Encrypt email in Thunderbird with OpenPGP

encrypted email

This article explains two functions in Thunderbird that work together nicely: (1) Configure an email alias to protect your identity, and (2) Import an OpenPGP private key and associate it with the email alias. I could not find anything online that explained how to use both of these functions together. There were articles (see references below) explaining how to do each function separately. So after performing this experiment, it turns out you can associate a private key with an email alias to securely send encrypted email all within Thunderbird.

Specifically, I want to use the openPGP key pair I generated using GNU Privacy Guard to send and receive emails as maddyice, an alias I previously set up in my Mailbox.org account. To do this I will import the key pair into the Thunderbird client, associate the “maddyice” identity under my primary mailbox.org account, then send and receive an encrypted email as a test.

References

Step 1: Generate an openPGP key pair

First, I set up an openPGP key pair using maddyice@mailbox.org with Gnu Privacy Guard (GPG). If you don’t already have an openPGP key pair, you need to generate one. Go to my article on how to generate a key pair before proceeding to the next step.

A note for those of us who use Mailbox.org

Mailbox.org is my email provider and offers Guard, an implementation of a PGP key that resides on their server. I originally thought I could import that key pair into Thunderbird and use it for encryption. However, reading the mailbox.org help files, the Guard key pair can only be used with the primary account. This is not a viable solution as it may compromise my identity. Hence the need to associate a key pair with my email alias.

  • Mailbox.org created Guard for webmail PGP encryption
  • You can import your own private key to Guard and use it via webmail (not recommended)
  • The Guard private key can be imported to Thunderbird, but must be configured to use the primary email account, not an alias

Step 2: Import the openPGP private key into Thunderbird

  1. Open Thunderbird
  2. Go to Account Settings and click on the desired email account
  3. Go to End-To-End Encryption
  4. Select the Add Key… button
  5. Select Import an existing OpenPGP Key and find the private key file to import
  6. Classify the key as a trusted “personal” key
  7. Select OpenPGP Key Manager to verify the key was imported

Note: In my case, the maddyice@mailbox.org identity (alias) has not been established yet in Thunderbird, so the key will not appear in the list of selectable keys for my primary email account.

Step 3: Create an identity (email alias) in Thunderbird

Since maddyice@mailbox.org alias already exists in my mailbox.org settings, all that is required is to add that identity to Thunderbird.

  1. Go to Account Settings, click on your primary account name
  2. Click the Manage Identities… button, and then click Add…
  3. Enter a name you want to associate with the alias
  4. Enter the alias email address as both the email address and the reply-to address
  5. Click OK to close the dialog and click OK again to close the identities list
  6. Now, go back into Manage Identities… and click Edit…
  7. Go to End-to-End Encryption tab
  8. The private key associated with the alias is now active; select it
  9. Click the Close button to close the identities list

Step 4: Receive a test email to verify setup

To test, I had a friend send maddyice@mailbox.org an encrypted email from their Mailbox.org account. I was able to open and read the email and verify that it was encrypted with openPGP.

Step 5: Send an encrypted reply in Thunderbird

  1. Click Reply
  2. Select the Security dropdown menu from the top toolbar
  3. Verify Encryption Technology says OpenPGP, Require encryption is checked, optionally digitally sign the message, and optionally attach a copy of the public key
  4. Send the email

Note: I verified that my friend received the email. She was prompted to add my public key to her key list. The OpenPGP message was included along with the digital signature and copy of the public key.

Conclusion

I was able to successfully send and receive encrypted emails using the OpenPGP key pair I created with Gnu Privacy Guard and associate it with the mailbox.org email alias through Thunderbird. This is a great accomplishment considering there was no tutorial online directly addressing how to accomplish both functions. If this helped you or if you have questions, please comment below.

Leave a Comment

Your email address will not be published. Required fields are marked *