How to encrypt email with PGP & Enigmail

Table of Contents

Thunderbird or Mailvelope?

Your first choice is between using encryption with Thunderbird as a standalone email client, or installing Mailvelope as a plugin for Firefox or Chrome to use with webmail such as Gmail or Yahoo mail. If you're only accustomed to using webmail, then configuring and learning Thunderbird may be extra up-front work, and you may prefer to just install the Mailvelope plugin. But once you get it all set up, encryption is more transparent and easier to use in Thunderbird.

Mailvelope

This guide does not yet cover Mailvelope installation. You can watch a short video tutorial or visit the Mailvelope website for more information.

Thunderbird

Thunderbird Prerequisites

Before configuring encryption, you must install:

  1. Thunderbird: If you already have it installed, make sure it's the latest version by going to Help->About Thunderbird. Configure Thunderbird with one or more of your mail accounts - it should provide an easy wizard. If you have any trouble, visit Mozilla's guide to manual configuration.
  2. GPG (GNU Privacy Guard)
    • Windows: download and install the latest version. Any of the variants will work; "Vanilla" is the smallest. The default settings should be fine.
    • Mac OSX: download and install the latest version. The default settings should be fine.
    • Linux: install gnupg2 from your package manager.
  3. Enigmail: In Thunderbird, go to Tools->Add-ons. In the "Search all add-ons" box at upper right, search for Enigmail. If you don't see it, make sure the "Search" filter is set to "Available Add-ons", not "My Add-Ons". Install Enigmail. After restarting Thunderbird, you'll be prompted to configure Enigmail. See the next section.

Configure Enigmail for Thunderbird

Our following quick guide should get you up and running. For more details, you can read the Enigmail Handbook.

  1. After first installing the Enigmail Add-on and restarting Thunderbird, you'll get an option to configure Enigmail by clicking "Start setup now." Or, at any time after installing the Enigmail plugin, you can start Thunderbird and go to Enigmail->Setup Wizard.
  2. Pick "I prefer a standard configuration".
  3. Select the email account you want as your primary user - you can add others later.
  4. Generate a new key using the default options - be sure to use a strong passphrase, and be sure to remember it. Your key will be useless if you forget your passphrase.
  5. The key generation may take 10 minutes, or possibly even longer.
  6. When done generating the new key, it will offer you the option of creating your revocation certificate, which will allow you to mark your key as withdrawn in case you lose it or it is compromised in the future. Fill in the passphrase you just created, then save the file in a place you can access it even if you lose your computer, such as a USB drive stored somewhere else. Make sure no potential adversaries can access the file.
  7. Click "OK", "Next" and "Finish"
  8. To share your public key so that other people can easily download it and send encrypted messages to you:
    • In Thunderbird, go to Enigmail->Key Management.
    • Right-click on your key and pick "Upload public keys to keyserver"
  9. Important: to back up your private and public keys, to be able to read your encrypted email even if you lose your computer or hard drive data:
    • In Thunderbird, go to Enigmail->Key Management.
    • Right-click on your key and pick "Export Keys to File."
    • Pick "Export Secret Keys"
    • Save the file in a place you can access it even if you lose your computer, such as a USB drive stored somewhere else. Make sure no potential adversaries can access the file.

Now you can let people know you have encryption set up. They can download your key from the keyserver, or when you compose an email you can click "Attach My Public Key":

Reading Encrypted Emails

If someone sends you an email encrypted with your public key, when you open it in Thunderbird you will be prompted for your private key password. Once you enter it, you can read the email as usual.

You can tell Thunderbird to remember your password so you don't have to enter it every time:

  • In Thunderbird, go to Enigmail->Preferences
  • Set "Remember passphrase for ### minutes of idle time". For example, setting 120 will mean you're prompted if you read or send an encrypted email after 2 hours of not using encryption. (If you restart Thunderbird or your computer, you will have to enter the passphrase again.)

Encrypting Email

To send encrypted messages to someone else who has set up encryption, you must first import his or her public key. Once you have imported the key, you can compose a new email to the recipient, and it should be automatically encrypted.

