Encrypting Thunderbird email with OpenPGP

Encrypting Thunderbird email with OpenPGP

Email messages are at the moment the least secure method of transferring information. They are almost always written in plain-text, jumping around from server to server (with each server capable of storing a local copy for further analysis) with anyone interested in eavesdropping on them (with bit of technical knowledge and systems access) able to do so.

In case you’re running your own server, setting up Postfix/Sendmail to use encryption (and configuring your e-mail client to also use encryption while talking to the server) is one way of securing your information, but the degree of safety this provides is only as low as the weakest chain in the link – either the receiver of your email or a server in the route which (by accident or design) breaks the encrypted path and forwards the emails in plain-text.

screenshot130609-124325The best way of securing your data is to encrypt communication at the the two ends (the sender and receiver points), this way no longer depending on each node in the chain to maintain the security.

To use an end-to-end PGP encryption with Thunderbird (my email client of choice), you’ll need to install Enigmail (Thunderbird extension) and GnuPG.


  1. Download and install GnuPG.
  2. Download Enigmail (choose your Thunderbird version and operating system and right-click to Save target link… the xpi file on your computer).
  3. Open Thunderbird; navigate Tools > Addons > Install addons from file (this applies to Thunderbird 17, in other versions it might be differently placed/named); select the xpi file previously downloaded and install it; Thunderbird will require a restart – restart it.
  4. Navigate to the new OpenPGP menu item. It will warn you that you have not defined the path of the PGP executable. Define it now (it my case it was Program Files (x86)\GNU\GnuPG\gpg2.exe).
  5. Generate a new encryption key pair; go to OpenPGP > Key Management and click Generate > New Key Pair; then choose the email address you want to generate a key for (repeat this for every email you want to use encryption on); the generation will take a while; in the end you will also be presented with the option to generate a revocation certificate – create it and store it in a safe place (you’ll never know when you might need it).


openpgp-menuNow, when you’re writing an important email message that you want to send encrypted, you’ll need to select OpenPGP > Encrypt Message in the New Message window.

You also have the option to Attach your Public Key to that message (so the receiver can decrypt your message). You only need to send your public key with your first message to each receiver.

Remember that all receivers you want to send encrypted messages to need to also have Enigmail (or other PGP compatible encryption software) installed to be able to decrypt your emails.

To find someone’s PGP key, from the OpenPGP menu, choose Key Management. From the Keyserver menu, choose Search. Search for another PGP user by name or email address and add his or her key to your key manager. Once it’s in there you will be able to encrypt mail to that person.



Leave a Reply