PGPGUIDEThisguidehasbeencreatedtohelpyougetPGPsetuponyourlaptopordesktopcomputer.
Thunderbirdis,inmyopinion,theeasiestandthebestwaytohandlePGPencryptedemailsonbothAppleOS’sandWindowsOS’s.Withthatinmind,thisguidewillcenteronusingThunderbirdtohandleyourpersonal / workemails,andusingaThunderbirdextensioncalledEnigmailtohandleyourPGPencryption.
Pleasenotethat“PGP”(whichstandsforPrettyGoodPrivacy)and“GPG”(GNUPrivacyGuard) canbeused interchangeably.Theybothessentially refer to thesamethingwithinthescopeofthisguide.
ThisguidedoesnotcoverPGPonmobiledevices,andIwillnotbecreatingaguideformobiledevicesatthistime.AllowingyourPGPprivatekeyontoyourmobiledeviceisaverybadidea,especiallyifyoudonotuseaverystrongpassphrasetoprotectyourprivatekey.Peopleoftenstoretheirpasswordsontheirphoneortabletandthesedevicesareoftenlost,stolenorperhapsevenseizedbytheauthorities.
Ifapersonhasaccesstoyourprivatekeyandpasswordtheycandecryptallencryptedemailsthataresenttoyou.AnevenbiggerriskarisingfromthisistheabilityofsomebodywithaccesstoyourprivatekeyandpassphrasetoPGP-signamessagewithyourPGPPrivateKeyenablingthatpersontopretendveryconvincinglythattheyareyou.
Youcansetupyourpersonal / workemailaccountonyourphonelikeanyregularGmailaccountifyouwishinordertoreceivenotificationsofnewemails,ortowriteandrespondtounencryptedemails.However,youwillonlybeabletodecryptandencryptemailsonyourcomputerusingThunderbirdwithEnigmail.
WindowsUsers:
Step1:DownloadThunderbirdfromthefollowinglink:https://www.mozilla.org/en-US/thunderbird/
Step2:DoubleclicktheThunderbirdSetup45.7.0filethatyoudownloadedandinstallThunderbird.
Step3:LaunchThunderbird.Ifyouseea‘SystemIntegration’pop-upfeelfreetoclick‘Skipintegration’ifyoudonotunderstandanyoftheoptionsyoucanchoose.
Step4:Youwillseethe‘WelcometoThunderbird’screenaskingyouifyouwanttocreateanewemailaddress:
Click‘Skipthisandusemyexistingemail’.
Step5:Onthe‘MailAccountSetup’screen,enteryourname,your‘personal / work’emailaddressandyourpasswordintherequiredfields.IwouldrecommendallowingThunderbirdtostoreyourpassword;otherwiseyouwillneedtoenteriteverytimeyouopenThunderbird.Onceyouhaveenteredallrequiredfields,clickthe‘Continue’button.DependingonyourpreferenceyoucaneitherselectIMAPorPOP3.ThedifferencebetweentheseisthatIMAPdoesnotstoretheemailsfromyouraccountonyourcomputer,whereasPOP3doesstoretheemailsfromyouraccountonyourcomputer.IMAPisthedefaultselectionandshouldbesufficientformostpeople.Click‘Done’.
Step6:Clicking‘Done’willbringyoutoyourGoogleloginpage.Hereyouwillneedtoenteryouremailaccountlogincredentialsasnormal–youremailaddress,passwordandtwo-factorauthentication(ifalreadysetuponyouraccount).
Afterenteringyourlogincredentialsclicktheblue‘Allow’buttontoallowThunderbirdtoviewandmanageyourmail:
Thunderbirdwillnowbegintosynctheemailsfromyour‘personal / work’accountandtheywillappearwhenyouclickthe‘Inbox’folderontheleft.
