Encrypting mail in Thunderbird
Key Issue

© pip, photocase.com
Combining the Enigmail add-on and the GnuPG encryption software gives Thunderbird users a powerful tool for encrypting and signing email.
Email communication has become an indispensable part of our daily lives. In addition to private correspondence, it is standard to send business messages by electronic mail. Of course, this means sending all kinds of confidential information across the wire, but you will be hard pressed to find anybody who really worries about the security of this medium, even though messages typically are transmitted in the clear to the recipient. This said, encryption is not exactly rocket science; in fact, thanks to modern software, it is quite simple and convenient.
The Add-On
Enigmail is an add-on for the Thunderbird email client and takes most of the responsibility off the user's shoulders. To do so, the add-on relies on the widespread GnuPG encryption software, which enjoys an reputation for security and supports the OpenPGP standard.
In this article, I will show you how to set up Enigmail and GnuPG and how to use the combination of these two programs to encrypt and sign email under the Ubuntu 7.10 distribution. However, the approach is almost identical for most Linux distributions.
Installing the Components
Three components are required for the encrypting functionality: the Thunderbird email client [1], the GnuPG cryptography program [2], and the Enigmail Thunderbird add-on [3].
Any major distribution should give you the option of setting up all three easily via the package-management system. Alternatively, you can download the programs separately and install them manually. On Ubuntu, you would need to run the commands in Listing 1 to install the software.
Listing 1
Ubuntu Install
Creating a Key Pair
The next step is to create a key pair comprising a public key and a private key. The public key is used by other people to check your identity and to encrypt messages they want to send to you. With the private key, you can sign messages and encrypt messages sent to you. As the name suggests, the public key is intended for public use and you can pass it on to anybody. In contrast, it is important to keep your private key out of the hands of third parties.
Creating a key pair is quite easy. To create a DSA+Elgamal key, give the gpg --gen-key command in a terminal and press Enter to confirm. After the prompt, press Enter again to accept the default key length of 2,048 bits.
Also, you need to specify when you want the keys to expire. After the expiration, your key will be tagged irreversibly as invalid and you will need to replace it with a new one.
Normally it doesn't make much sense for users to design keys to expire because you can revoke the keys at any time. Pressing Enter and then typing Y to keep the key from expiring confirms your selection.
Then GnuPG will prompt you to enter your first name and family name in the way you want it to appear in the key and then enter the email address to be used for encryption. Later, you can add more email addresses and names.
Leave the comment field, which is often used to add a qualifier such as "office" or "private," blank. When you are done, press F to finish.
The next step is to think of a passphrase, which you will need later to sign and encrypt email. Try to find something secure and avoid using unsafe passwords like your date of birth or phone number because anyone who guesses your password can encrypt email with your credentials.
GnuPG collects some data for the random number generator and might ask you to move the mouse until it has enough data. After a short wait, GnuPG finishes creating the key and displays the details. In Listing 2, you can see a key created on December 5, 2007, for a user called Tux Testaccount, email address tux.testaccount@tux.local, with 2,048-bit encryption. Also, notice two critical identification features of the new key, which you will need later – your fingerprint (AF84 9339 …) and the key ID (90690901 for 2,048 bits and 6FF89B27 for 1,024 bits).
Listing 2
Key Details
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
News
-
Armbian 23.05 is Now Available
Based on Debian 12, the latest version of the ARM/RISC-V distribution is now available to download and install.
-
Linux Mint Finally Receiving Support for Gestures
If you use the Linux Mint Cinnamon desktop, you'll be thrilled to know that 21.2 is getting support for gestures on touchscreen devices and touchpads.
-
An All-Snap Version of Ubuntu is In The Works
Along with the standard deb version of the open-source operating system, Canonical will release an-all snap version.
-
Mageia 9 Beta 2 Ready for Testing
The latest beta of the popular Mageia distribution now includes the latest kernel and plenty of updated applications.
-
KDE Plasma 6 Looks to Bring Basic HDR Support
The KWin piece of KDE Plasma now has HDR support and color management geared for the 6.0 release.
-
Bodhi Linux 7.0 Beta Ready for Testing
The latest iteration of the Bohdi Linux distribution is now available for those who want to experience what's in store and for testing purposes.
-
Changes Coming to Ubuntu PPA Usage
The way you manage Personal Package Archives will be changing with the release of Ubuntu 23.10.
-
AlmaLinux 9.2 Now Available for Download
AlmaLinux has been released and provides a free alternative to upstream Red Hat Enterprise Linux.
-
An Immutable Version of Fedora Is Under Consideration
For anyone who's a fan of using immutable versions of Linux, the Fedora team is currently considering adding a new spin called Fedora Onyx.
-
New Release of Br OS Includes ChatGPT Integration
Br OS 23.04 is now available and is geared specifically toward web content creation.