how to:How to Send and Receive Encrypted Email Messages with Thunderbird’s Enigmail
Worried that the email you are sending and receiving is not safe? Enigmail is a security extension to Mozilla Thunderbird and Seamonkey that enables you to write and receive email messages signed and/or encrypted with the OpenPGP standard.
Enigmail uses public key encryption to make your email communication more secure. You can send confidential emails to anyone who has sent you their public key. The owner, who has a private key that works with the public key, will be able to access and read the emails sent.
What do you need to use Enigmail?
Enigmail is an plugin or add-on for Firefox. It cannot be run by itself. To use Enigmail, you will need to install the GNU Privacy Guard (GnuPG). You may also need to install the proper Enigmail language pack. You will also need to download Mozilla’s free and open source email client, Thunderbird. http://www.mozillamessaging.com/en-US/thunderbird/
Before you can use Enigmail, You need to install the GNU Privacy Guard (GnuPG). Point your browser to http://www.gnupg.org/. As you run the installation, you will see the Choose Components screen. Leave all of the boxes CHECKED. Click “Next.” Continue through the installation process.
Visit Enigmail’s Quick Start Guide for help installing GnuPG on your computer.
To get the Enigmail add-on, point your browser to http://enigmail.mozdev.org/home/index.php. Click on the link to download the file and save it to your desktop.
Make sure you have already downloaded the Firefox web browser!
Open the Thunderbird file you have download to your desktop. In the main window, you will see “Tools.” Click on this, and then select Add-ons.
An add-ons screen will appear showing all of your Thunderbird plug-ins. Click the “Install” button on the bottom left of this screen. Select the Enigmail file you saved to your desktop, then click “OK.”
An installation screen will pop up. Select “Install Now.”
The add on will be installed, and you will be asked to restart Thunderbird. Click “Restart Thunderbird.” After Thunderbird restarts, you should see “OpenPGP” on the main menu bar.
To make sure all the components are working, Select “OpenPGP” from the Thunderbird menu bar and select “Preferences.” Under “Files and Directions” you should see GnuPG was found in...
If Enigmail was not installed properly, you will receive an error message.
Now configure your email account(s) to use Enigmail.
Select Tools, then Account Settings.
On the left sidebar, under Work Account, select OpenPGP Security. Check the box next to “Enable OpenPGP support.”
Select the radio button next to Use email address of this identity to identify OpenPGP key.
Now it is time to create your first key pair.
As they note on their website:
“Enigmail uses public key cryptography to ensure privacy between you and your correspondents. In public key cryptography we use two different kinds of keys to give us confidentiality and assurance. By 'confidentiality' we mean that only the people you want to read a message will be able to read a message. By 'assurance' we mean that people who read messages from you can be sure that it really came from you....All you need to understand is that you will be creating a public key and a private key. The public key can be shared with the whole world--friends, neighbors, relatives, enemies, even intelligence agencies. But you need to guard the private key very, very carefully.
Start the Enigmail Key Manager by clicking "OpenPGP" in the menu bar of the Thunderbird main window. Select "Key Management".
When the Enigmail Key Manager opens, click on "Generate" in the menu bar and select "New key pair". A new window will pop up.
At the top of the window, tell Enigmail which email address to associate the key pair with b selecting whichever account will be receiving encrypted mail.
Choose your passphrase and enter it into the box next to Passphrase. You will need to add it a second time to make sure it is correct.
Click “Generate Key.” Voila! You now have a key pair!
You will now need to locate your Key ID. This is a sequence of eight letters and numbers used to identify your key.
Start the Enigmail Key Manager by clicking "OpenPGP" in the menu bar of the Thunderbird main window. Select "Key Management". Enter your email address in the search box. The key you just created should appear, and over at the right you'll see your key ID. Write this down; you'll need it.
Share your key! The easiest way to share your public key is to publish it on the public keyserver network, a global database of keys.
Click on your key in the Key Manager.
Then click “Keyserver.” Select “Upload public keys.” Enigmail will ask where it should send your key. Use Enigmail’s default, pool.sks-keyservers.net, and click “OK.”
Test out Enigmail by writing your first signed piece of email.
Since not many people use Enigmail, Mozilla recommends sending a signed or encrypted email to Adele [firstname.lastname@example.org], the "Friendly OpenPGP Email Robot". Adele accepts OpenPGP messages and replies in an explanatory way to any kind of OpenPGP messages. Don't forget to attach your own public key if you send your first email to Adele. You can use the menu OpenPGP -> Attach My Public Key for this.
Write an email in plain text.
Tell Enigmail to sign it by clicking on the “OpenPGP” button. Make sure the “Sign” option (and ONLY this option) is checked.
Hit Send. You will be prompted to enter your passphrase. Enter it. Now your email will be sent!
To send an encrypted email to someone, first you will need to ask him or her for their key ID. Write it down.
Now, open the Enigmail Key Manager, and then click on "Keyserver --> Search for keys".
Enter the person's key ID in the search box, prefixing it with "0x", if necessary. For instance, if someone were to tell you their key ID was "AYM007, you'd enter it as "0xAYM007".
Click OK. Enigmail will search through the keyserver and look for the key you want. If Enigmail finds it there, it will be added to your own local copy of keys.
Now, you are ready to write an email. Compose an ordinary email. Before you send it, click on the OpenPGP button. Select “Encrypt.” Then hit Send.
If the email address of your message matches an address on your keyring, there's nothing more to do; your message will be encrypted and sent on to your correspondent. If there's a problem with the matching, you will be asked to manually select a key from your keyring. If you see this menu, then simply select the proper keys and you're done.
Enigmail will automatically try to decrypt any encrypted email you receive by asking you to enter your passphrase.