Using GnuPG/PGP for Email Encryption in Thunderbird (2012)

To safeguard sensitive email content, we can utilize GnuPG/PGP. GnuPG/PGP is employed to encrypt the body or message of an email.

In a previous article About Email and Privacy, we discussed how email systems work, how emails are intercepted, analyzed header data, and briefly outlined ways to protect our email privacy. On this occasion, we wish to share with you how to use GnuPG for encrypting the content of an email.

When sharing information via email with friends or colleagues, it is not uncommon to include sensitive data such as email addresses, usernames, passwords, or other confidential information. To safeguard this sensitive content, we can utilize GnuPG. GnuPG is employed to encrypt the body or message of an email.

By employing this method, the exchange of information requires prior consent between the sender and recipient through the exchange of a “public key”, thereby ensuring that the message is much more secure in terms of confidentiality.

In this tutorial, we will utilize software GnuPG integrated with Thunderbird. The author prefers Thunderbird as a mail client because it is available on various operating systems. Additionally, Thunderbird provides several features/extensions, such as Enigmail, which enables us to perform encryption, decryption, and provide PGP signatures.

The following tools are required or used by the author for this guide:

Before proceeding, I assume that you have successfully installed GnuPG, Thunderbird, and the Enigmail plugin on your operating system.

Creating a PGP Key with GnuPG

After downloading GnuPG and installing it, we can generate a PGP key by running the command: gpg --gen-key. You will then have several options for your generated key, including key type, key size, how long the key is valid, and passphrase key for your PGP key.

1Please select what kind of key you want:
2 (1) RSA and RSA (default)
3 (2) DSA and Elgamal
4 (3) DSA (sign only)
5 (4) RSA (sign only)
6Your selection? 1

First, we select option number 1 (RSA and RSA) which enables us to perform both encryption and signature of messages.

1RSA keys may be between 1024 and 4096 bits long.
2What keysize do you want? (2048) 2048
3Requested keysize is 2048 bits

Next, we choose the desired keysize. By default, the program GPG uses a value of 2048. Enter 2048 and press enter.

1Please specify how long the key should be valid.
2 0 = key does not expire
3 <n> = key expires in n days
4 <n>w = key expires in n weeks
5 <n>m = key expires in n months
6 <n>y = key expires in n years
7Key is valid for? (0) 1y
8Key expires at Sun 27 Jul 2013 05:55:36 PM WIT
9Is this correct? (y/N) y

Then, we determine how long the key is valid. In this example, I made the key valid for 1 year. Enter 1y and press enter.

 1GnuPG needs to construct a user ID to identify your key.
 2
 3Real name: Tutorial PGP
 4Email address: [email protected]
 5Comment: Untuk contoh tutor PGP
 6You selected this USER-ID:
 7 "Tutorial PGP (Untuk contoh tutor PGP) <[email protected]>"
 8
 9Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
10You need a Passpharse to protect your secret key.

The next step is to provide a user ID to identify the key we are creating. The user ID includes your original name, email address, and comment. Fill in all the forms and then type O and press enter.

After that, a popup will appear with a form to fill in the passphrase key, as shown in the picture below:

gpg gen-key

Fill in the passphrase key which will serve as a password for using your PGP Key and decrypting messages. Press the Ok button, then wait for a few seconds, and you will see a summary key with information such as expiration date, owner’s name, and others. As shown on the picture, my PGP public key is D47A605E.

gpg gen-key2

Using PGP in Thunderbird with Enigmail

Open your Thunderbird program, select option OpenPGP > Key Management. Then, a list of keys available on our system will appear, as shown in the picture below:

OpenPGP management Thunderbird

Make sure your public key ID on OpenPGP is the same as what you just created. Then, to perform testing, we can send an email to [email protected] (PGP Email Robot) with our public key attached. The way to do it is by selecting menu OpenPGP > Attach Public Key.

OpenPGP attach public key

Then, a popup list PGP key will appear. Select the PGP key according to the email we use (D47A605E) by checking the box on the left side of Account / User ID.

List PGP keys

Send your message, and then after a few seconds you will receive an email reply from Adele:

List PGP keys

Enter your passphrase key PGP key to find out the contents of the message. It should appear like the picture below:

After successfully emailing with the “Robot”, it’s time to try emailing with a real person. (Find someone who is already familiar with using PGP and exchange Public Keys 1 same as each other) In the OpenPGP menu, check the options Sign Message and Encrypt Message. (Make sure the pencil and key icons on the bottom right are yellow).

Open PGP button Thunderbird

Send the message, and then only someone who has a complete PGP key and knows their passphrase key- can read the message.

Open PGP button Thunderbird

I hope this guide helps you who want to pay more attention to privacy when exchanging messages through email.

Sources: