Encrypt and sign your email with Thunderbird

This course will become read-only in the near future. Tell us at community.p2pu.org if that is a problem.

Why Encrypt and Sign Email [May 3, 2012, 11:04 a.m.]


 

E-mail is one of the oldest forms of communication on the Internet. We often use it to communicate very personal or otherwise sensitive information. It is very important to understand why e-mail in its default configuration is not secure. In the following tasks we will describe the different methods necessary to secure your e-mail against known threats.


 

No sender verification: you cannot trust the 'from' address

Most people do not realize how trivial it is for any person on the Internet to forge an e-mail by simply changing the identity profile of their own e-mail program. This makes it possibly for anyone to send you an e-mail from some known e-mail address, pretending to be someone else. This can be compared with normal mail; you can write anything on the envelope as the return address, and it will still get delivered to the recipient (given that the destination address is correct). We will describe a method for signing e-mail messages, which prevents the possibility of forgery.

 

E-mail communications can be tapped, just like telephones

An e-mail message travels across many Internet servers before it reaches its final recipient. Every one of these servers can look into the content of messages, including subject, text and attachments. Even if these servers are run by trusted infrastructure providers, they may have been compromised by hackers or by a rogue employee, or a government agency may seize  equipment and retrieve your personal communication.

There are two levels of security that protect against such e-mail interception. The first one is making sure the connection to your e-mail server is secured by an encryption mechanism. The second is by encrypting the message itself, to prevent anyone other than the recipient from understanding the content. This challenge covers E-mail encryption using PGP within Thunderbird.

Task

Install Thunderbird, PGP and Enigmail

If you don't already have Thunderbird, PGP and Enigmail tools installed then;

  • Read the installation instructions in the Thunderbird Workbook here: http://en.flossmanuals.net/thunderbird-workbook/
  • Install the latest version of Thunderbird for your operating system
  • Install PGP for your operating system
  • Install the Enigmail plugin for Thunderbird