Enigmail

Enigmail is a mailer plugin to encrypt/decrypt mails (using GnuPG).

Enigmail uses GnuPG (also called GPG), so make sure GPG is installed.

• Debian: apt-get install gnupg
• Windows: get it from GPG4Win

Then, make sure your mailer is supported by Enigmail. At the time I write this article, Outlook is not supported

The rest of this article applies to Enigmail with Thunderbird.

Download Enigmail. For Thunderbird, it's a (extension .xpi). Use a right-click to download it (if you click on it with Firefox, you'll install the plugin in Firefox which is quite useless !).

• Then, install the plugin in Thunderbird: Tools → Extensions → Install
• Restart Thunderbird

Enigmail is configured directly from within Thunderbird. There are two menus to check out:

• OpenPGP → Preferences:
  • Basic settings: check or set the executable path. If you don't have a clue where it is:
    • On Linux, locate gpg (whereis gpg, which gpg, locate gpg…). Typically, it'll be in /usr/bin.
    • On Windows, search for gpg.exe. Typically, something like c:\program files\gnupg\gpg.exe
  • If you don't see the other tabs, in the Basic tab, check “expert” mode.
  • Sending: enable
    • “Encrypt to self” (makes sure that you'll be able to re-read encrypted emails you've sent to your recipients !),
    • “Always trust user ID”,
    • “Always confirm before sending” (I like to make sure I'm sending confidential stuff to the right person !),
    • “Rewrap signed HTML before sending”,
    • “allow empty subject” (just to avoid the warning when subject is empty)
  • Key selection: display selection when necessary (only shows the key selection window when it does not know which key to choose)
  • Advanced: encrypt if replying to encrypted message (seems a good thing)

• Edit → Account Settings → OpenPGP Security
  • Enable OpenPGP support (enigmail) for this identity
  • Use email address of this identity to identify OpenPGP key.

Thunderbird → OpenPGP → Key Management → Generate → New Key Pair

For example:

• Choose expires in 5 years (I do not recommend “does not expire”)
• Choose your passphrase. A passphrase is a long password, a sentence. Choose something you can type easily, but don't choose anything too short: your key pair might get compromised, and then the attack can sign under your Id, decrypt your emails etc.
• You can use default settings for other parameters, though I prefer using an RSA key than DSA (in the Advanced panel)

The easiest way to do that is:

• Thunderbird → Write a Message → OpenPGP → Attach my public key. There it is !

Now, if you insist on doing it the hard way :

• Thunderbird → OpenPGP → Key Management

• Select your key
• Then File → Export Keys to File.
• When it asks “Do you want to include your secret key…” of course, you answer No (IMPORTANT !).
• Then you include the resulting file in your mail.