How to encrypt your emails in Thunderbird

Martin Brinkmann
Sep 21, 2017
Updated • Sep 22, 2017
Email, Thunderbird
|
7

Emails are by default just like postcards. That's good on the one hand, as it ensures that sender and recipient can read the email messages without issues.

It means however as well that anyone or anything that is in the delivery chain may read those emails as well.

This is done by some email providers to serve targeted advertisement to its users for instance. Email encryption is not a new concept, but it never really made the jump in the mass market. Users who wanted to could encrypt email messages ten years ago and even earlier than that.

The majority of users on the other hand don't. One reason for that is that it is not super-easy to use encryption; first because it is not really supported by the majority of email providers out of the box, and second because it requires that recipients need to do something to read these emails, and reply with encrypted messages of their own.

The following guide is a basic tutorial that explains in simple terms how to set up email encryption in Thunderbird.

Here is what you need:

Setting up email encryption in Thunderbird

thunderbird install enigmail

First thing you need to do is download the programs from the linked resources mentioned in the last paragraph. Install Thunderbird if you have not done so already, and Gpg4win.  You need to have at least one account in Thunderbird to complete the configuration. If you have none, start by adding an email account or creating a new one.

The Gpg4win installer displays installation modules when you run it. I suggest you keep the defaults, but remove the Outlook plugin component as you may not require it.

Once you are done with that, fire up Thunderbird and go to Tools > Addons. Switch to Extensions if another menu is selected by default, and click on the cogwheel icon next to search.

Select install add-on from file, and pick the Enigmail add-on that you downloaded previously. Follow the installation dialog to complete the installation.

You should see Enigmail listed as a new extension afterwards. Click on the options link first that is displayed next to the extension, and make sure the GnuPGP installation was found. Enigmail should pick up the installation courtesy of Gpg4win. Close the window afterwards again.

Select Enigmail > Setup Wizard afterwards. Keep the default choice "I prefer a standard configuration (recommended for beginners)" and click on next. If you already know your way around, select the advanced or manual configuration options instead.

These list additional options and use fewer screens to create key pairs. Additional options include setting a key expiration date, as well as the key size and type.

You may import existing settings as well if you have access to a previous installation already.

configure enigmail

Enigmail displays all available accounts on the next page. If you have not used Gpg4win before, you should only see a test account listed there.

Since you have not created a key pair yet, select "I want to create a new key pair for signing and encrypting my email".

create new encryption pair

A key pair consists of a public and a private key. The public key needs to be sent or made available to others so that they may use it to encrypt emails. The private key is personal, and should not be shared or made available. It is used to decrypt any email that was encrypted using the linked public key.

Enigmail explains the key concept of key pairs on the next page. You are asked to pick a user account from the available Thunderbird accounts

Select one of the accounts, and pick a -- very -- secure passphrase. The passphrase protects the private key and it is essential that it is secure as someone might be able to brute force or guess it otherwise.

pgp pair create

Select next once you have added the passphrase and selected one of the available accounts.

Enigmail generates the key on the next page. The extension states that this may take a couple of minutes, and that "actively browsing or performing disk-intensive operations" will speed up the key generation process.

key generation

You cannot process after the key generation, as you are required to create a revocation certificate as well. This is used in cases where you need to revoke the public key, for instance after you have lost it, cannot remember the passphrase of the private key, or if a system has been compromised.

Select "create revocation certificate" to start the process. You are asked to enter the passphrase at this point and cannot proceed without it.

recovation certificate

Thunderbird opens a save file dialog afterwards. Save the revocation certificate to a secure location, for instance encrypted storage on a connected drive, or even better, a Flash drive or CD that you put elsewhere so that it is not physically near the device you are using.

Select the next button afterwards, and then finish to complete the process.

Verification

openpgp options

To verify that everything has been set up correctly, select Tools > Account Settings. Locate the account you created a key pair for, and open "OpenPGP Security" that is listed as an option underneath it.

