How to encrypt email with PGP & Enigmail

Table of Contents

Thunderbird or Mailvelope or standalone?

Your first choice is between using encryption with Thunderbird as a standalone email client, or installing Mailvelope as a plugin for Firefox or Chrome to use with webmail such as Gmail or Yahoo mail. If you're only accustomed to using webmail, then configuring and learning Thunderbird may be extra up-front work, and you may prefer to just install the Mailvelope plugin. But once you get it all set up, encryption is more transparent and easier to use in Thunderbird.


This guide does not yet cover Mailvelope installation. You can watch a short video tutorial or visit the Mailvelope website for more information.


Another option is a standalone utility called GPG4USB. Though it requires copy and pasting to encrypt and decrypt messages, it's easier to set up and can be used on any computer via a portable USB drive. Go straight to the project page, or read a tutorial.


Thunderbird Prerequisites

Before configuring encryption, you must install:

  1. Thunderbird: If you already have it installed, make sure it's the latest version by going to Help->About Thunderbird. Configure Thunderbird with one or more of your mail accounts - it should provide an easy wizard. If you have any trouble, visit Mozilla's guide to manual configuration.
  2. GPG (GNU Privacy Guard)
    • Windows: download and install the latest version. Any of the variants will work; "Vanilla" is the smallest. The default settings should be fine.
    • Mac OSX: download and install the latest version. The default settings should be fine.
    • Linux: install gnupg2 from your package manager.
  3. Enigmail: In Thunderbird, go to Tools->Add-ons. In the "Search all add-ons" box at upper right, search for Enigmail. If you don't see it, make sure the "Search" filter is set to "Available Add-ons", not "My Add-Ons". Install Enigmail. After restarting Thunderbird, you'll be prompted to configure Enigmail. See the next section.

Configure Enigmail for Thunderbird

Our following quick guide should get you up and running. For more details, you can read the Enigmail Handbook.

  1. After first installing the Enigmail Add-on and restarting Thunderbird, you'll get an option to configure Enigmail by clicking "Start setup now." Or, at any time after installing the Enigmail plugin, you can start Thunderbird and go to Enigmail->Setup Wizard.
  2. Pick "I prefer a standard configuration".
  3. Select the email account you want as your primary user - you can add others later.
  4. Generate a new key using the default options - be sure to use a strong passphrase, and be sure to remember it. Your key will be useless if you forget your passphrase.
  5. The key generation may take 10 minutes, or possibly even longer.
  6. When done generating the new key, it will offer you the option of creating your revocation certificate, which will allow you to mark your key as withdrawn in case you lose it or it is compromised in the future. Fill in the passphrase you just created, then save the file in a place you can access it even if you lose your computer, such as a USB drive stored somewhere else. Make sure no potential adversaries can access the file.
  7. Click "OK", "Next" and "Finish"
  8. To share your public key so that other people can easily download it and send encrypted messages to you:
    • In Thunderbird, go to Enigmail->Key Management.
    • Right-click on your key and pick "Upload public keys to keyserver"
  9. Important: to back up your private and public keys, to be able to read your encrypted email even if you lose your computer or hard drive data:
    • In Thunderbird, go to Enigmail->Key Management.
    • Right-click on your key and pick "Export Keys to File."
    • Pick "Export Secret Keys"
    • Save the file in a place you can access it even if you lose your computer, such as a USB drive stored somewhere else. Make sure no potential adversaries can access the file.

Now you can let people know you have encryption set up. They can download your key from the keyserver, or when you compose an email you can click "Attach My Public Key":

Reading Encrypted Emails

If someone sends you an email encrypted with your public key, when you open it in Thunderbird you will be prompted for your private key password. Once you enter it, you can read the email as usual.

You can tell Thunderbird to remember your password so you don't have to enter it every time:

  • In Thunderbird, go to Enigmail->Preferences
  • Set "Remember passphrase for ### minutes of idle time". For example, setting 120 will mean you're prompted if you read or send an encrypted email after 2 hours of not using encryption. (If you restart Thunderbird or your computer, you will have to enter the passphrase again.)

Encrypting Email

To send encrypted messages to someone else who has set up encryption, you must first import his or her public key. Once you have imported the key, you can compose a new email to the recipient, and it should be automatically encrypted.

