Jump to content
  • How to set up end-to-end encryption for your e-mails in Mozilla's Thunderbird


    Karlston

    • 712 views
    • 5 minutes
     Share


    • 712 views
    • 5 minutes

    In recent years, companies have been implementing various levels of encryption within their apps and services. ProtonMail offers encryption between its mail users, WhatsApp has encryption turned on by default, and Facebook Messenger lets you flip to more secure chats if you would like. While not the most straightforward to set up, Mozilla has tightly integrated PGP into its e-mail client Thunderbird, so you can encrypt e-mails, no matter your provider.

     

    In this guide, I’ll go over:

     

    • How to set up your encryption keys
    • How to add your contact’s keys
    • How to share your own keys
    • How to upload your keys to a keyserver, so they can be found easily
    • How to backup your keys

    How to set up your encryption keys

    To start this guide, you’ll need to download Thunderbird (if you don’t already have it) and then you’ll need to log in to your e-mail account. Once you have added your e-mail address, you’ll want to press the e-mail address in the Folders side panel, then right-click it and open Settings. Look for End-To-End Encryption in the side panel and press that.

     

    Under the OpenPGP subheading, if you have not set up a key yet, it should say Thunderbird doesn’t have a personal OpenPGP key for , to the side of that press Add Key…. Thunderbird will allow you to create a new key or import an existing one, for the sake of this guide, we will select create a new key but if you have one already, import it.

     

    Next, you should see the Generate OpenPGP Key menu, ensure the Identity matches your e-mail, choose your expiry, and alter the advanced settings if you want, though, they are fine left as they are. Once you’re happy with your settings, press Generate then Confirm. You should now see a green confirmation box that the key was successfully created, and the new key will be automatically selected as your account’s associated key. Just below, you’ll see OpenPGP Key Manager go there next.

     

    1660762287_generate-openpgp.jpg

    How to add your contact’s keys

    In the key manager, you’ll see your newly minted encryption keys. If you selected the wrong settings while making them, you can right-click and revoke then delete your keys, then repeat the steps above to make a new key. Under File in the key manager, you can also import public keys for your contacts who you wish to correspond with encryption enabled. You’ll need their keys saved to your computer, so ask them to e-email their keys to you.

     

    1660762994_import-gpg.jpg

    How to share your own keys

    To send your public key to a contact, head back into the OpenPGP Key Manager and right-click your key. You should then see an option to send your public key by e-mail, pressing this will open up a new compose window with your key attached. To import this, your recipient just needs to open their key manager, press File and import the public key from the file.

     

    1660763173_share-gpg.jpg

     

    Interestingly, if your contacts use ProtonMail, they can go to their contacts menu, press your e-mail then press the settings cog. From there, there’s an option to see advanced PGP settings, and they can import your public PGP key. To add their keys go to the key manager in Thunderbird the press Keyserver > Discover Keys Online and search their ProtonMail address, their public key for that account should then appear.

    How to upload your keys to a keyserver, so they can be found easily

    Finally, if you want your public key to be searchable in a keyserver, you’ll want to export your public key from the Key Manager and head to keys.openpgp.org. Look for the upload button, then upload your public key. This allows people to find your public key with just your e-email address, making it easier to send encrypted e-mails.

     

    1660763303_upload-keyserver.jpg

    Backing up your keys

    Finally, you need to know how to back up your secret keys in case you would like to decrypt e-mails on another computer or if you need to reinstall your operating system on your existing computer. Simply open the OpenPGP Key Manager, click the key you want to back up, and press File. You should see Backup Secret Key(s) To File you will have to give the secret key a filename and enter a password, which you'll need to restore the key in the future. It'll take a short time to export the secret key, but it'll let you know when it's done.

     

    To import a secret key in the future, select File in the OpenPGP Key Manager and then press Import Secret Key(s) From File and select the file to import. Tap in your password, and you should be ready to go.

     

    If you ever lose your secret key, you will never be able to decrypt messages encrypted with your public key so be sure to keep it safe.

    Conclusion

    While setting up end-to-end encrypted e-mail is still not as simple as sending encrypted WhatsApp messages, Mozilla has improved the situation in recent years because these tools are baked into Thunderbird. In the past, you needed to use an add-on called EnigMail to offer these features. Hopefully, setting up this feature gets a bit easier so that more people can use it.

     

     

    How to set up end-to-end encryption for your e-mails in Mozilla's Thunderbird


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...