How to Send Encrypted Emails in Thunderbird

Previously, we have shown you how you can send encrypted email in Gmail. However, some of the comments in the article mentioned that this is dependent on the Chrome extension and is not a failsafe approach. An alternative way is to manage your emails using a desktop client, like Thunderbird, and manage the encryption from your desktop. Here is how you can send encrypted emails in Thunderbird.

Thunderbird, by itself, does not come with the capability to encrypt your email. However, with the help of PGP/GPG and enigmail, you can easily encrypt your email in Thunderbird.

PGP

PGP (Pretty Good Privacy) is the protocol used to encrypt emails.

GPG

GPG (GNU Privacy Guard) is the software that implements PGP.

Enigmail

Enigmail is a Thunderbird extension that connects to GPG to implements the encryption.

To get started, we need to first install GPG and Enigmail on our computer.

For Linux

In Ubuntu and most Linux distro, GPG is installed by default. In fact, the “Passwords and Keys” (aka. seahorse) app in Ubuntu is already an implementation of GPG.

To install Enigmail, simply search for it in the Ubuntu Software Center, or use the command in the terminal:

sudo apt-get install enigmail

For Windows

Installing GPG in Windows is as easy as installing the GPG4Win app.

For Mac

Similarly, install the GPG Suite for Mac to get started.

Installing Enigmail in Thunderbird

Once you have installed GPG for your OS, open up Thunderbird and head to “Tools -> Add-ons”. Search for the extension “Enigmail”. Install it and restart Thunderbird for it to take effect.

thunderbird-install-enigmail

You should now see an “OpenPGP” option in the menu bar.

thunderbird-openpgp-menu

Click the “OpenPGP” menu and select “Setup Wizard”. Select “Yes, I would like the wizard to get me started” and click Next.

thunderbird-setup-openpgp-wizard

If you want to sign all your email, select “yes, I want to sign all of my email”. For selective signing, choose the “No, I want to …” option instead. Click Next.

thunderbird-sign-all-email

For the encryption, decide if you want to encrypt all your outgoing email or on a per-recipient basis.

thunderbird-encrypt-all-email

Next, the wizard will prompt you to change a few email settings to make OpenPGP work more reliably. This includes disable HTML message, view message body as plain text, disable loading IMAP parts on demand etc. If you have made a specific settings to Thunderbird that you need to use for all emails, select “No”. Else, you can safely select “Yes” and let it configures your mail settings.

thunderbird-change-mail-settings

The next step is to create a new key pair for signing and encrypting your email. If you have already created a keypair, you can select it from the list. If not, select “Create a new key pair” option.

thunderbird-create-keypair

You will then have to enter the passphrase.

thunderbird-enter-passphrase

And lastly, click Next at the Summary page and it will start to create the keypair.

thunderbird OpenPGP Summary

Once the keypair is generated, it will prompt you if you want to generate a revocation certificate. This certificate can be used to invalidate your private key in case it gets lost or stolen.

thunderbird-generate-certificate

Open a new Compose window and start to enter your message. To encrypt/sign your message, click “OpenPGP -> Encrypt Message” in the menu bar. You can also select “Sign Message” as well. If necessary, attach your public key in the email so the recipient can add it to their library.

thunderbird-compose-encrypt-email

If you receive an encrypted email in Gmail, you can make use of Mymail-Crypt for Gmail for Chrome or WebPG (available for both Firefox and Chrome).

Thunderbird is used by many people and thanks to its open-source nature, adding an encryption mechanism to it is very simple as well. Once you have set it up, you will be able to receive and send encrypted emails without much issue.

Image credit: Computer security by BigStockPhoto