PGP (Pretty Good Privacy) is a protocol for encryption and authentication of files and emails. In this tutorial I want to show how to create encrypted and signed emails using GPG (GnuPG), Thunderbird (Email Client), and Enigmail (Connector). I used windows as test case which the steps are same for *nix systems.
There are three steps:
- Installing GPG
- Installing and configuring Thunderbird
- Installing and configuring Enigmail
- Send public keys to each other
Get GPG application from GPG4win. If you are on Linux (Debian based ones), you can install it by following commad:
sudo apt-get install gnupg2
The steps are shown by images below:
Installing and configuring Thunderbird
You can install Thunderbird from their main site. Thunderbird is the default mail client in Linux systems.
Now you must add your email to Thunderbird using SMTP/IMAP (or POP3). I personally prefer IMAP which it has lots of features! Also SSL/TLS/STARTTLS support is appreciated. If your email is ftype of known emails, Thunderbird can automatically find it (ex. Gmail, Ymail, Outlook, etc) from Mozilla Email Database. If not, you may enter the SMTP and IMAP/POP3 connection information which can be get from your email provider. If SSL/TLS has self signed certificate, then you may check and accept it.
Installing and configuring Enigmail
After configuring Thunderbird, you should install Enigmail addon in Thunderbird which can be installed through Tools -> Add Ons -> enter Enigmail in search box.
After restarting Thunderbird, Enigmail starts its configuration. You should enter a password which is used for encryption and decryption of emails. And a revocation certificate is needed for when you lost your password or when you want to revoke it.
CAUTION: IF YOU LOST YOUR PASSWORD OR YOUR PRIVATE KEY, ALL EMAILS WHICH IS ENCRYPTED BY OTHERS CAN NOT BE RECOVERED!
Send public keys to each other
The final step is sending public keys of contacts to each other and mark each others public key as trusted. If you use Enigmail for the first time, it will ask you how to encrypt (sign) the message. I prefer to sign whole the message. Another point is that if you just sign Emails, the recipient will be sure that you have send it. But if you have recipients public key, you can both sign and encrypt the message. If you encrypt Emails, the email provider can not see your Email’s body part, but SUBJECT is still visible.