2 min

How to set up gpg email encryption with thunderbird

This is a short step by step description on how to set up gpg encryption with thunderbird.

  1. Install the Enigmail extension from the official add-on repository, restart if needed
  2. There should be a new menu entry for Enigmail. Open this and choose "key management"
    You probably get an empty list.
  3. In them menu, click on "Generate" and "New Key Pair"
  4. In the top drop down box select the right Account, if you have multiple
  5. Optionally specify a password. This will be asked for everytime you start thunderbird. Or enable "No passphrase"
  6. Optionally specify an expiry date or enable "Key does not expire"
  7. Click on "Generate key". Now wait until the key is generated. Moving the mouse or creating network traffic helps to speed up the process.
  8. If asked for, also create a revoking certificate. You never know, if you need one.
  9. Now your key list should contain the newly created certificate.
  10. Save a copy of your private key file in a secure place by right clicking on your entry and picking "Export Keys to File" and copy to some safe place.
  11. The next time you write an email you should see some icons on top:
  12. By default only encrypted emails are signed and enryption is only available for addresses with a known public key.
    As soon as you enter an email address with a known public key, both icons should become green.
  13. A good idea is to automatically attach your public key to your emails. Go to the Enigmail menu, pick "Preferences" and "Signing/Encryption Options". In the dialog enable "Attach my public key to messages".
  14. Also a good idea is to upload the public key to a public key server. In the main window go to "Enigmail", "Key Management". Right-click on you key and "Upload Public Keys to Keyserver".