Importing Keys

You only need to import each contact's key once. You can import in different ways, depending on how the contact has shared the key:

1. From a public keyserver

If the person has uploaded his or her key to a public keyserver:

  • In Thunderbird, go to Enigmail->Key Management
  • Go to Keyserver->Search For Keys
  • Enter the name or email address of someone you know who has encryption set up. and click OK.
    • If the system returns multiple keys for the same email address, it may be because the person lost the private key or forgot the passphrase, so had to generate a new keypair. But you should be especially careful to verify with the person that you download the correct key in case one or more of the keys is a fake.
  • Highlight the key you want, then click OK to import it.

2. From an email attachment

If the person sent you a key as an email attachment:

  • Save the received key to a temporary location
  • In Thunderbird, go to Enigmail->Key Management
  • Go to File->Import Key From File
  • Browse to the key and select it for importing

Verifying a Key

It is important to make sure you have the correct public key for people. An adversary could attempt to send you fake keys, to to trick you into sending emails the adversary can intercept and read. So, after you import someone's public key, you should verify it:

  • Have a conversation with the person ― ideally by phone or in person. If you're confident in setting it up, you could also use a secure online channel (an email exchange would not yet be secure, since you haven't verified the key!)
  • Both of you: in Thunderbird, go to Enigmail->Key Management
  • Both of you: double-click the person's key.
  • Read the Fingerprint value and make sure it's the same for both of you.
  • Once you're satisfied, you can sign the key to vouch that the key matches the owner:
    • In the window where you verified the Fingerprint, click "Select Action"
    • Choose "Sign Key"
      • Check "I have done very careful checking" if you know for sure the person is who he or she claims - for example, you have known the person well for years, or have checked a government ID.
      • Check "I have done casual checking" if you aren't sure of the person's identity
      • Click "OK"
  • Send the signed key to the owner:
    • Compose a new email to the owner
    • Go to Enigmail->Attach Public Key
    • Choose the person's key
    • Click "send"
    • Send the email
  • If the owner wants to make the signing information public, to build the web of trust, he or she should:
    • Save the received key to a temporary location
    • In Thunderbird, go to Enigmail->Key Management
    • Go to File->Import Key From File
    • Browse to the key and select it for importing
    • Once the key is imported locally, highlight his or her key and go to Keyserver->Upload public keys.

Setting Trust Levels

Optionally, you can set the degree to which you trust the other person to carefully verify Fingerprints and identities. This information is only stored locally; no one else will see what level of trust you have set. This is used by Enigmail to judge how much it should trust keys from strangers: if several people you trust have vouced for the strangers' keys, Enigmail will trust them.

  • In Thunderbird, go to Enigmail->Key Management
  • Double-click the person's key.
  • Click "Select action"
  • Pick "Set owner trust"
  • Set the trust level and click "OK"

Adding Identities

If you want to associate more than one email account with your keypair:

  • In Thunderbird, go to Enigmail->Key Management
  • Right-click your key and pick "Manage User IDs"
  • For each email address you want to add, click Add
    • fill in the identity name (your name, or perhaps an organization associated with the account)
    • fill in the email address
    • Click "OK"
  • Upload your public key to the keyserver
FaLang translation system by Faboba
Email icon
Erhalte aktuelle Neuigkeiten mit Email-Benachrichtigungen von unserem internationalen Newsletter, Blog, Nachrichtendienst, sowie unseren Ortsverbänden.


"Jede Art der Ressourcenförderung ist ein Akt der Beherrschung und Kontrolle und sagt außerdem aus, dass die Lebensweise, die wir für uns entwickelt haben - die schillernde, schnelle, plastisch-künstliche Lebensweise - wichtiger ist als das Leben selbst."
-Sam Leah

"Das dringlichste Problem der Welt ist der eiserne Stiefel der Zivilisation, der menschliche ebenso wie nicht-menschliche Gemeinschaften niederdrückt."
-Max Wilbert

"Wir brauchen Menschen von allen möglichen Hintergründen, die alle möglichen verschiedenen Dinge tun, um diese Bewegung zu unterstützen und die Denkweise und die Aktionen des Widerstandes fortbestehen zu lassen."
-Sam Leah

"Unsere Loyalität gehört der lebendigen Welt, den lebendigen Menschen und dem lebendigen Wald und wir sind bereit, zu kämpfen um sie zu beschützen.
"-Max Wilbert