The option "Enable OpenPGP support (Enigmail) for this identity) should be checked, and you should see that a specific OpenPGP key is selected as well.

Spreading your public key

attach public key

Other users need to use the public key to send encrypted emails to you that you can decrypt using your private key. Similarly, these other users need to create a key pair of their own, and inform you about their public key so that you can send them encrypted emails using their public key as well.

You have a couple of options when it comes to sending others your public key.

The main options that you have are the following ones:

  1. Use the "Attach my Public Key" option when you are writing emails. Enigmail adds a button to the compose window that you can click on so that the public key is attached automatically to emails that you compose.
  2. Utilize a public key server. You may upload your public key to a public keyserver for easier distribution. These key repositories can be accessed by anyone. To do so, select Enigmail > Key Management. Select the key you want to upload to a keyserver, and select Keyserver > Upload Public Keys afterwards.

Importing public keys

keyserver find public keys

You need to import public keys before you can use them. If you use Enigmail, this can be done in several ways:

  1. Double-clicking on the .asc key file to import the key.
  2. Searching for keys using Enigmail > Key Management > Keyserver > Search for keys.

Validate keys

enigmail sign key

Signing keys is a form of verification. Since you don't really know if a key has been tampered with, you may validate it through other forms of communication.

Maybe over a (secure) phone call, or in person. To validate a key, select Enigmail > Key Management. Double-click on the key name that you want to validate to open the key properties.

You find a "certify" button next to validity on the page that opens. Click on it, and select the "I have done very careful checking" and type the passphrase afterwards.

Encrypting and decrypting emails

encrypt message

Now that you are done setting up Enigmail, it is time to encrypt emails, and decrypt them. To encrypt a message, simply click on the encrypt button in the compose window to do so. You may sign the message as well, and attach the public key to it.

You need the recipients public key to encrypt email messages. If you don't have them, you cannot use the encrypt option to protect it from prying eyes.

If you add attachments to encrypted emails, you are queried on how you want to handle those. You can send attachments not encrypted as part of the message, or encrypted in multiple ways (inline PGP, PGP/Mime separately or as a whole).

Thunderbird will ask for your passphrase to decrypt messages that are encrypted. These are then displayed just like any other email.

Closing Words

Setup is not difficult and it takes a couple of minutes to create your first key pair and configure the extension and Thunderbird accordingly.

The biggest issue is to get others to use PGP. If you are the tech savvy one in your family, at work or your circle of friends, you may need to assist others in setting this up.

Now You: Do you encrypt your email messages?

Summary
How to encrypt your emails in Thunderbird
Article Name
How to encrypt your emails in Thunderbird
Description
Find out how to configure the email client Thunderbird to use encryption for sending and receiving email messages to improve your privacy.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. JMGG said on January 19, 2012 at 8:25 am
    Reply

    You said that Outlook isn’t your main email client, so which is your main one?

    1. BalaC said on January 19, 2012 at 9:42 am
      Reply

      I think its thunderbird

    2. Martin Brinkmann said on January 19, 2012 at 10:15 am
      Reply

      It is Mozilla Thunderbird.

  2. Salaam said on September 24, 2012 at 9:52 pm
    Reply

    Awesome! This actually solved my problem… what a stupid bug.

  3. Claud said on December 19, 2012 at 2:08 am
    Reply

    If this is the same bug that I’ve encountered, there may be another fix: (1) hover over open Outlook item in Taskbar, cursor up to hover over Outlook window item, and right-click; (2) this should give you Restore / Move / Size / Minimize / Maximize — choose Move or Size; (3) use your cursor keys, going arbitrarily N/S/E/W, to try to move or size the Outlook window back into view. Basically, the app behaves as though it were open in a 0x0 window, or at a location that’s offscreen, and this will frequently work to resize and/or move the window. Don’t forget to close while resized/moved, so that Outlook remembers the size/position for next time.

