated public key is sent with your messages so your recipients are able to sent encrypted messages to your address. Your contact needs to import this public key to be able to send encrypted messages to your email-address.
At the submenu of your email-account:
with clicking at OpenPGP - Security we can configure PGP.
By activating automatically signing of messages for encrypted and normal messages any message will be signed so your friends can authenticate your messages as original.
BTW we can check again if we have chosen the correct key.
2.3.3. Sending Emails with Thunderbird
If we followed all steps we can test if the encryption is working: Just open up a new message dialog, enter your own email-address as recipient, enter some topic, choose encryption and signing, type in some message and click send. You now need to type in your keypair passphrase to sign and encrypt the message.
The email you have just received you can now decrypt with giving your passphrase.
Commonly your email scenarios will look like this:
A wants to send B an encrypted message : so A needs to import first B's public key.
B wants to send A an encrypted message : so B needs to import first A's public key.
As you see you need to exchange your public keys first to have a save talk by PGP encrypted e-mails.
Since we configured to automatically attach the public key to any message sent, we just need to send an email to your contacts.
All they need to do is importing your public key by using the "Key Management" Menu.
[--will be updated--]
Never share your private key !!!
Have Fun with your pretty good privacy! ;)Posted at 2014-04-27 22:43:43 ( updated at 2018-09-17 22:27:06 - $3b4sh )