Mozilla Thunderbird recently integrated OpenPGP right into the main application. No add-ons are needed for email privacy. OpenPGPâ€™s world-class encryption is easy to set up and use without additional software.
Thunderbird and OpenPGP
Thunderbird usesÂ OpenPGPÂ for encryption, which is a free, nonproprietary protocol. Based on the freeware versions ofÂ Phil Zimmermanâ€™sÂ Pretty Good PrivacyÂ (PGP), itâ€™s now very much its own thing.
Thunderbirdâ€™s OpenPGP integration allows you toÂ encryptÂ a message. Then, only the people you want to read your message will be able to do so. It also lets youÂ digitally signÂ a message so your recipient can be confident the message hasnâ€™t been altered in transit.
OpenPGP uses the principle of pairs of public and private (or â€œsecretâ€�) encryption keys. To use OpenPGP, you must have a public and private key pair. Public keys are shared with anyone to whom you want to send encrypted messages, whereas private keys are never shared with anyone else. Private keys can also be used to decrypt messages encoded with the matching public key.
The senderâ€™s email client generates a random key which is used to encrypt the message. The random key is then encrypted with the recipientâ€™sÂ publicÂ key, and the encrypted message and key are then sent to the recipient. The recipientâ€™s email program uses the recipientâ€™sÂ privateÂ key to decrypt the random key. The random key can then be used to decrypt the encoded message.
Why not just use the recipientâ€™s public key to encrypt the message? This would work for messages sent to a single recipient, but it would be too cumbersome for those sent to multiple people.
The most efficient way to distribute a message to several people is to encrypt the message using the random key. This is because no public or private keys have been involved at that point, making the encryption on the message person-agnostic.
For each recipient, the random key is encrypted using that personâ€™s public key. All of the encrypted keys are then sent with the message. Each recipient can decrypt the copy of the random key that was encrypted using their public key, and then use the random key to decrypt the message.
Thankfully, once OpenPGP is set up, all of this happens automatically.
We tested Thunderbirdâ€™s OpenPGP integration on an Ubuntu 20.10 computer. On a Windows 10 PC, all the Thunderbird menu items, settings, and dialogs were named the same and in the same locations. So, if youâ€™re running Windows, you should be able to follow the instructions below, as well!
Checking the Thunderbird Version
OpenPGP integration arrived in Thunderbird 78.2.1, so youâ€™ll want to make sure youâ€™re running that version or higher. You can use your package manager to upgrade if necessary.
If you use Enigmail, refer to theÂ upgrade instructionsÂ on the Mozilla support pages. They include advice about backing up your old Thunderbird profile before you upgrade. This way, if something goes wrong, you can go back to the previous version.
By default, Thunderbird 78.x retains the classic three-pane email interface: the accounts and folders in the sidebar, the list of received emails at the top, and the content of the highlighted email at the bottom.
If you canâ€™t see the Thunderbird menu bar, right-click the space to the right of the last tab, and then select â€œMenu Barâ€� from the context menu. To see which version of Thunderbird you have, click Help > About Thunderbird.
Weâ€™re running version 78.5.0, so the OpenPGP integration will definitely be present.
If this is the first time youâ€™ve used Thunderbird, configure your email address and account details, and then verify that email is functioning normally. You have to have a working email account inside Thunderbird before you can set up OpenPGP.
Generating a Key Pair
To generate a key pair, click â€œTools,â€� and then select â€œOpenPGP Key Manager.â€�
ClickÂ Generate > New Key Pair.
A screen full of options will appear. Click the â€œIdentityâ€� drop-down menu and select the email address for which you want to generate keys. If you have multiple identities configured in your Thunderbird client, make sure you select the appropriate email address.
Under â€œKey Expiry,â€� select the lifespan of your keys or select â€œKey Does Not Expire.â€�
In â€œAdvanced Settings,â€� you can select the type of encryption and key size (the defaults are fine in most cases).
When youâ€™re happy with your selections, click â€œGenerate Key.â€�
Youâ€™ll be asked to confirm that you want to generate the keys for that email address; click â€œConfirm.â€�
After your keys have been generated, an entry will appear in the â€œOpenPGP Key Managerâ€� dialog.
