Enigmail

Complicated ? No, honestly, it isn't ! Try it out, it's worth it (and I'm not affilitated to the Enigmail guys ).

• First install Enigmail as specified below.
• Then, create your own key pair . If you hardly know what a key pair is, read this before .
• Configure enigmail
• Finally, try it out !
• If you're always unsure what key you should use to sign or encrypt a message, read this

• Make sure GPG is installed.
  • Debian: apt-get install gnupg
  • Windows: get it from GPG4Win
• Make sure your Thunderbird - or any other mailer that supports Enigmail - is decently configured.
• Download Enigmail : it's a Thunderbird plugin (.xpi). Use a right-click to download it (if you click on it with Firefox, you'll install the plugin in Firefox which is quite useless !).
• Install the plugin in Thunderbird: Tools → Extensions → Install
• Restart Thunderbird

Open Thunderbird: OpenPGP → Preferences:

• Basic settings: check or set the executable path. If you don't have a clue where it is:
  • On Linux, locate gpg (whereis gpg, which gpg, locate gpg…). Typically, it'll be in /usr/bin.
  • On Windows, search for gpg.exe. Typically, something like c:\program files\gnupg\gpg.exe
• If you don't see the other tabs, in the Basic tab, check “expert” mode.
• Sending: enable
  • “Encrypt to self” (makes sure that you'll be able to re-read encrypted emails you've sent to your recipients !),
  • “Always trust user ID”,
  • “Always confirm before sending” (I like to make sure I'm sending confidential stuff to the right person !),
  • “Rewrap signed HTML before sending”,
  • “allow empty subject” (just to avoid the warning when subject is empty)
• Key selection: display selection when necessary (only shows the key selection window when it does not know which key to choose)
• Advanced: encrypt if replying to encrypted message (seems a good thing)

Edit → Account Settings → OpenPGP Security

• Enable OpenPGP support (enigmail) for this identity
• Use email address of this identity to identify OpenPGP key (this means that if you're sending under identity blah@blah.comThis email address is being protected from spam bots, you need Javascript enabled to view it , it 'll use your key for blah@blah.comThis email address is being protected from spam bots, you need Javascript enabled to view it . Seems good).

Thunderbird → OpenPGP → Key Management → Generate → New Key Pair

For example:

• Choose expires in 5 years (I do not recommend “does not expire”)
• Choose your passphrase. A passphrase is a long password, a sentence. Choose something you can type easily, but don't choose anything too short: your key pair might get compromised, and then the attack can sign under your Id, decrypt your emails etc.
• You can use default settings for other parameters, though I prefer using an RSA key than DSA (in the Advanced panel)

The easiest way to do that is:

• Thunderbird → Write a Message → OpenPGP → Attach my public key. There it is !

No, if you insist on doing it the hard way :

• Thunderbird → OpenPGP → Key Management

• Select your key
• Then File → Export Keys to File.
• When it asks “Do you want to include your secret key…” of course, you answer No (IMPORTANT !).
• Then you include the resulting file in your mail.