Hello there, today we are going to learn how to encrypt emails using Enigmail on Thunderbird. Enigmail is a data encryption and decryption extension for Mozilla Thunderbird that allows you to use OpenPGP to encrypt and digitally sign your emails as well as decrypt and verify email messages you receive. In order to use Enigmail, ensure that you have Mozilla Thunderbird installed and your email account setup. Check our previous article on how to install and setup Mozilla Thunderbird on Ubuntu 18.04.
Encrypt Emails using Enigmail on Thunderbird
By default, Thunderbird doesn’t ship with Enigmail extension and therefore you need to install this extension using Thunderbird’s Add-ons Manager. Hence launch Thunderbird and navigate to
Tools tab on the Thunderbird Menu and click
This opens up Add-ons Manager where you can search for Enigmail extension under Extensions tab.
The search results will appear as shown in the screenshot below;
Add to Thunderbird button to install it. Once the installation is done, you should be able to see it under the Extensions tab. You will also see the Enigmail tab on the Menu bar.
Setting up Enigmail
Enigmail has a setup wizard that enables you to set it up. To launch the setup wizard, click
Enigmail tab on the menu bar and navigate to
Choose the Setup Type
When the setup wizard launches, you will be prompted to choose the setup type. Click Next to proceed with standard configuration.
You can also choose to import settings from a previous installation.
Generate Enigmail Key Pair
Next, you need to generate the encryption key pair. This will create a
public key which you will share with whomever you want to sent encrypted emails to you and
secret key that you will use decrypt received emails signed encrypted with your public as well as sign the sent emails. To protect the secret key, you will need the passphrase. Hence, set a passphrase that you can easily remember and is secure at the same time. You can also define how long should the passphrase be remembered after decrypting an email message.
Click Next to generate the key pair. Once the generation is done, you will be notified. Close the notification window and confirm key generation.
Generate Revocation Key
Revocation key is used to revoke the public key so that those whom you shared with them do not continue using it to encrypt the emails when you lost or your secret key has been compromised. Be sure to store this key safely.
Once the revocation certificate generation is done, click Next to finalize on the Enigmail setup.
You are now ready to encrypt outgoing mails. However, you can only encrypt emails if the recipient has shared with you their public keys. You can also read encrypted emails if they are encrypted with you public key. Therefore before both the sender and the recipient can encrypt or decrypt emails, they need to have shared their public keys with themselves.
Upload Public Keys to Keyserver
To share the public keys with the recipient with whom you would like to have encrypted email communication, you would compose a new mail and click Enigmail > Attach My Public key then send your message. However, the easiest way would be to upload your public keys to public Keyserver such that both parties can pull the other’s public keys from there.
To upload the your public key to Keyserver, Navigate to Enigmail tab on the Menu bar > Key management. Right click on the Key you want to upload and select Upload Public Keys to Keyserver.
Download Public Keys from Keyserver
If your contacts have also uploaded their Public keys, you can similarly download them from Keyserver. On Key Management window, click Keyserver > Search for Keys.
Enter the contact email ID on the search bar. Once you found the key, click Ok to import it.
Once you have downloaded the key, it should now be available on Enigmail key management and should be able to share encrypted emails as you wish. When you compose an email message for contact you already have their public key, the auto encryption is turned on automatically.
That is all about how to encrypt emails using Enigmail on Thunderbird. Enjoy.