If you generate keys for any other email addresses, those details will be listed here, as well. To view the configuration of any of the listed keys, just highlight the entry in the list, and then click View > Key Properties.
Select the radio button next to â€œYes, Treat This Key as a Personal Key,â€� and then click â€œOKâ€� when youâ€™re ready to proceed.
Exchanging Public Keys
You have to have the public key for each person to whom youâ€™re going to send encrypted messages. Theyâ€™ll also need yours to send encrypted messages back. There are a few ways you can get someoneâ€™s public key. They might send it to you unannounced or you can ask them for it. You can even try to find it online.
Whenever you receive an email with an attached public key, Thunderbird includes an â€œOpenPGPâ€� button to the right of the email header; click it to import the public key.
You might receive some warnings. For example, if the message wasnâ€™t encrypted or digitally signed, youâ€™ll be told so.
If youâ€™ve just asked this person to send you their public key, you can be pretty sure this is from them. If thereâ€™s any doubt, just double-check with them via text, phone, or any other non-email method.
If youâ€™re satisfied the public key definitely belongs to the person sending the message, click â€œImport.â€�
The name of the sender and their email address will appear as confirmation.Â Click â€œOKâ€� to import the key.
Some information about the imported public key will then appear. Youâ€™ll see who owns the key, the email address associated with it, the number of bits the encryption is using, and when the public key was created.
Click â€œView Details and Manage Key Acceptance.â€�
If youâ€™re positive the key came from its owner, select the radio button next to â€œYes, Iâ€™ve Verified in Person This Key Has the Correct Fingerprint,â€� and then click â€œOK.â€�
Thatâ€™s half the battle! We now have Alwaâ€™s public key, so letâ€™s send him ours. To do so, just start a new email to the person to whom you want to send your key or reply to one of their emails. In the email menu bar, click Options > Attach My Public Key.
Then, you just type the body of your email and send it as usual.Â Again, Thunderbird includes an â€œOpenPGPâ€� indicator at the bottom right of the status bar to let you know the message uses OpenPGP. If the email is encrypted, youâ€™ll also see a padlock icon, and if itâ€™s digitally signed, youâ€™ll see a cogwheel icon.
The options for encryption and digitally signing emails are available in the â€œSecurityâ€� section of the email menu bar. You can also attach your public key from this menu.
When youâ€™re ready, just send your email.
Reading Encrypted Emails
Alwa can now reply to you and use encryption. When you receive an encrypted, email you donâ€™t have to do anything special to read itâ€”just open it as usual. â€œOpenPGPâ€� in the email header will include green checkmarks to verify that OpenPGP has decrypted the email and that the digital signature has also been verified.
The subject line of an encrypted email will be displayed as an ellipsis (â€¦) until you open it. This prevents anyone from seeing the subject of any encrypted emails you receive.
Some people do make their public keys available online. To upload yours, you first have to export it.
To do so, click â€œTools,â€� and then select â€œOpenPGP Key Manager.â€� Highlight the key you want to export in the â€œOpenPGP Key Managerâ€� dialog, and then click File > Export Public Key(s) to File.
Save the exported file to your computer (be sure to note where you save it). Next, open your web browser and navigate to the OpenPGP Key Repository. Here, you can search for existing keys using the email address, key ID, or fingerprint.
You can also upload your own key. To do so, just click â€œUpload,â€� and then browse to the location of your exported file.
Once your key is uploaded, people can search for, find, and download or import it into their own email clients.
You can also search for online keys in Thunderbird. Just click â€œTools,â€� and then select â€œOpenPGP Key Manager.â€� Then, click Keyserver > Discover Keys Online.
When the â€œOpenPGP Promptâ€� dialog appears, type the email address of the person youâ€™re looking for, and then clickÂ â€œOK.â€�
If a match is found, Thunderbird will offer to import the key for you; click â€œOKâ€� to do so.
Keep Your Secrets, Well, Secret
Admittedly, not every email needs to be locked down with encryption and verified by a digital signature. However, for some peopleâ€”like dissidents in oppressive regimes, whistleblowers, or journalistsâ€™ sourcesâ€”privacy can be a matter of life or death.
Whenever you need more privacy, Thunderbird makes it easy!
The post How to Use OpenPGP Encryption for Emails in Thunderbird appeared first on TechFans.