How to set up end-to-end encryption for your e-mails in Mozilla’s Thunderbird

Topic

New Reply

https://www.neowin.net/guides/how-to-set-up-end-to-end-encryption-for-your-e-mails-in-mozillas-thunderbird/

In recent years, companies have been implementing various levels of encryption within their apps and services. ProtonMail offers encryption between its mail users, WhatsApp has encryption turned on by default, and Facebook Messenger lets you flip to more secure chats if you would like. While not the most straightforward to set up, Mozilla has tightly integrated PGP into its e-mail client Thunderbird, so you can encrypt e-mails, no matter your provider.

In this guide, I’ll go over:

How to set up your encryption keys
How to add your contact’s keys
How to share your own keys
How to upload your keys to a keyserver, so they can be found easily
How to backup your keys..

1 user thanked author for this post.

opti1

Reply | Quote

Replies

A problem, I find, with encrypting one’s emails, is that it works only if sent to people who can decrypt them. And not everybody even knows about encrypted emails.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

opti1

Reply | Quote

OscarCP wrote:

A problem, I find, with encrypting one’s emails, is that it works only if sent to people who can decrypt them. And not everybody even knows about encrypted emails.

You don’t encrypt every mail sent. You should encrypt only important/confidential mail like : to your bank, workplace, lawyer, doctor.. to them you should send a ‘public key’.

..How to share your own keys

To send your public key to a contact, head back into the OpenPGP Key Manager and right-click your key. You should then see an option to send your public key by e-mail, pressing this will open up a new compose window with your key attached. To import this, your recipient just needs to open their key manager, press File and import the public key from the file…

1 user thanked author for this post.

OscarCP

Reply | Quote

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

~~~~~~

You can verify this text for authenticity by original signer.

Encryption techniques are nice, but not easy.
Microsoft also makes many mistakes in the digital signing of their
messages;

Who oh who cares?
I do.

~~~~~~

—–BEGIN PGP SIGNATURE—–
Version: Encryption Desktop 10.5.0 (Build 1520)
Comment: PGP_10.5.0 MP1 [Build 1520],Secured
Charset: utf-8

wsFVAwUBYv/gYrY5OeMN8SSAAQqLohAAvqKDV2lNr7Ss8i6RrUGERLbDmXIzjjP8
Lre8SOhyBMIsoqKuGvo0NdZltywW5q4G5MSpG/87aSmw3ZZtFAfjP10jP9gzTGdk
jhp+nlKh/F5GTZt18hxGfA2TAaVd9RyRh16aAJfUyLpPX/AMI2o74mySuxNFhSlF
oZoRcHjCSVR9RU1UGsQQvdKTdD6314Trz/T9wfEyoZKYqg8V6TJ3wcJ9ngHfyYJl
Nh4PhkDN1P0YA+3jjTVaOqoVB8BqhoEHwSjDAmFEU4SmOfN3Zn/WfdqOLo9wNwYa
W8pzLfoC2tZBaPrzJFdL/f7YDHc9s61UPy0mO+CmpEguFEl95sCj2zJXpD8CP+oq
AYKRkhy+FRpt5Z6M7Dj81CjggUYjB6QzTjE9YmmKsgf7iGUdFFrT9RCBQG7RTbAv
WgkD3TmFhz3Gak2zDYLaj51jze2p2VeeoUzPnTYwthF2ypERmXVwmYkVem7IjJ/7
QEDcCXj0Ar72TLsKqVaEKen9HbnQ+WMSoWpFl7eD+IXrw6pmiOsikRTAon3mdKPE
BZLhQ8da2QlUqp/Qz9K3NvTk/QaXN7FSx3TMRBsZqSnVans9HO/+ZhsxggcbDulu
gtkw5vH6/i7/CGqito+rVTB9M+TRMGxl524yLp7luEnZhlMMw+VFnvvpoxLtDkrf
YsrnE6HSozE=
=H9pm
—–END PGP SIGNATURE—–

* _ ... _ *

Reply | Quote

Fred, Thanks.

Am I guessing right that the long and seemingly random sequence of characters is the encrypted PGP public key?

https://www.varonis.com/blog/pgp-encryption

Quote: “ProtonMail – like most email clients that offer PGP – hides all of the complexity of the encryption and decryption of the message. If you are communicating to users outside of ProtonMail, you need to send them your public key first. “

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

[Fred]

OscarCP y’re welcome:
In the message is everything beginning from —–BEGIN PGP   to  —–END PGP SIGNATURE—–   is the with PGP signed message.  The actual message is in the middle between the tilde-lines that I started and ended the message with, just to make it a bit more readable:

~~~~~~
…..
…..
~~~~~~

So and thus,  if there is a single letter and/or space within the mesage altered  than this message does not check out to be with a good signature and thus not to be original, like the picture of the pgp-check shows that this case is original.

My original text was signed with my PGPkey. This key consists of two parts: a private part and a public part. The private part of the this key is very secret and only in my possession, and the public part can be sent to somebody else, or to a (public-key) server on the internet, this usually is called a PGP-publickey-server.
Everybody who has anough of my cridentials can collect/download this publickey. Knowing the PGP-ID of somebody is anough to collect this publickey, in this case my “PGP-ID=(0x0DF12480)”.
((to make it a bit more complicated: anybody having the fingerprint of my PGPkey can collect this publickey too; in this case this accompanying fingerprint is “970A 5D81 27BD 73F9 5EB4 4139 B639 39E3 0DF1 2480”.  So when I hand over to somebody this PGP-ID or this PGPkey-fingerprint he can collect my publicPGPkey and can check this text to be original or not. 

But never ever forget:
This whole system of encryption is based on a single trust of  WHO keeps the PrivateKey , that is very easyly forgotten.

This message was only encrypted to my PGPkey, so the result is clearly visible.
When I encrypt this message to an other publickey from somebody else, than this message can only be decrypted by the owner of the other privatekey(s), and now the result is very scrambled with various signs.

herewith the example of the oversight of my PGPkeypair:

((for obvious reasons I blancked-out a few parts))

Using Protonmail or anything like it is based on this “simple principle”, and is a bit more user-friendly    😀

.

* _ ... _ *

• This reply was modified 2 years, 9 months ago by Fred.
• This reply was modified 2 years, 9 months ago by Fred.
• This reply was modified 2 years, 9 months ago by Fred.

Reply | Quote

OscarCP wrote:

Quote: “ProtonMail – like most email clients that offer PGP – hides all of the complexity of the encryption and decryption of the message. If you are communicating to users outside of ProtonMail, you need to send them your public key first. “

Using Protonmail in a good and smooth way, it’s always best that the receiving party is using Protonmail too, and than all the encryption behind the surface is done automaticly correct.
Using Thunderbird and mobilephone-email with Encryption-keys is very well possible, but not always that smoothly. The internet ‘tends to be very flexible’, as Microsoft learns us all day round with their updates.

ps: There are much more encrypted-email-services, but remember:  WHO keeps the PrivateKeys, and in what jurisdiction?.

pps: Who has nothing to hide, who cares?

.

* _ ... _ *

Reply | Quote

OscarCP wrote:

https://www.varonis.com/blog/pgp-encryption

The text in this quoted internet link is not quite true, about the part of being unbrakeable encryption. For that there is much more to be done to give the NSA or the x-Eyes-Aliance a hard time to break it.
Ofcourse Quantum-computing is expected to bring this type of encrypting to an end, eventually new techniques must be invented; or is that already there?

* _ ... _ *

Reply | Quote