Configure PGP for Email
| Configure PGP for Email|
Organic Design procedure
To initially configure PGP on Thunderbird, start with the Setup Wizard from the "OpenPGP" menu which appears after Enigmail has been successfully installed. We use the following options:
- sign all outgoing mail (you can turn off signing before sending an email if you wish)
- use per-recipient rules for whether to encrypt outgoing mail
- Allow it to apply the optimal settings for you when it asks
- Use your email account password for your private key's access pass-phrase
- Allow it to create a revocation certificate so you can cancel your key-pair if you need to
At the end of the wizard it spends a few minutes generating a 2048 private/public key pair. To send a signed or encrypted message, the recipient must have your public key installed. You can save keys to file or send them over email to selected recipients from the "Key Management" option in the "OpenPGP" menu. You can also import a key from the clipboard.
Common actions for sending messages
Here's some screenshots of the main operations you'll use when sending a message...
|Check/set the signing and encryption status when composing a message||Attach your public key when composing a message to a new recipient|
Common actions for incoming messages
Here's some screenshots of the main operations you'll use when receiving an encrypted message...
|Import a public key attached to an incoming message by right-clicking on it||Click on "details" of an incoming encrypted message to sign or set trust for senders key|
Our best practice for privacy is to encrypt all email by default when sending to recipients that you have a public key for. To apply the defaults for a recipient, right-click on them from the address book and select "Create OpenPGP rule", then select the key to use and select "Always" for signing and encryption.
Setting up after an OS reinstall
The easiest way to reimport everything after reinstallation of the OS is to install Thunderbird and then Enigmail as usual (if there's no published plugin compatible with your version of Thunderbird, then go direct to enigmail.net, download the .xpi and drop it into the addons window in Thundirbird.
Next go through the initial setup wizard for Enigmail and generate a key if you need to (use the same passphrase as your old private key had), then import your keys from your safely backed up export. If you didn't have such an export it is possible to use the ~/.gnupg directory from your old OS if you have access to it. To do that, shutdown Thunderbird after going through the setup wizard, then replace the gnupg directory with your backed up one (ensure that you're the owner of the directory), then reboot the system so that all the GPG components are reset with the new directory.
After importing you may encounter an error when trying to send encrypted mails, this is likely due to the account using the newly created key instead of the one associated with your email address in the imported keys. Set the following setting in accounts.
Thunderbird on Windows
You will need to download GPG4Win and install it before setting up PGP: http://www.gpg4win.org/download.html
- GPGmail - PGP for Mac users
- PGP tutorials at Pecunix
- Private keys disappeared? - probably you've come across this bug upgrading gpg to 2.1
- Werner Koch from gnupg.org responds to recent PGP exploit news