Encrypt Emails using Enigmail on Thunderbird

Last Updated:

Hello there, today we are going to learn how to encrypt emails using Enigmail on Thunderbird. Enigmail is a data encryption and decryption extension for Mozilla Thunderbird that allows you to use OpenPGP to encrypt and digitally sign your emails as well as decrypt and verify email messages you receive. In order to use Enigmail, ensure that you have Mozilla Thunderbird installed and your email account setup. Check our previous article on how to install and setup Mozilla Thunderbird on Ubuntu 18.04.

Encrypt Emails using Enigmail on Thunderbird

By default, Thunderbird doesn’t ship with Enigmail extension and therefore you need to install this extension using Thunderbird’s Add-ons Manager. Hence launch Thunderbird and navigate to Tools tab on the Thunderbird Menu and click Add-ons.

add ons

This opens up Add-ons Manager where you can search for Enigmail extension under Extensions tab.

encrypt emails using Enigmail on Thunderbird

The search results will appear as shown in the screenshot below;

encrypt emails using Enigmail on Thunderbird

Click the Add to Thunderbird button to install it. Once the installation is done, you should be able to see it under the Extensions tab. You will also see the Enigmail tab on the Menu bar.

encrypt emails using Enigmail on Thunderbird

Setting up Enigmail

Enigmail has a setup wizard that enables you to set it up. To launch the setup wizard, click Enigmail tab on the menu bar and navigate to Setup Wizard.

Choose the Setup Type

When the setup wizard launches, you will be prompted to choose the setup type. Click Next to proceed with standard configuration.

encrypt emails using Enigmail on Thunderbird

You can also choose to import settings from a previous installation.

Generate Enigmail Key Pair

Next, you need to generate the encryption key pair. This will create a public key which you will share with whomever you want to sent encrypted emails to you and secret key that you will use decrypt received emails signed encrypted with your public as well as sign the sent emails. To protect the secret key, you will need the passphrase. Hence, set a passphrase that you can easily remember and is secure at the same time. You can also define how long should the passphrase be remembered after decrypting an email message.

encrypt emails using Enigmail on Thunderbird

Click Next to generate the key pair. Once the generation is done, you will be notified. Close the notification window and confirm key generation.

keys generated

Generate Revocation Key

Revocation key is used to revoke the public key so that those whom you shared with them do not continue using it to encrypt the emails when you lost or your secret key has been compromised. Be sure to store this key safely.

revoke crt

Once the revocation certificate generation is done, click Next to finalize on the Enigmail setup.

You are now ready to encrypt outgoing mails. However, you can only encrypt emails if the recipient has shared with you their public keys. You can also read encrypted emails if they are encrypted with you public key. Therefore before both the sender and the recipient can encrypt or decrypt emails, they need to have shared their public keys with themselves.

Upload Public Keys to Keyserver

To share the public keys with the recipient with whom you would like to have encrypted email communication, you would compose a new mail and click Enigmail > Attach My Public key then send your message. However, the easiest way would be to upload your public keys to public Keyserver such that both parties can pull the other’s public keys from there.

To upload the your public key to Keyserver, Navigate to Enigmail tab on the Menu bar > Key management. Right click on the Key you want to upload and select Upload Public Keys to Keyserver.

encrypt emails using Enigmail on Thunderbird

Download Public Keys from Keyserver

If your contacts have also uploaded their Public keys, you can similarly download them from Keyserver. On Key Management window, click Keyserver > Search for Keys.

Upload Public Keys to Keyserver

Enter the contact email ID on the search bar. Once you found the key, click Ok to import it.

encrypt emails using Enigmail on Thunderbird

Once you have downloaded the key, it should now be available on Enigmail key management and should be able to share encrypted emails as you wish. When you compose an email message for contact you already have their public key, the auto encryption is turned on automatically.

encrypt emails using Enigmail on Thunderbird

That is all about how to encrypt emails using Enigmail on Thunderbird. Enjoy.


We're passionate about sharing our knowledge and experiences with you through our blog. If you appreciate our efforts, consider buying us a virtual coffee. Your support keeps us motivated and enables us to continually improve, ensuring that we can provide you with the best content possible. Thank you for being a coffee-fueled champion of our work!

Photo of author
I am the Co-founder of Kifarunix.com, Linux and the whole FOSS enthusiast, Linux System Admin and a Blue Teamer who loves to share technological tips and hacks with others as a way of sharing knowledge as: "In vain have you acquired knowledge if you have not imparted it to others".

2 thoughts on “Encrypt Emails using Enigmail on Thunderbird”

    • Hi donald. Which Thunderbird version are you using? When you search enigmail on the Thunderbird add-ons manger, you should get it.
      You can also check various versions of enigmails that works with specific versions of Thunderbird here.
      You can however download the .xpi file for enigmail from the link above and choose install add-on from file on Thunderbird.
      Let us know if you succeed.
      Thank you


Leave a Comment