Encrypt and sign your email with Thunderbird

This course will become read-only in the near future. Tell us at community.p2pu.org if that is a problem.

Send encrypted and signed email [May 3, 2012, 11:16 a.m.]


Our task is to send an encrypted and signed email. To do this we will need the public key of the person that you want to send the email to. Normally you will contact that person and ask them to send you their key via email. If this is not possible or if you want to get on and try this now you download one. Later challenges will cover the use of key servers as another way of receiving and sending keys.

Receiving public keys and adding them to your keyring

Downloading keys from the web

Many people put their public keys on the web so that it is possible for others to download their key.  

To continue with this task you may want to use the following key and email to test your ability to send encrypted mail.

PGP key:  http://clearerchannel.org/keys/mickfuzz.gpg
Associated email:  mickfuzz@clearerchannel.org

To be able to send an encrypted email to this address you first need to add that key to your keyring in Thunderbird. To do this click on the link to the PGP key and download that file to your computer. 

Then, in the Thunderbird application go to OpenPGP > Key Management

In the Key Management window select File > Import Keys from File

Browse to the place where you saved the public key you downloaded and then select it and click on the Open button

You should then receive an alert message saying that The key(s) were successfully imported.

You should now be able to progress to sign and encrypt email.

Receiving keys by email

Let's say are able to request and receive a public key from a friend by mail. The key will show up in Thunderbird as an attached file. Scroll down the message and below you will find tabs with one or two file names. The extension of this public key file will be .asc, different from the extension of an attached PGP signature, which ends with .asc.sig

Look at the example email in the next image, which is a received, signed PGP message containing an attached public key. We notice a yellow bar with a warning message: 'OpenPGP: Unverified signature, click on 'Details' button for more information'. Thunderbird warns us that the sender is not known yet, which is correct. This will change once we have accepted the public key.

What are all those strange characters doing in the mail message? Because Thunderbird does not recognize the signature as valid, it prints out the entire raw signature, just as it has received it. This is how digitally signed PGP messages will appear to those recipients who do not have your public key.

The most important thing in this example is to find the attached PGP public key. We mentioned it is a file that ends with an .asc. In this example it's the first attachment on the left, which is in the red circle. Double-clicking on this attachment would make Thunderbird recognize the key.

In the example image above, we should double-click on the attached .asc file to import the PGP public key.

After we have clicked on the attachment, the following pop-up will appear.

Thunderbird has recognized the PGP public key file. Click on 'Import' to add this key to your keyring. The following pop-up should appear. Thunderbird says the operation was successful. Click on 'OK' and you are done. You now have the ability to send this friend encrypted messages.

 

You should now be able to progress to sign and encrypt email.

Signing emails to an individual

Digitally signing email messages is a way to prove to recipients that you are the actual sender of a mail message. Those recipients who have received your public key will be able to verify that your message is authentic.

1. Offer your friend your public key, using the method described earlier in this chapter.

2. In Thunderbird, click on the icon.

3. Before actually sending the mail, enable the OpenPGP > Sign Message option via the menu bar of the mail compose window, if it is not enable already. Once you have enabled this option, by clicking on it, a marked sign will appear. Clicking again should disable encryption again. See the example below.

5. Click on the button and your signed mail will be sent.

Sending encrypted mails to an individual

1. You should have received the public key from the friend or colleague you want to email and you should have accepted their public key, using the method describe earlier in this chapter.

2. In Thunderbird, click on the icon.

3. Compose a mail to the friend or colleague, from who you have previously received their public key. Remember the subject line of the message will not be encrypted, only the message body itself, and any attachments.

4. Before actually sending the mail, enable the OpenPGP > Encrypt Message option via the menu bar of the mail compose window, if it is not enabled already. Once you have enabled this option, by clicking on it, a marked sign will appear. Clicking again should disable encryption again. See the example below.

5. Click on the button and your encrypted mail will be sent.

 


Task

Follow the instructions above to;

  • Import someone else's public key via email or by downloading it from the web
  • Send an encrypted and signed email to that person