Step7:Pressthe‘alt’keyonyourkeyboardtoshowthe‘File’,‘Edit’,‘View’,etc.menusatthetopofyourscreen.Click‘Tools’,then‘AccountSettings’.ThiswillbringuptheAccountSettingsmenu:
Click‘ServerSettings’inthemenuontheleft,andinthe‘ServerSettings’sectionchangethe‘Checkfornewmessagesevery’numberto‘3’minutes.ThiswillensurethatThunderbirdwillcheckforanddownloadanynewemailsevery3minutes.Donotchangeanyothersettingsinthissection.Click‘OK’.IfyougetawarningaboutJunkMailfolders,justclick‘OK’,andclick‘OK’againontheJunkMailscreenthatappears.YouarenowfinishedsettingupThunderbird!NextwewillsetupEnigmail:Step8:Pressthe‘alt’keyonyourkeyboardagaintoshowthe‘File’,‘Edit’,‘View’,etc.menusatthetopofyourscreen.Click‘Tools’,then‘Add-ons’.Thiswilltakeyoutothe‘Add-onsManager’screen.Step9:Type“Enigmail”intothesearchbarinthetoprightcornerandclickthemagnifyingglasstosearch:
Clickthe‘Install’buttononthefirstresultthatcomesup,titled‘Enigmail’:
Onceithasfinisheddownloadingclicktheblue‘Restartnow’link.ThiswillrestartThunderbirdandinstallEnigmail,openingthe‘EnigmailSetupWizard’automatically.Youwillmostlikelyseethefollowingalert:
Step10:Clickthe‘SetupWizard’button,ensure‘Startsetupnow’isselectedthenclick‘Next’.Ensure‘Ipreferastandardconfiguration(recommendedforbeginners)’isselectedandclick‘Next’.Clickthe‘InstallGnuPG’buttonanditwillbegindownloadingGnuPG.DependingonthespeedofyourInternetconnectionthiscantakeafewminutes.Onceitiscompleted,click‘Next’.(IfdownloadingGnuPGstallsorfails,clickthe‘Cancel’button.Thenpressthe‘alt’keyonyourkeyboard,click‘Enigmail’inthemenuatthetopofthescreenandclick‘Setupwizard’thenstartStep10again.)InstallGpg4win.Onthe‘ChooseComponents’screen,select‘GPA’and‘GpgEX’,thenclick‘Next’.Click‘Next’allthewayuntilyouseethe‘Install’button,thenclick‘Install’.Onceinstallationhascompleted,click‘Next’againand‘Finish’.ThiswilltakeyoubacktotheEnigmailSetupWizard:
Clickthe‘Next’button,andthiswilltakeyoutothe‘CreateKey’window:
Step11:
Hereyouwillneedtosetastrongpassphrase.Thispassphrasewillbeusedtoprotectyourprivatekey,anditishighlyrecommendedthatyoupickaphrasecontainingatleast8characters,digitsandpunctuationmarksatminimum–a16–24characterpassphrasewouldbepreferable.DONOTFORGETTHISPASSPHRASE.Withoutityouwillbeunabletodecryptemailsthatareencryptedtoyourpublickey.
Onceyouhaveenteredyourdesiredpassphrase(andwrittenitdownsomewheresafe)clickthe‘Next’button.Step12:Onceyourkeyhasbeencreatedyouwillneedtocreatearevocationcertificate.Clickthe‘CreateRevocationCertificate’buttonandyouwillbepromptedforyourpassphrase.Enteryourpassphraseandclick‘OK’.Savetherevocationcertificatefilesomewhereverysafe,andthenclickthe‘Next’button.Click‘Finish’.Step13:Pressthe‘alt’keyonyourkeyboardonemoretime.Inthe‘Enigmail’menuatthetopofthescreen,click‘KeyManagement’.Right-clickonyournameandclick‘UploadPublicKeystoKeyserver’.Thiswillensurethatotherpeopleareabletofindyourpublickeywitheaseinordertoencryptemailstoyou.Congratulations!You’renowsetupforsecurePGPencryptedcommunication!
MacUsers:
Step1:DownloadThunderbirdfromthefollowinglink:https://www.mozilla.org/en-US/thunderbird/
Step2:Mountthedownloaded.dmgfile(atthetimeofwritingthecurrentversionofThunderbirdis45.7.0,sothefileyouneedtomountiscalledThunderbird45.7.0.dmg)andinstallThunderbird.
Step3:LaunchThunderbird.Ifyouseea‘SystemIntegration’pop-upfeelfreetoclick‘Skipintegration’ifyoudonotunderstandanyoftheoptionsyoucanchoose.Alsoclick‘Skipintegration’ifyouuseAppleMailforyourregularemailsonyourMac.
Step4:Youwillseethe‘WelcometoThunderbird’screenaskingyouifyouwanttocreateanewemailaddress:
Step5:Onthe‘MailAccountSetup’screen,enteryourname,your‘personal / work’emailaddressandyourpasswordintherequiredfields.IwouldrecommendallowingThunderbirdtostoreyourpassword;otherwiseyouwillneedtoenteriteverytimeyouopenThunderbird.
