In the last part of this installment we discussed importing mail into the Thunderbird mail client. Now that our email has been taken out of the browser, we can begin adding the cryptographic elements. The first of these is GPG (Gnu Privacy Guard). GPG is an open source implementation of PGP. It will provide the actual encryption used for our emails. The next step is to install an add-on to Thunderbird called Enigmail. Enigmail will provide the interface, allowing Thunderbird to use GPG’s encryption. Installing and setting up GPG and Enigmail is the first order of business in this post.
Different operating systems require different versions of GPG. If you are using Windows you will install GPG4Win. If you are using OS X you will install GPG Suite. If you are using Linux, you can probably skip this step because GPG comes standard with most distros. If you do need to download it you can do so here. After you have downloaded the application, begin the setup process. You will be prompted to provide your administrator password and select a language. After you have done so you should see screens depicted in the following screenshots.
On the third screen you will be asked which components of GPG you wish to install. I generally choose to make my installation as light as possible. I uncheck everything except “GnuPG” and the “Compendium”. The other components provide powerful capabilities, but they are superflous for our purposes.
The next step is to install Enigmail. Since it is only a extension to Thunderbird this is an easy installation. First, open Thunderbird. Next, click the hamburger icon, and then click “Add-ons”.
CREATING A KEY PAIR WITH GPG AND ENIGMAIL
With GPG and Enigmail installed, you are ready to begin creating your key(s). When Thunderbird restarts the Enigmail Setup Wizard will begin walking you through the process of key generation. This is not an overly complicated process, and Enigmail will automate most of it. With the “Start setup now” radio button checked, click “Next”.
On the next screen select “I prefer an extended configuration”. On the next screen check “I want to create a new key pair for signing and encrypting my email”. The next screen will prompt you to enter a password. I recommend that you take some time to enter a good password. This password can never be changed, so take the time now. After clicking the “Next” the key generation process will begin.
After the keys have been generated you will be prompted to generate a Revocation Certificate. A revocation certificate allows you to revoke your keys if they are compromised in the future (leading to compromise of communications encypted with them). This ensures that if you lose control of your private key you can still maintain control of the communications. We will discuss how to revoke a certificate in a future post on the topic. Ensure you store the revocation certificate in a secure location.
Now that we have installed GPG and Enigmail and setup a keypair, we are ready to being exchanging encrypted emails. We will cover this in the next segment, so stay with me!
If you enjoyed this article and would like exclusive content, sign up for the Operational-Security Newsletter.