A year on from the first Snowden revelations and the landscape is starting to shift. People are taking encryption and privacy more seriously and technology companies are shifting towards more secure systems. To follow that trend I've decided to setup encryption for my own email using OpenPGP. In this blog I will detail how to setup and implement encrypted email.
I'm going to cover setting up encrypted email in the Thunderbird mail client on Windows. It's surprisingly easy to do and in a subsequent blog I will also show how to get setup with encrypted email on your Android phone too. Thunderbird is a great mail app and easy to use. It can be setup to use pretty much any mail account and you can grab yourself a copy, for free, here. I'd highly recommend using it.
Setting up GPG4Win
There's not actually much setting up to do really. You just need to download a copy of GPG4Win from here and install it.
Enigmail is a plugin for Thunderbird that will take care of everything to do with encryption for you. It takes care of the actual encrypting, key management, signing and everything else. To install Enigmail, hit the 'Alt' key to show the Thunderbird menu, select 'Tools' and then 'Add-ons'. In the Add-ons Manager, search for and install Enigmail.
Once installed, you will be prompted to restart Thunderbird. Once it has restarted, press 'Alt' again to show the menu and you should now have an 'OpenPGP' option. In there select the 'Setup Wizard'.
Select 'Yes' to allow the wizard to help us set everything up and on the next screen select the email address/es that you want to setup OpenPGP for.
The next 2 screens will ask if you want to sign or encrypt your emails by default. I choose no so that I can choose which email need encrytping.
I don't allow the wizard to change any email settings so I can still do things like compose HTML emails. You can click 'Details' if you want finer grained control to enable/disable specific settings.
Now, onto the good stuff! You will need to create a new key pair for signing and encrypting your emails.
As part of the creation process, you will need to create a passphrase to protect your private key. This should be like any other password, nice and strong.
Once you hit next, you will get a quick summary of everything that's about to happen and hitting next again will kick off the process.
Once the process is complete, you will be prompted to generate a revocation certificate. Follow the steps and save the certificate somewhere.
That's it, we're all done and ready to start using encrypted email!
Now, you have to send your public key to others so that they can use it to encrypt mail before they send it to you. In Thunderbird, hit 'Alt' to open the menu bar, select 'OpenPGP' and then 'Key Management'. In the window that pops up, right click on the key you just created and click 'Send public keys by email'.
Send this key to anyone that you would like to send encrypted emails to you. This key is public, so it doesn't matter who gets hold of it, at all. Here's my public key.
With that, anyone can now send me an encrypted email that only I can decrypt with my private key. When someone sends you their public key, simply open the file attachment and import it to be able to send them encrypted emails too. It's a good idea to take a backup of your private key, but make sure that it's stored somewhere safe and secure. If you lose it, you can't ever recover it. Back on the Key Management screen, simply select 'Export Keys to File' and then select 'Export Secret Keys '. Remember, keep the file safe and secure!
Now that everything is all setup, fully encrypted email is now a simple button click away! Yes, it did take a little bit of setup, but it wasn't so hard really, was it? If you want to encrypt an outgoing email, simply click the 'OpenPGP' menu button and hit 'Encrypt Message'. Of course, you will already need to have the public key for the recipient when it comes to hitting Send!
Feel free to send me an encrypted email to try it out and don't forget to attach your public key if you want an encrypted response!
Short URL: https://scotthel.me/pgpmail
My PGP public key: https://scotthelme.co.uk/contact/