Onceyouhaveenteredallrequiredfields,clickthe‘Continue’button.DependingonyourpreferenceyoucaneitherselectIMAPorPOP3.ThedifferencebetweentheseisthatIMAPdoesnotstoretheemailsfromyouraccountonyour
computer,whereasPOP3doesstoretheemailsfromyouraccountonyourcomputer.IMAPisthedefaultselectionandshouldbesufficientformostpeople.Click‘Done’.
Step6:Clicking‘Done’willbringyoutoyourGoogleloginpage.Hereyouwillneedtoenteryouremailaccountlogincredentialsasnormal–youremailaddress,passwordandtwo-factorauthentication(ifalreadysetuponyouraccount).
Afterenteringyourlogincredentialsclicktheblue‘Allow’buttontoallowThunderbirdtoviewandmanageyourmail:
Thunderbirdwillnowbegintosynctheemailsfromyour‘personal / work’accountandtheywillappearwhenyouclickthe‘Inbox’folderontheleft.
Step7:Click‘Tools’atthetopofyourscreen,then‘AccountSettings’.ThiswillbringuptheAccountSettingsmenu:
Click‘ServerSettings’inthemenuontheleft,andinthe‘ServerSettings’sectionchangethe‘Checkfornewmessagesevery’numberto‘3’minutes.ThiswillensurethatThunderbirdwillcheckforanddownloadanynewemailsevery3minutes.Donotchangeanyothersettingsinthissection.Click‘OK’.IfyougetawarningaboutJunkMailfolders,justclick‘OK’,andclick‘OK’againontheJunkMailscreenthatappears.YouarenowfinishedsettingupThunderbird!NextyouwillsetupGPGSuite,thenEnigmail.ToinstallGPGSuite,followthestepsbelow-youcanalsovisitthispagetoseepicturesofGPGSuitesetup:https://securityinabox.org/en/guide/thunderbird/mac/#install-gpg-suite-and-enigmailStep1:BrowsetotheGPGSuitedownloadpageathttps://gpgtools.org/gpgsuite.htmlStep2:Click[DownloadGPGSuite]todownloadtheinstallerdiskimage.Step3:MakesureDiskImageMounter(default)isselectednexttoOpenwithandclick[OK].Afteryourbrowserhasdownloadedthediskimage,FinderwillmountitsoyoucaninstallGPGSuite.Step4:Double-clicktheInstallicononthelefttobegintheprocessofinstallingGPGSuite.Step5:Click[Continue]tochoosealocationfortheinstallation.Step6:Click[Install]toinstalltoenteryourloginpassphrase.Step7:Typethepassphraseyouusetologintoyourcomputer.Step8:Click[InstallSoftware]toinstallGPGSuite.Whentheinstallerisdone,itwilllaunchtheGPGKeychainapplicationsothatyoucangenerateyourGnuPGpublicandprivatekeypair.
NowyoucanquitGPGKeychainbyfollowingthestepsbelow.Step9:Click[Cancel]toclosethekeygenerationscreenStep10:ToquitGPGKeychain,pressCommand-Q.Next,youshouldquittheinstalleranddismounttheinstallationdiskimagebyfollowingthestepsbelow:Step11:SwitchbacktotheInstallGPGSuiteinstallerapplicationStep12:Click[Close]toquittheinstallerStep13:SwitchbacktoFinderStep14:DismounttheGPGSuiteinstallerdiskimagebypressingCommand-EwhilethediskimagewindowisactiveStep15:Clickthe‘Tools’menuatthetopofyourscreen,then‘Add-ons’.Thiswilltakeyoutothe‘Add-onsManager’screen.Step16:Type“Enigmail”intothesearchbarinthetoprightcornerandclickthemagnifyingglasstosearch:
Clickthe‘Install’buttononthefirstresultthatcomesup,titled‘Enigmail’:
Onceithasfinisheddownloadingclicktheblue‘Restartnow’link.ThiswillrestartThunderbirdandinstallEnigmail,openingthe‘EnigmailSetupWizard’automatically.Step17:Ifitdoesappearautomaticallyclickthe‘SetupWizard’button,ensure‘Startsetupnow’isselectedthenclick‘Continue’.Ifitdoesnotappearautomaticallyclickthe‘Enigmail’filemenuatthetopofthescreenandclick‘SetupWizard’.Ensure‘Ipreferastandardconfiguration(recommendedforbeginners)’isselectedandclick‘Continue’.YoumayseeawarningaboutyourGnuPGversion,asshownbelow:
Ifyoudo,click‘OK’.Otherwise,simplycontinueontothe‘CreateKey’window:
Step18:Hereyouwillneedtosetastrongpassphrase.Thispassphrasewillbeusedtoprotectyourprivatekey,anditishighlyrecommendedthatyoupickaphrasecontainingatleast8characters,digitsandpunctuationmarksatminimum–a16–24characterpassphrasewouldbepreferable.DONOTFORGETTHISPASSPHRASE.Withoutityouwillbeunabletodecryptemailsthatareencryptedtoyourpublickey.Onceyouhaveenteredyourdesiredpassphrase(andwrittenitdownsomewheresafe)clickthe‘Continue’button.Step19:Onceyourkeyhasbeencreatedyouwillneedtocreatearevocationcertificate.Clickthe‘CreateRevocationCertificate’buttonandyouwillbepromptedforyourpassphrase.Enteryourpassphraseandclick‘OK’.Savetherevocationcertificatefilesomewhereverysafe,andthenclickthe‘Continue’button.Click‘Done/Finish’.Step20:Inthe‘Enigmail’menuatthetopofthescreen,click‘KeyManagement’.Right-clickonyournameandclick‘UploadPublicKeystoKeyserver’.Thiswillensurethatotherpeopleareabletofindyourpublickeywitheaseinordertoencryptemailstoyou.Congratulations!You’renowsetupforsecurePGPencryptedcommunication!
SendingaPGPencryptedemail:Tosendanencryptedemail,clickthe‘Write’buttonbeside‘GetMessages’.Thiswillopenupthecomposeemailscreen.Entertheemailaddressesofwhomeveryouwanttosendtheemailto.Intheupperleftcorneryouwillseeasmallpadlockiconandasmallpencilicon.Thepadlockiconshouldbeselectedautomatically,butifitisnotthengoaheadandselectitnow.ThistellsEnigmailtoencryptyouremail.Youprobablywon’thavethePGPpublickeyofthepersonyouaresendingtheemailto.RememberwhenyouuploadedyourPublicKeytothekeyserverinStep13?ThereasonyoudidthatwassothatpeoplecoulddownloadyourPGPPublicKeyinordertobeabletoencryptemailstoyou.WithThunderbirdandEnigmail,thisisveryeasy.Onceyouhavefinishedwritingyouremail,clickthe‘Send’button.Youwillseeapopupthatstates“Recipientsnotvalid,nottrustedornotfound”.Clickthe‘Downloadmissingkeys’button–thiswilldownloadthePGPPublicKeyofthepersonyouaresendingtheemailto.Ifthatperson(oratleastonepersononyourlistofrecipients)hasnotyetsetupPGPorhasnotuploadedtheirPGPPublicKeytothekeyserver,nokeywillbefoundforthatrecipientandyouwillnotbeabletoencrypttheemailtothem.Ifthisoccurs–andiftheemaildoesnotcontainsensitiveinformation–clickingthe‘Send’buttonwillsendtheemailunencrypted.AdvisethatpersontogettheirPGPsetupandsendthemthisguide!ReceivingaPGPencryptedemail:InordertobeabletoreadanemailfromsomebodythattheyhaveencryptedtoyourPGPPublicKey,justclickontheemailthattheyhavesenttoyou.Youwillbepromptedtoenteryourpassphrasetodecrypttheemail,andyouwillhavetheoptionoflettingThunderbirdrememberyourpassphrase.Feelfreetoselectthisifyouwish.Welcometotheworldofsecurecommunications!
Extras:AnoteaboutprotectingyourPGPPrivateKeyandRevocationCertificate:Revocationisincrediblyusefulincaseyourkeygetscompromised-itmakesiteasyforyoutoletpeopleknowthatkeyisnolongerinuse/nolongersafe,sobesuretokeepyourrevocationcertificate(thatyousavedwhencreatingyourkey)somewheresafeandalsokeepabackupofit.Neveruploadyourprivatekeyoryourrevocationcertificatetoanycloudstorageorcloudemail;treattheprivatekeylikeakeytoasafe-nevershareitwithanyone-andtreattherevocationcertificatelikeyourinsurancetomakethesafe'scontentsuselessshouldsomeonemanagetogetthekeyandgetintothesafe.Amoredetailed,featurerichguideforWindowsuserscanbefoundhere:https://securityinabox.org/en/guide/thunderbird/windows/Amoredetailed,featurerichguideforMacuserscanbefoundhere:https://securityinabox.org/en/guide/thunderbird/mac/ThunderbirdandEnigmailarebothhighlyconfigurable;youcanreadmoreaboutconfiguringEnigmailtoyourownspecificrequirementshere:https://enigmail.wiki/Configuration
