70. Pleasure of pressing
to encrypt, decrypt email
Part Two of Two
By Andrew D. Wright
In Part One of this two part column, we
showed you how to set up the
free Open Source program Gnu Privacy Guard (GPG) and generate Public and
Secret Keys which you use to encrypt and decrypt data.
You would use this to send confidential information to someone over an
insecure connection like email in a form only the recipient can open.
GPG is a command line program. It can be used all by itself to encrypt and
decrypt messages, upload and download keys and so on but for daily
practical use, there is nothing like just pressing a button to encrypt or
decrypt your email. Here's how to set that up using the free Open Source
email program Mozilla Thunderbird and the Enigmail extension. Extensions
are add-on programs that enable Thunderbird to do more things.
If you're not already using it, download, install and set up Mozilla
Thunderbird. It can import your mail and settings from other email
programs. You should use
secure mail settings if your provider supports
Open your web browser and go to the Enigmail home page listed below.
Follow the link to download Enigmail and save it to your hard drive,
noting where you put it. Open Thunderbird and go to Tools then Extensions.
Now click the Install button in the Extensions window and select the file
you just downloaded. Install it by pressing the Install button then when
done close and restart Thunderbird.
Click on Enigmail on the Thunderbird menu and select Preferences. You need
to put in where to find gpg.exe (by default,
and click OK.
Go into Tools then Account Settings and select OpenPGP options.
Check Enable OpenPGP support. Click OK.
Now compose a message to yourself. When done, click the OpenPGP button and
click Encrypt message. You can also add a digital signature to it which
would prove the message came from you. You'll need to type in your GPG
Secret Key pass phrase. This pass phrase is very important and under no
circumstances should you ever save this pass phrase on your computer. Send
the message. You'll see your message has been replaced by a big block of
random looking text. If you check your sent mail folder, the message is
encrypted there also. (You can turn this off but that is a bad idea.)
When your test message arrives, you will need to press the Decrypt button
and type in your Secret Key pass phrase to read it.
Anyone you want to send an encrypted message to needs to have created a
Public Key for themselves as you have done. Let's say they have. Write a
new message to them like you would normally. Encrypt the message and hit
Send. A window will open up. Press Download Missing Keys and then OK.
Enigmail will search for the email address of your recipient on the
keyserver. A network of keyservers exchange Public Keys with one another.
If the key is found, you can click on it and hit OK to import the new key
so you can use it to encrypt the message. Select the key of your recipient
and click okay to send the encrypted message. You can read your copy of
the message in your sent mail with your Secret Key and the other person
reads the copy you sent them with their Secret Key. Anyone else sees only
To upload your Public Key to a keyserver, select the Enigmail menu, click
on OpenPGP Key Management. Select your key then click on the Keyserver
menu item and Upload Public Keys. We've set up a Public Key for
email@example.com for anyone wanting to try this out.
Gnu Privacy Guard download (free):
Gnu Privacy Guard manual (free):
Mozilla Thunderbird download (free):
Enigmail extension home page (free):
The Mousepad runs every two weeks. It's a service of Chebucto Community
Net, a community-owned Internet provider. If you have a question about
computing, email firstname.lastname@example.org. If we use your question in
a column, we'll send you a free mousepad.
Originally published 16 October 2005