Importing Keys

You only need to import each contact's key once. You can import in different ways, depending on how the contact has shared the key:

1. From a public keyserver

If the person has uploaded his or her key to a public keyserver:

  • In Thunderbird, go to Enigmail->Key Management
  • Go to Keyserver->Search For Keys
  • Enter the name or email address of someone you know who has encryption set up. and click OK.
    • If the system returns multiple keys for the same email address, it may be because the person lost the private key or forgot the passphrase, so had to generate a new keypair. But you should be especially careful to verify with the person that you download the correct key in case one or more of the keys is a fake.
  • Highlight the key you want, then click OK to import it.

2. From an email attachment

If the person sent you a key as an email attachment:

  • Save the received key to a temporary location
  • In Thunderbird, go to Enigmail->Key Management
  • Go to File->Import Key From File
  • Browse to the key and select it for importing

Verifying a Key

It is important to make sure you have the correct public key for people. An adversary could attempt to send you fake keys, to to trick you into sending emails the adversary can intercept and read. So, after you import someone's public key, you should verify it:

  • Have a conversation with the person ― ideally by phone or in person. If you're confident in setting it up, you could also use a secure online channel (an email exchange would not yet be secure, since you haven't verified the key!)
  • Both of you: in Thunderbird, go to Enigmail->Key Management
  • Both of you: double-click the person's key.
  • Read the Fingerprint value and make sure it's the same for both of you.
  • Once you're satisfied, you can sign the key to vouch that the key matches the owner:
    • In the window where you verified the Fingerprint, click "Select Action"
    • Choose "Sign Key"
      • Check "I have done very careful checking" if you know for sure the person is who he or she claims - for example, you have known the person well for years, or have checked a government ID.
      • Check "I have done casual checking" if you aren't sure of the person's identity
      • Click "OK"
  • Send the signed key to the owner:
    • Compose a new email to the owner
    • Go to Enigmail->Attach Public Key
    • Choose the person's key
    • Click "send"
    • Send the email
  • If the owner wants to make the signing information public, to build the web of trust, he or she should:
    • Save the received key to a temporary location
    • In Thunderbird, go to Enigmail->Key Management
    • Go to File->Import Key From File
    • Browse to the key and select it for importing
    • Once the key is imported locally, highlight his or her key and go to Keyserver->Upload public keys.

Setting Trust Levels

Optionally, you can set the degree to which you trust the other person to carefully verify Fingerprints and identities. This information is only stored locally; no one else will see what level of trust you have set. This is used by Enigmail to judge how much it should trust keys from strangers: if several people you trust have vouced for the strangers' keys, Enigmail will trust them.

  • In Thunderbird, go to Enigmail->Key Management
  • Double-click the person's key.
  • Click "Select action"
  • Pick "Set owner trust"
  • Set the trust level and click "OK"

Adding Identities

If you want to associate more than one email account with your keypair:

  • In Thunderbird, go to Enigmail->Key Management
  • Right-click your key and pick "Manage User IDs"
  • For each email address you want to add, click Add
    • fill in the identity name (your name, or perhaps an organization associated with the account)
    • fill in the email address
    • Click "OK"
  • Upload your public key to the keyserver
FaLang translation system by Faboba
Email icon
Subscribe
Get our latest news with email alerts from our International Newsletter, Blog, News Service, and individual chapters.

Subscribe

"I don't think it is violence to defend that which you love."
-Saba Malik

“I love the land where I live, where thick mists drift between trees and rocks and rain drips from moss and flows down mountainsides.”
-Max Wilbert

“I love recognizing the ways in which wildness, no matter how thoroughly civilized a place may be, is constantly working and toiling. I love thinking about civilization falling away as that wild force eats through it.”
-Dillon Thomson

”Oppression is always tied to material exploitation. This is as true for the war on women as it is for the war on the living planet. We need to recognize that the degradation of females is fundamentally intertwined with the degradation of Earth, and we need organized, political resistance to both.”
-Rachel Ivey

”Our allegiance lies with the real world, with real human beings and real forests, and we will fight to protect them.”
-Max Wilbert

"DGR is our last, best hope."
-Dillon Thomson

“The most pressing problem facing the world is the iron heel of civilization on the neck of human and non-human communities.”
-Max Wilbert

“Every kind of resource extraction is an act of domination and control and is a statement that says the way of life we have created for ourselves—the shiny, fast moving, plastic way of life—is more important than life itself.“
-Sam Leah

