Encrypting mail in Thunderbird
Key Issue

© pip, photocase.com
Combining the Enigmail add-on and the GnuPG encryption software gives Thunderbird users a powerful tool for encrypting and signing email.
Email communication has become an indispensable part of our daily lives. In addition to private correspondence, it is standard to send business messages by electronic mail. Of course, this means sending all kinds of confidential information across the wire, but you will be hard pressed to find anybody who really worries about the security of this medium, even though messages typically are transmitted in the clear to the recipient. This said, encryption is not exactly rocket science; in fact, thanks to modern software, it is quite simple and convenient.
The Add-On
Enigmail is an add-on for the Thunderbird email client and takes most of the responsibility off the user's shoulders. To do so, the add-on relies on the widespread GnuPG encryption software, which enjoys an reputation for security and supports the OpenPGP standard.
In this article, I will show you how to set up Enigmail and GnuPG and how to use the combination of these two programs to encrypt and sign email under the Ubuntu 7.10 distribution. However, the approach is almost identical for most Linux distributions.
Installing the Components
Three components are required for the encrypting functionality: the Thunderbird email client [1], the GnuPG cryptography program [2], and the Enigmail Thunderbird add-on [3].
Any major distribution should give you the option of setting up all three easily via the package-management system. Alternatively, you can download the programs separately and install them manually. On Ubuntu, you would need to run the commands in Listing 1 to install the software.
Listing 1
Ubuntu Install
Creating a Key Pair
The next step is to create a key pair comprising a public key and a private key. The public key is used by other people to check your identity and to encrypt messages they want to send to you. With the private key, you can sign messages and encrypt messages sent to you. As the name suggests, the public key is intended for public use and you can pass it on to anybody. In contrast, it is important to keep your private key out of the hands of third parties.
Creating a key pair is quite easy. To create a DSA+Elgamal key, give the gpg --gen-key command in a terminal and press Enter to confirm. After the prompt, press Enter again to accept the default key length of 2,048 bits.
Also, you need to specify when you want the keys to expire. After the expiration, your key will be tagged irreversibly as invalid and you will need to replace it with a new one.
Normally it doesn't make much sense for users to design keys to expire because you can revoke the keys at any time. Pressing Enter and then typing Y to keep the key from expiring confirms your selection.
Then GnuPG will prompt you to enter your first name and family name in the way you want it to appear in the key and then enter the email address to be used for encryption. Later, you can add more email addresses and names.
Leave the comment field, which is often used to add a qualifier such as "office" or "private," blank. When you are done, press F to finish.
The next step is to think of a passphrase, which you will need later to sign and encrypt email. Try to find something secure and avoid using unsafe passwords like your date of birth or phone number because anyone who guesses your password can encrypt email with your credentials.
GnuPG collects some data for the random number generator and might ask you to move the mouse until it has enough data. After a short wait, GnuPG finishes creating the key and displays the details. In Listing 2, you can see a key created on December 5, 2007, for a user called Tux Testaccount, email address tux.testaccount@tux.local, with 2,048-bit encryption. Also, notice two critical identification features of the new key, which you will need later – your fingerprint (AF84 9339 …) and the key ID (90690901 for 2,048 bits and 6FF89B27 for 1,024 bits).
Listing 2
Key Details
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Find SysAdmin Jobs
News
-
KDE Plasma 5.27 Beta is Ready for Testing
The latest beta iteration of the KDE Plasma desktop is now available and includes some important additions and fixes.
-
Netrunner OS 23 Is Now Available
The latest version of this Linux distribution is now based on Debian Bullseye and is ready for installation and finally hits the KDE 5.20 branch of the desktop.
-
New Linux Distribution Built for Gamers
With a Gnome desktop that offers different layouts and a custom kernel, PikaOS is a great option for gamers of all types.
-
System76 Beefs Up Popular Pangolin Laptop
The darling of open-source-powered laptops and desktops will soon drop a new AMD Ryzen 7-powered version of their popular Pangolin laptop.
-
Nobara Project Is a Modified Version of Fedora with User-Friendly Fixes
If you're looking for a version of Fedora that includes third-party and proprietary packages, look no further than the Nobara Project.
-
Gnome 44 Now Has a Release Date
Gnome 44 will be officially released on March 22, 2023.
-
Nitrux 2.6 Available with Kernel 6.1 and a Major Change
The developers of Nitrux have officially released version 2.6 of their Linux distribution with plenty of new features to excite users.
-
Vanilla OS Initial Release Is Now Available
A stock GNOME experience with on-demand immutability finally sees its first production release.
-
Critical Linux Vulnerability Found to Impact SMB Servers
A Linux vulnerability with a CVSS score of 10 has been found to affect SMB servers and can lead to remote code execution.
-
Linux Mint 21.1 Now Available with Plenty of Look and Feel Changes
Vera has arrived and although it is still using kernel 5.15, there are plenty of improvements sure to please everyone.