    1. Lynda said on February 12, 2013 at 3:37 pm
      Reply

      THANK YOU Claude!!! I could get the main window to launch but could not get any other message window to show on the desktop. You are my hero!!!!

    2. Chad said on November 20, 2018 at 4:24 pm
      Reply

      Solved my issue! 6 years later and this is still problem…

    3. Ivan X said on January 21, 2021 at 4:50 pm
      Reply

      Fantastic. Thank you. Size did the trick.

  4. Andrew said on October 26, 2013 at 7:06 am
    Reply

    This solved my Outlook problem, too. Thank you. :)

  5. Charles said on December 7, 2013 at 7:23 pm
    Reply

    Thank you so much, this started happening to me today and was causing big problems. You are a life saver, I hope I can help you in some way some day.

  6. garth said on November 7, 2014 at 7:13 pm
    Reply

    You are a god – thank you!

  7. Faisal said on February 9, 2015 at 10:09 am
    Reply

    thanks a lot…. work like charm.. :-)

  8. Simon said on March 24, 2015 at 11:36 pm
    Reply

    Yah…thanks Claude. I’ve been having the same problem and tried all the suggestions…your solution was the answer. It had resized itself to a 0/0 box. Cheers

  9. Olu said on April 14, 2015 at 1:35 pm
    Reply

    Excellent post. This had me baffled even trying to accurately describe the problem. This fixed it for me.
    Thank you

  10. Coenig said on July 23, 2015 at 7:36 am
    Reply

    Thanks a lot for the article. Don’t know why it happenend, don’t know how it got fixed, but it was really annoying and now it works :-)

  11. Fali said on January 20, 2016 at 4:19 pm
    Reply

    Thanks a lot. I was facing this issue from past 3 week. I tried everything but no resolution. The issue was happening intermittently and mainly when I was changing the display of screen ( as i use 2 monitors). The only option i had was to do system restore. But thanks to you.

    1. MIki said on January 10, 2019 at 11:54 am
      Reply

      I’ve been tried to sole this problem for 12hours. Your comment about changing the display of screen helped me a lot!! Thanks!!

  12. Christina said on January 20, 2016 at 6:14 pm
    Reply

    Thank you…don’t know why this happened but your instructions helped me fix it. Running Windows 10 and office pro 2007

  13. Oz said on July 22, 2016 at 3:20 pm
    Reply

    Great tip! Thanks!

  14. Tracy said on September 1, 2016 at 4:48 pm
    Reply

    Worked for me, too – thank you!!!

  15. shawn said on September 9, 2016 at 10:25 am
    Reply

    It’s Worked for me, too
    thank you very much!

  16. Jari said on October 31, 2016 at 11:53 am
    Reply

    I had a similar issue with Outlook 2013 on Windows 10 and this helped me to fix it. Thank you very much!

  17. Michel H said on November 30, 2016 at 11:08 pm
    Reply

    Thank you so much. Solved!
    Considering you published this in 2012, incredible not been debugged by Microsoft.
    Thank you again. M

  18. Ziad Bitar said on January 9, 2017 at 2:00 am
    Reply

    This problem was faced by only one user logging to TS 2008 r2 using outlook 2010.The issue was resolved.

    Thanks.

  19. Anonymous said on February 15, 2017 at 5:24 pm
    Reply

    Great tip. Thank you!!!! If it helps, I had to use the Control Key and the arrow keys at the same time to bring my window back into view. Worked like a charm.

  20. Rochelle said on March 6, 2017 at 11:59 am
    Reply

    Thank you, this worked !!!!

  21. anom1234 said on May 20, 2018 at 11:20 pm
    Reply

    Man, you are a fucking god. Thanks a lot, what an annoying bug!!

  22. JC said on October 12, 2020 at 2:14 pm
    Reply

    Awesome, this post solved the issue. Many thanks!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.