Thunderbird and Enigmail for Encrypted Email
May 3rd, 2006
Even though I don’t email top-secret information on a daily basis (OK, actually never), I would like the option to make my email secure. It makes me feel better to know only those whom I intend to read it can do so. Pretty Good Privacy (PGP) is an email encryption computer program that didn’t sound promising, but after some research I found that it suffers from a humility complex — PGP is actually very strong, solid encryption. PGP allows you to encrypt your email communications so you can be sure the messages are only read by the person you intended.
I have been a fan of Thunderbird (read my review) for quite some time, and recently came across an extension called Enigmail which promised to give me the PGP security capabilities I was looking for. The Enigmail extension provides the security in a simple and straightforward way and nicely integrates into Thunderbird. The encryption is handled by the GNU Privacy Guard (GnuPG), a free version of PGP.
Here is a simple example of how PGP works. Dave wants to send Jesse an email. Both Dave and Jesse have Thunderbird and Enigmail installed. Both use Enigmail to generate a key pair. Dave gets a private key and a public key, and Jesse also gets his own public and private key. The public keys are public; Dave and Jesse share those with each other. The private keys are private, they should never be shared. The two keys work together to encrypt and decrypt messages. If something was encrypted with the public key, it can only be decrypted by the corresponding private key.
OK, back to Dave and Jesse. When Dave sends Jesse an email, Dave encrypts the message using Jesse’s public key (Dave has access to Jesse’s public key because it is public). When Jesse receives the message, Enigmail will automatically decrypt the message using Jesse’s private key and Jesse will read the message. To anyone else viewing the message it would look something like this:
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.3rc2 (MingW32)
hQIOA6x3yUQjMAdqEAgAvyC+x6frLRnxE8u67BRQAFb2Jrj
NQdBoN2uFKH6x2DGJeggTSL2aGyABsFSr8eva4j4QWSnVfa
DC5P5EOwEQykSvK65TC9Mi5nX6DpEaClQAz/FDIyM+gr3r0
WYWE560YS4KSKz8CHPkIK3E3MruZVNTSn7CVQjHNbzJmgpJ
fgij2jFt59PgXpUgYxX5idkV0TitdR2O7Uv/VBSbRJCpWlK
hQDcX/k21Gcd89sqES6g6iP/pYXYghCo36pitjIhIwf7Bhk
Tv7rCDjQ8QR4+WFnYk9UVjL9KbWlqbn2awBejVQOqSH2j/f
QV4ry7qPVDODGlY0plIy28nUv7WaNt18E+9mS1e+AcGc/5V
WswmxMwM65qV7/1MiqaJ9fc8NdzUsA3peAfiv56dJuJJQRp
W/PD5WKWf9dDUmwRX6Qql36MMQCguwcBfhZZ1rVFQuZYARh
aiMjOS1+Xhrk8FQZnRYu+rmEpT6sXdkpAdvKelE1y/v5lDs
PdLACAEOW7aQoaxAm03WL4w/jGZAI5FB70VUG9kyEN+Xy2E
fUPF2LBTc/72pjvDrxb6O7lMXtpfgy49Lt+2clg2yqvefBt
jg/GmbdxGZMz1rWXDUuZsd9GdfKwxrmvQN8fSTc7FKcIC7h
1uYv7X8dpubuVdParSQKS4WX7d+7J/CNgUQkWytrMtcdWuH
pRgPtdSlxbIC1GQ7
=OCNT
-----END PGP MESSAGE-----
When Jesse wants to reply to Dave’s initial encrypted email. Jesse encrypts the entire message using Dave’s public key and sends it to Dave. When Dave gets the message, it is decrypted using Dave’s private key. Neither person ever touches the other’s private key — it remains private. Dave and Jesse have now exchanged emails securely using PGP.
PGP is strong stuff. Famous cryptographer Bruce Schneier said PGP is “the closest you’re likely to get to military-grade encryption” (Applied Cryptography, p. 587). The reason it is so strong lies deep in PGPs cryptographic and mathematical roots, which we won’t delve into here. Just know that it’s not going to be cracked. Experts doubt any groups, even large government agencies, are capable of decrypting PGP messages. It’s good encryption.
Another great tool I found for PGP encryption and message signing is WinPT (Windows Privacy Tray). It’s a free, open source program that manages your PGP keyring (your public and private keys) and the public keys of others. One of the cool things about WinPT is that it’s a standalone application that you can use to encrypt or sign messages in a regular text document. So, for example, if you’re at work and don’t have access to your Thunderbird application, but you do have webmail access, you can still send encrypted and signed messages from your webmail client. You can also decrypt messages sent to you. All you need to do is copy and paste the plain text into the WPTray clipboard and select the Encrypt, Decrypt, or Sign options. WPTray will do the dirty work, and you simply copy and paste the results into the message body and send the email.
You can check out my public key page to import my public key into your PGP key manager so you can send me an encrypted email. Please don’t send anything which may compromise national security, but if you want to keep Mom’s famous apple pie recipe safe, PGP is great encryption, and using Thunderbird and Enigmail together make it easy and available to the masses.
4 Comments Add your own
1. Michael | May 4th, 2006 at 9:15 pm
Sometimes I like the idea of encryption, but the numbers boggle my mind. Is it like the password dilemma, is it hard to remember the keys? What to do? I want it, but it scares me…
2. Seth | May 5th, 2006 at 9:58 am
Michael, the PGP keymanger programs (Enigmail or WinPT) do all of the number cruching for you — there is no need for you to generate huge prime numbers or anything like that. However, I would recommend protecting your private key with a solid password (both Enigmail and WinPT have that turned on by default), which you will have to remember. Using these tools is really easy; you could have them up and running in a matter of a few minutes.
3. hanna | October 30th, 2008 at 3:07 am
When Jesse wants to reply to Dave’s initial encrypted email. Jesse encrypts the entire message using Dave’s private key “and sends it to Dave”
Jesse is using Dave’s private key ????
4. Seth | October 30th, 2008 at 10:28 am
Hanna,
No, Jesse wouldn’t use Dave’s private key, Jesse would use Dave’s public key. Thanks for catching this error — I must have been typing without thinking. Dave and Dave alone should have access to his own private key. Sorry for the mix-up. I’ve made the change in the article.
Leave a Comment
Subscribe to the comments via RSS Feed