Main Menu

Enigmail for Thunderbird Howto PDF Print E-mail
Written by Sebas   
Friday, 15 May 2009 15:28
This artice is still under construction, it may contain some wrong info.
I prefer encrypted internet communication since the Dutch govermment passed a law that requires ISP's to store ALL my traffic for 6 years, and even if they didn't do that it is still way too easy for anyone to intercept my traffic/passwords.
I not only encrypt my email, but also my IRC/IM/Usenet/VNC/SSH and every other way of communicating that offers encrypting.
Do i have things to hide? Maybe, who doesn't?
Would you like it if you email your girlfriend and the email shows up on the worldwideweb? or if you message your CV?
Or maybe your company requires you to encrypt client-sensitive information, this are all legal and non-criminal reasons to encrypt traffic.

The following instructions may look much work, but it won't take more than 5 to 10 minutes.

First you need to download Mozilla Thunderbird, an opensource emailclient from the makers of Firefox.
Because it is opensource the bug's and security exploits are very found and fixed very fast, unlike what is the case with closed source programs ike Outlook. Some bugs and exploits are unfixed for weeks to months.
Download the latest Thunderbird here
Now all you need to do is configure your email accounts like you did in your previous email program, if this fails try calling your ISP.

If you use Windows you need to download gpg4win from here
If you use linux I suggest you use your package manager to download and install GnuPG

For Debian based distributions like Debian and Ubuntu use "sudo apt-get install gnupg" choose yes if asked
For RPM based distributions use the one that comes with your system;
yum used in Fedora, CentOS-5, Red Hat Enterprise Linux 5 and above, Scientific Linux and Yellow Dog Linux
up2date used in Red Hat Enterprise Linux and CentOS (CentOS-3 and CentOS-4).
Synaptic Package Manager used in PCLinuxOS
YaST and Zypper used in openSUSE and SUSE Linux Enterprise


Now download the OpenPGP plugin 'Enigmail' here

Click here to fetch the public key for BBS@          Click here to fetch the publickey for sebas@
Simply Copy the whole page and follow the instructions below;
Do this for both keys

After copying the page go to Thunderbird -> OpenPGP -> Key mangement -> Edit -> Import keys from Clipbord -> Choose YES -> Click OK -> Rightclick your new added key (Either BaconBellySystem for BBS, or Sebas) and choose "Refresh Public key from keyserver -> Choose or enter "pool.sks-keyservers.net" (without the quotes) as keyserver.
Now rightclick your newly added keys again and choose  "Set Owner trust" Choose "I trust Fully"

What means Owner trust? This links to another website

Now you need to configure your email account(s) again, after you have done this, or if you already did this you need to enable OpenPGP for that account.
Rightclick on your account -> Properties -> OpenPGP security -> click Enable OpenPGP support (Enigmail) for this account .

Now you need to generate a keypair for yourself, so people can encrypt mails only you can read and so that you can sign emails/files so people will know the email/file is from you and isn't modified after it left your computer.
To do this go to Thunderbird -> OpenPGP -> Key management -> Generate -> New Key Pair.
Now a new window will pop-up, choose the following options;
Use Generated keypair for this account.
Disable 'No passphrase'
Now enter a strong passphrase twice, i suggest you don't use the Passphrase you also use for your emailaccount.
Comment isn't needed.
Click 'Key doesn't Expire' <- this can be modified after the key is generated, and/or the key can be revoked.
Click the Advanced tab, if you are like me, and prefer really really strong encryption choose keysize 4096, leave the other option alone. For most users keysize 2048 is enough, and it will generate somewhat faster.

Now all you need to do is click on Generate Key -> Click YES.
Move your mouse, browse the internet, watch a movie, move some large files to speed up the key generation.
This operation will take the longest from all what you have done so far.
After this is done the program will ask you if you want to generate a revocation certificate, choose yes and make sure you store it in a safe place, either a CD or floppy that only you have access to. (Or don't generate a certificate at all, this can be done later if you need it)

Now get back to Thunderbird -> rightclick your account for which you just created a keypair. -> OpenPGP security -> make sure you enable the following options;
'Sign Non-encrypted messages by default'
'Sign Encrypted messages by default'
^ Signing messages ensures the receiver knows that the message is from you and isn't modified by a third party. ^
'Always use PGP/Mime'

You can choose to Encrypt all messages by default, but if the receiver doesn't have OpenPGP and/or you don't have his/her public key they won't be able to read your message.
It would just look like a lot of garbage.
This also counts a little if you sign your messages, but they will still be able to read your messages i think it encourages them to use Enigmail/OpenPGP if you sign your messages anyway.
Don't forget to enable 'Send OpenPGP keyID'


DONE! now you will be able to receive and send encrypted email, even your attachments will be encrypted.
If you installed GnuPG (like you were supposed to) you will be also able to (De/En)crypt/sign/verify files outside Thunderbird.

For any questions, comments, if i missed something.. email me at Sebas@**
Replace ** with @appelsoda.net ofcourse. Encrypted or not.


@MEMBER OF PROJECT HONEY POT
Spam Harvester Protection Network
provided by Unspam
Last Updated on Friday, 15 May 2009 17:28