Encrypting mail in Thunderbird

Key Issue

© pip, photocase.com

© pip, photocase.com

Author(s):

Combining the Enigmail add-on and the GnuPG encryption software gives Thunderbird users a powerful tool for encrypting and signing email.

Email communication has become an indispensable part of our daily lives. In addition to private correspondence, it is standard to send business messages by electronic mail. Of course, this means sending all kinds of confidential information across the wire, but you will be hard pressed to find anybody who really worries about the security of this medium, even though messages typically are transmitted in the clear to the recipient. This said, encryption is not exactly rocket science; in fact, thanks to modern software, it is quite simple and convenient.

The Add-On

Enigmail is an add-on for the Thunderbird email client and takes most of the responsibility off the user's shoulders. To do so, the add-on relies on the widespread GnuPG encryption software, which enjoys an reputation for security and supports the OpenPGP standard.

In this article, I will show you how to set up Enigmail and GnuPG and how to use the combination of these two programs to encrypt and sign email under the Ubuntu 7.10 distribution. However, the approach is almost identical for most Linux distributions.

Installing the Components

Three components are required for the encrypting functionality: the Thunderbird email client [1], the GnuPG cryptography program [2], and the Enigmail Thunderbird add-on [3].

Any major distribution should give you the option of setting up all three easily via the package-management system. Alternatively, you can download the programs separately and install them manually. On Ubuntu, you would need to run the commands in Listing 1 to install the software.

Listing 1

Ubuntu Install

01 $ sudo su
02 # apt-get install thunderbird
03 # apt-get install gnupg
04 # apt-get install enigmail

Creating a Key Pair

The next step is to create a key pair comprising a public key and a private key. The public key is used by other people to check your identity and to encrypt messages they want to send to you. With the private key, you can sign messages and encrypt messages sent to you. As the name suggests, the public key is intended for public use and you can pass it on to anybody. In contrast, it is important to keep your private key out of the hands of third parties.

Creating a key pair is quite easy. To create a DSA+Elgamal key, give the gpg --gen-key command in a terminal and press Enter to confirm. After the prompt, press Enter again to accept the default key length of 2,048 bits.

Also, you need to specify when you want the keys to expire. After the expiration, your key will be tagged irreversibly as invalid and you will need to replace it with a new one.

Normally it doesn't make much sense for users to design keys to expire because you can revoke the keys at any time. Pressing Enter and then typing Y to keep the key from expiring confirms your selection.

Then GnuPG will prompt you to enter your first name and family name in the way you want it to appear in the key and then enter the email address to be used for encryption. Later, you can add more email addresses and names.

Leave the comment field, which is often used to add a qualifier such as "office" or "private," blank. When you are done, press F to finish.

The next step is to think of a passphrase, which you will need later to sign and encrypt email. Try to find something secure and avoid using unsafe passwords like your date of birth or phone number because anyone who guesses your password can encrypt email with your credentials.

GnuPG collects some data for the random number generator and might ask you to move the mouse until it has enough data. After a short wait, GnuPG finishes creating the key and displays the details. In Listing 2, you can see a key created on December 5, 2007, for a user called Tux Testaccount, email address tux.testaccount@tux.local, with 2,048-bit encryption. Also, notice two critical identification features of the new key, which you will need later – your fingerprint (AF84 9339 …) and the key ID (90690901 for 2,048 bits and 6FF89B27 for 1,024 bits).

Listing 2

Key Details

01 gpg: Checking "Trust-DB"
02 gpg: 3 marginal-needed, 1 complete-needed, PGP trust model
03 gpg: Depth: 0 valid:   1 signed:   0 trust: 0-, 0q, 0n, 0m, 0f, 1u
04 pub   1024D/6FF89B27 2007-12-05
05       key fingerprint = AF84 9339 AC60 8A35 4206  093C F4DC E5A7 6FF8 9B27
06 uid                  Tux Testaccount <tux.testaccount@tux.local>
07 sub   2048g/90690901 2007-12-05

Read full article as PDF:

081-083_enigmail.pdf  (489.50 kB)

Related content

  • Thunderbird Security

    Thunderbird offers several options for secure email, and the GnuPG-based Enigmail encryption add-on provides an additional layer of protection.

  • Encrypting Email

    The leading email applications include new features for helping users secure and authenticate their mail messages, but each tool has a different approach to handling tasks such as signing and encryption. This article describes how to add encryption and digital signatures to the Thunderbird, Kmail, and Evolution mail clients.

  • Thunderbird Add-Ons

    Mozilla Thunderbird email client continues to gain ground thanks to its multitude of internal features, and add-ons help to extend its functionality.

  • Ask Klaus!

    SSL Encryption and Signature Compilation

  • Secure Email Intro

    Don’t look now, but your mailbox is full of junk, and a snooper is live on a distant server, reading your opinions of your boss. Remember when email used to be easy? To restore some sanity to your correspondence, you’ll need the right tools.

comments powered by Disqus

Direct Download

Read full article as PDF:

081-083_enigmail.pdf  (489.50 kB)

News

njobs Europe
What:
Where:
Country:
Njobs Netherlands Njobs Deutschland Njobs United Kingdom Njobs Italia Njobs France Njobs Espana Njobs Poland
Njobs Austria Njobs Denmark Njobs Belgium Njobs Czech Republic Njobs Mexico Njobs India Njobs Colombia