"Wenn du verängstigt oder erstarrt bist, bist du nicht lebendig. Geselle dich zu den Lebendigen, geselle dich zum Widerstand."
-Jennifer Murnan

"DGR versteht, dass Widerstand keine Monokultur ist und dass jede Person und jede Art von Aktion notwendig ist."
-Sam Leah

"Ich liebe das Land, auf dem ich lebe, wo dichte Nebel zwischen Bäumen und Felsen driften und wo Regen von Moos tropft und Berghänge hinabfließt."
-Max Wilbert

"Ich glaube nicht, dass es Gewalt ist, das zu verteidigen was man liebt."
-Saba Malik

"Ich liebe es, die Vielzahl von Weisen zu erkennen, auf die die Wildnis ständig arbeitet und sich bemüht, egal, wie zivilisiert ein Ort auch sein mag. Ich liebe es, mir vorzustellen, dass die Zivilisation fällt, wenn diese wilde Kraft sich durch sie durchfrisst."
-Dillon Thomson

"DGR ist unsere letzte, beste Chance."
-Dillon Thomson

Triff die MitarbeiterInnen von DGR

Sun, Aug 09 2020
Stephen Jenkinson On Death, Community, and Elders
In this episode of Resistance Radio Derrick Jensen interviews Stephen Jenkinson. They discuss grief, trauma, history, death, community, living well and everything in between.   Stephen Jenkinson is a culture activist, teacher, author and ceremonialist. He [...]

Continue Reading

Sat, Aug 08 2020
World On Track For “Worst Case” IPCC Climate Change Scenario
In this article, originally posted by the Woods Hole Research Centre on August 3rd 2020 the “Worst case” for CO2 emissions scenario is actually the best match for assessing the climate risk, impact by 2050.  The RCP 8.5 CO2 emissions pathway, long [...]

Continue Reading

Fri, Aug 07 2020
Migratory Fish Populations Have Dropped 76% Since 1970
A new report on migratory freshwater fish was released last month. The opening comment in the press release states that “With hydropower, overfishing, climate change and pollution on the rise, monitored populations of migratory freshwater fish species [...]

Continue Reading

Thu, Aug 06 2020
Entitlement and the Freedom to Destroy the Planet
By Aimee Wild I find articles describing freedom of speech irritating, because they come from a place of privilege that most people do not have. Freedom of speech means owning or possessing the power or right to act, speak, or think as one wants. Having the [...]

Continue Reading

Wed, Aug 05 2020
The Descent Into Fascism with Dahr Jamail
In this episode of The Green Flame we speak with Dahr Jamail. In late 2003, weary of the overall failure of the US media to accurately report on the realities of the war in Iraq for the Iraqi people, Dahr  went to the Middle East to report on the war [...]

Continue Reading

Tue, Aug 04 2020
Train to Win
The following is an excerpt from US Army Field Manual 7-0, Train to Win in a Complex World. The US military is an aggressive colonial force that commits war crimes regularly, is the largest polluter on the planet, and is an occupying force both on U.S. [...]

Continue Reading

Mon, Aug 03 2020
“We’re Going to Be At This A While” — Hunger Strike Against Old-Growth Logging
This episode of The Green Flame features an interview with James Darling who is currently on the 8th day of a hunger strike against logging of old-growth forests in British Columbia, Canada (occupied First Nations territory). You can contact James at: (250) [...]

Continue Reading

Sun, Aug 02 2020
Julia Beck on Lesbian Feminism and Gender
This interview with radical lesbian feminist, activist, and writer Julia Beck includes her insights on being politically homeless, girl gangs, the resilience of women (particularly women who have de transitioned), and our need for mutual respect and [...]

Continue Reading

Sat, Aug 01 2020
Birth Without Violence
This excerpt is taken from the 1974 book Birth Without Violence by Frederick Leboyer. Leboyer was a French obstetrician opposed to the violence and harm the medical model enacted on women and babies at birth. In Birth Without Violence, Leboyer describes the [...]

Continue Reading

Fri, Jul 31 2020
Deadliest Year For Environmental Activists
This piece consists of excerpts from two articles. In the first one, Ashoka Mukpo discusses the report by Global Witness on the killings of environmental defenders in 2019. In the second article, Leilani Chavez describes the threats posed on environmental [...]

Continue Reading

See All Stories