mysecurepc.com logo
We do the research

PGP Setup for Thunderbird

Most email messages you send travel vast distances over many networks, secure and insecure, monitored and unmonitored, passing through and making copies of themselves on servers all over the Internet. In short, pretty much anyone with access to any of those servers - or sniffing packets anywhere along the way - can read your email messages sent in plain text.

Now more than ever, you might want to encrypt your email to protect it from prying eyes. Not only do we have government snoops mining vast amounts of data on the net and an ever-increasing number of companies monitoring their employees' email, but phishing and other email scams increase by the day.

How to encrypt your email PGP (Pretty Good Privacy) software won't protect you against the focused attention of a major government, but it will stop efforts to harvest credit card numbers and information that can be used to commit identity theft. Email encryption is easy, free and offers strong protection against prying eyes.

How PGP email encryption works

Consider this scenario.

Sam wants to send Jane a secret email love letter that he doesn't want Joe, Jane's jealous downstairs neighbor who piggybacks her wifi, to see. Jane uses PGP, which means she has a public key (which is a bunch of letters and numbers) which she's published on her web site for anyone who wants to send her encrypted email messages to use. Jane's also got a private key which no one else - including Joe the Jealous Wifi Piggybacker - has.

So Sam looks up Jane's public key. He composes his ardent profession of love, encrypts it with that public key, and sends Jane his message. In sending, copies of that message are made on Sam's email server and Jane's email server - but that message looks like a bunch of garbled nonsense. Joe the Jealous Wifi Piggybacker shakes his fist in frustration when he sniffs Jane's email for any hint of a chance between them. He can't read Sam's missive.

However, when Jane receives the message in Thunderbird, her private key decrypts it. When it does, she can read all about Sam's true feelings in (pretty good) privacy.

You too can get PGP set up in a few simple steps.

Configure PGP in Thunderbird

The easiest tool to use is Mozilla's email program, Thunderbird with the Enigmail extension. (Be sure to click "Save Link As..." and download the extension to your computer; otherwise Firefox will try to install it.) You'll also need to download the free GPG4Win software for Windows. The vanilla version is fine.

Here's how to put it all together.

  1. Run the GPGP installer. It should put GNUPGP under your Program Files directory.
  2. Once you've downloaded Enigmail, in Thunderbird open Tools -> Options -> Extensions -> Install New Extension, and then choose the Enigmail extension file.
  3. When you've restarted Thunderbird with Enigmail installed, you will see an OpenPGP menu item. Open it and go to Preferences. There you'll find a dialog to point to your GnuPGP binary. Click Browse. On my machine, GPG was installed under Program Files\GNU\GnuPG\gpg.exe.
  4. Now you'll need to generate your public/private key pair. From the OpenPGP menu item, choose Key Management. From the Generate menu, choose New Key Pair. Choose the email address you want to create a key for, and set a passphrase. Make sure the key size is 4096 (under Advanced tab) and RSA is chosen.  Hit the "Generate Key" button, and relax - it can take a few minutes.
  5. When it's done, you have the chance to generate a "revocation certificate." This certificate can invalidate your public key just in case your private key is ever compromised. Go ahead and get your revocation certificate and save it.
  6. Upload your public key (not your private key!) to the public keyserver. Right-click on your email address and choose 'upload public keys to keyserver'. Now someone can find your public key and send you encrypted email.

Once that's done, you're all set to send encrypted mail.

Test out your encryption by sending an encrypted email to edward, a bot at the free software fountation.

  1. Compose an email to: edward-en@fsf.org  and from: would be your email address that has PGP

  2.  Click 'Attach my public key'

  3. Do NOT encrypt the email.

  4. Put at least one word in the Subject line and the email Body.

  5. Send the unencrypted email

In a few minutes you should get a response. I had to send mine twice because I have greylisting enabled.

Now we'll send an encrypted email to edward.

  1. Compose an email to: edward-en@fsf.org  and from: would be your email address that has PGP

  2. Click the Encryption lock or choose Enigmail > Encryption: ON

  3. Click Send

  4. A box will pop up saying Recipients not valid, not trusted, or not found. We need to get edward's public key. Click download missing keys

To find someone's PGP key, from the OpenPGP menu, choose Key Management. From the Keyserver menu, choose Search. Search for another PGP user by email address and add his or her key to your key manager. Once it's in there you will be able to encrypt mail to that person.

Then, compose your message as usual. Encrypt it by clicking the little key down on the lower right of your compose window. You can also cryptographically sign your message to prove it's you; that's the little pencil. Both of these buttons will turn green to show that they're active.

To anyone who uses your computer and doesn't authenticate in Thunderbird with the passphrase - or anyone looking through your email files on your ISP's server, the message will look like a bunch of numbers and letters.

Only your private key can decrypt the message and display its contents.