For my first blog post I thought I’d show how one can use GnuPG with thunderbird and the enigmail add-on. OpenPGP lets you encrypt your message and provide solid proof of identity. In a day and age when scams and private information leakage is prevalent, tools like these can give on some peace of mind. Ok first things first!

GnuPG Installation

This is different depending on which platform your on. Here are some common examples:

Mac OS X (on commandline)

sudo port install gnupg

Ubuntu or Debian (on commandline)

sudo apt-get install gnupg

Enigmail Installation

Use your favorite download tool (or web browser) and get the following file: https://addons.mozilla.org/en-US/thunderbird/downloads/file/14773/enigmail-0.95.0-tb.xpi Ok! Fire up thunderbird 2.x and go to tools -> add-ons; click the ‘install button’ and point the file browser at the file you just downloaded. When the verification window pops up and the timeout ends click ‘install’. Now click ‘restart thunderbird’; congratulations your Thunderbird just got new superpowers!

Enigmail Configuration

First things first make sure that your email address and personal information is correct under edit > account settings. GnuPG will use this to generate your key. You should now noticer a new menu at the top called “OpenPGP”. Click this, then the option “Key Management”. If a wizard comes up, close it. Click on the “Generate” menu then “New key pair”. You are generating a digital instance of your identity, only you will hold the keys to verifying it. Check the “no passphrase” box unless you want to type a password in before sending each email. If your the paranoid type, type a password in. The only thing left to do now is click “Generate key” and yes on the confirmation prompt. Wait till a complete prompt appears; this indicates that the key generation is complete. Browsing the web or playing an mp3 will speed this process up by giving your computer more entropy to work with. After confirming the key generation you will be asked if you want to create a revocation certificate in case your gnupg identity becomes compromised; click ok and go with the default settings which will create the file in your home directory. After the window closes you should see your new key listed. Now that your gnupg identiy has been created you must upload part of it to a public server so people can verify emails that come from you. Go to Keyserver > Upload public keys > ok. The default keyserver is a fine choice.

Send email with your secure identity

You are now ready to send gnupg signed emails! By default you have to manually tell gnupg to sign each email with this extra identification. Lets go ahead and change some settings so it is automatic. Go to edit > account settings > openpgp security. Check ’sign non-encrypted messages by default’, ’sign encrypted messages by default’ , and ‘always use PGP/MIME’. This will ensure all messages are automatically signed with your pgp identity. Furthermore the PGP/MIME option inserts the key into the mime headers unobtrusively as opposed to inline in the message which will confuse the non-technical users. Now all your messages will be sent with your signed super-secure identity. If you want you can even encrypt sensitive messages; keep in mind however that anyone who does not have gnupg capabilities setup will not be able to read the messages which you encrypt. Therefore use this feature sparingly. It can always be accessed when composing a new message from the OpenPGP toolbar item. Now go forth and mail with a greater peace of mind!

bookmark

This entry was posted on Tuesday, October 9th, 2007 at 1:22 pm by Matthew Elder and is filed under Programming. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.