Enigmail

Complicated ? No, honestly, it isn't ! Try it out, it's worth it (and I'm not affilitated to the Enigmail guys ).

• First install Enigmail as specified below.
• Then, create your own key pair . If you hardly know what a key pair is, read this before .
• Configure enigmail
• Finally, try it out !
• If you're always unsure what key you should use to sign or encrypt a message, read this

• Make sure GPG is installed.
  • Debian: apt-get install gnupg
  • Windows: get it from GPG4Win
• Make sure your Thunderbird - or any other mailer that supports Enigmail - is decently configured.
• Download Enigmail : it's a Thunderbird plugin (.xpi). Use a right-click to download it (if you click on it with Firefox, you'll install the plugin in Firefox which is quite useless !).
• Install the plugin in Thunderbird: Tools → Extensions → Install
• Restart Thunderbird

Open Thunderbird:

OpenPGP → Preferences:

• Basic settings: check or set the executable path. If you don't have a clue where it is:

o On Linux, locate gpg (whereis gpg, which gpg, locate gpg…). Typically, it'll be in /usr/bin.

        o On Windows, search for gpg.exe. Typically, something like c:\program files\gnupg\gpg.exe
  * If you don't see the other tabs, in the Basic tab, check "expert" mode.
  * Sending: enable "Encrypt to self" (makes sure that you'll be able to re-read encrypted emails you've sent to your recipients !), "Always trust user ID", "Always confirm before sending" (I like to make sure I'm sending confidential stuff to the right person !), "Rewrap signed HTML before sending", "allow empty subject" (just to avoid the warning when subject is empty)
  * Key selection: display selection when necessary (only shows the key selection window when it does not know which key to choose)
  * Advanced: encrypt if replying to encrypted message (seems a good thing)

Edit → Account Settings → OpenPGP Security

• Enable OpenPGP support (enigmail) for this identity
• Use email address of this identity to identify OpenPGP key (this means that if you're sending under identity blah@blah.comThis email address is being protected from spam bots, you need Javascript enabled to view it , it 'll use your key for blah@blah.comThis email address is being protected from spam bots, you need Javascript enabled to view it . Seems good).

Thunderbird → OpenPGP → Key Management → Generate → New Key Pair

For example:

• Choose expires in 5 years (I do not recommend “does not expire”)
• Choose your passphrase. A passphrase is a long password, a sentence. Choose something you can type easily, but don't choose anything too short: your key pair might get compromised, and then the attack can sign under your Id, decrypt your emails etc.
• You can use default settings for other parameters, though I prefer using an RSA key than DSA (in the Advanced panel)

The easiest way to do that is:

• Thunderbird → Write a Message → OpenPGP → Attach my public key. There it is !

No, if you insist on doing it the hard way :

• Thunderbird → OpenPGP → Key Management

• Select your key
• Then File → Export Keys to File.
• When it asks “Do you want to include your secret key…” of course, you answer No (IMPORTANT !).
• Then you include the resulting file in your mail.