“DGR understands that resistance is not a monoculture and that everyone and every kind of action is needed.“
-Sam Leah

”We need people from all walks of life doing all kinds of things to support this movement and perpetuate the mentality and actions of resistance.”
-Sam Leah

”Gender is the chain and patriarchy is the ball cuffed to the ankle of every female child born into this world, a world where every mainstream institution and structure of power is set up to preserve male dominance.”
-Rachel Ivey

”Some things are obvious – we need food, water, and air, and we need them without poison, thank you very much. The fundamental illogic and insanity of our current system, the need to dismantle it without delay – when food, water, and air are our priorities, these facts become obvious too.”
-Rachel Ivey

”If you are terrorized or mesmerized, you are not alive. Rejoin the living, join the resistance.”
-Jennifer Murnan

Meet DGR's Staff

Wed, Mar 29 2017
Headlines Should Read, “Marines to Kill Tortoises”
Featured image: Desert Tortoise (Gopherus agassizii), as observed by the author in the spring of 2016      by Kollibri terre Sonnenblume / Macska Moksha Press This spring, if all goes as planned, the Marines will kill hundreds of Desert Tortoises in [...]

Continue Reading

Mon, Mar 27 2017
Park City is Damned: A Case Study in Civilization
     by Will Falk / Deep Green Resistance A Note to my readers: It has not been easy to write this essay and I am scared to see my name displayed publicly next to what follows. I am sure these ideas will win me few friends in Park City and the broader ski [...]

Continue Reading

Sun, Mar 26 2017
Panama’s Barro Blanco Dam to Begin Operation
Featured image: Ngäbe-Bugle community members canoe on the Tabasará River. By Camilo Mejia Giraldo      by Camilo Mejia Giraldo / Mongabay For nearly a decade, Panama’s Barro Blanco dam has met with strong opposition from indigenous Ngäbe [...]

Continue Reading

Sat, Mar 25 2017
Prostitution Legislation Must Include Women in the Porn Industry
Featured image: From left to right: Cherie Jiminez, Per-Anders Sunesson, Gail Dines, Julie Bindel, Clara Berglund. By Gail Dines/Facebook)      by Susan Cox / Feminist Current I remember when I was first struck by the question: If prostitution is against [...]

Continue Reading

Thu, Mar 23 2017
Will the Poor Always Be With Us?
It’s a familiar story. On his final journey toward Jerusalem, Jesus stops in Bethany to eat at the home of Simon, a leper. A woman enters with an alabaster jar of expensive ointment; she breaks the jar and pours the ointment on his head. Her gesture [...]

Continue Reading

Wed, Mar 22 2017
Protective Use of Force: Nonviolence and the Environmental Movement, Part Three
This is the eighteenth installment in a multi-part series. Browse the Protective Use of Force index to read more.     by Adam Herriott / Deep Green Resistance UK In this run of five posts, I am assessing the environmental movement using twelve principles [...]

Continue Reading

Tue, Mar 21 2017
Yellowstone Buffaloes’ Last Stand
Featured image by David Mattson       by Louisa Willcox / Grizzly Times Last Tuesday, in the shadow of Yellowstone’s Electric Peak, I watched National Park Service employees herd, prod, shock, immobilize, poke, and corral bison that had only shortly [...]

Continue Reading

Fri, Mar 17 2017
2.7 Million Animals Killed by Federal Wildlife-destruction Program in 2016
     by Center for Biological Diversity WASHINGTON— The highly secretive arm of the U.S. Department of Agriculture known as Wildlife Services killed more than 2.7 million animals during 2016, according to new data from the agency. The [...]

Continue Reading

Wed, Mar 15 2017
Oil Company Pulls out of Uncontacted Tribes’ Land
Featured image: Salomon Dunu, a Matsés man who survived the trauma of first contact, speaks to a Survival campaigner about the threat of oil exploration to his people.  © Survival International      by Survival International A Canadian oil company has [...]

Continue Reading

Mon, Mar 13 2017
Protective Use of Force: Nonviolence and the Environmental Movement, Part Two
This is the seventeenth installment in a multi-part series. Browse the Protective Use of Force index to read more.     by Adam Herriott / Deep Green Resistance UK In the next four posts I will assess the environmental movement based on the twelve [...]

Continue Reading

See All Stories