How to use Email Encryption in Ubuntu

Encrypting everything online including your emails has become necessary. Your confidential information such as login credentials, social security numbers, and bank account details becomes vulnerable when you sent them through emails. Email encryption involves masking the content to the email message to prevent them from being read by unauthorized persons. Sending encrypted emails in Linux is very easy and it involves the open-source tools.

In this article, we are going to learn how to use email encryption in Ubuntu 18.04 LTS.

Following tools will be required for encrypting emails in Ubuntu.

  • Mozilla Thunderbird

Mozilla Thunderbird is an open-source email client using which you can send, receive, and manage emails from multiple accounts without using a web browser.

  • GNU PGP(GPG.)

GPG is an open-source tool that allows the user to generate key pairs (Private and Public Key) that can be used to encrypt, decrypt, and sign emails.

  • Enigmail

Enigmail is an OpenPGP add-on for Mozilla Thunderbird. This add-on allows you to use GnuPG’s encryption feature from within the Mozilla Thunderbird..

GnuPG and Enigmail also allows you to attach digital signatures to your messages

Installing Mozilla Thunderbird

Mozilla Thunderbird is already installed and is the default email client in Ubuntu 18.04 LTS. In case it is not already installed, you can install it using the Terminal application.

Press Ctrl+Alt+T to launch the Terminal, then type the following command to install Thunderbird:

$ sudo apt install thunderbird

Installing GNU PGP(GPG)

Similar to Mozilla thunderbird, GPG is also pre-installed in Ubuntu 18.04 lTS and In case it is not already installed, you can install it by running the following command in Terminal application.

$ sudo apt install gnupg2

Installing Enigmail

To install Enigmail, run the following command in Terminal:

$ sudo apt-get install enigmail

Install Enigmail

To verify if it is installed and added on Mozilla Thunderbird, open Mozilla Thunderbird application from the launcher on the left side of the Desktop. When Mozilla Thunderbird opens, click the right menu button on the Mozilla Thunderbird application, then click on Add-ons.

Mozilla Addon

Here you can see the installed Enigmail add-on. If you want, you can temporarily disable this add-on from here.

Add Enigmail Plugin

Generating Encryption keys

Now everything is installed, we will need to generate a key pair for encrypting our emails. It generates a pair of two keys Private key and public key.

Private key

The private key can be used to read the encrypted emails that are sent to you by those having a copy of your public key. It is self-protected by a passphrase.

Public key

The public key is used to send someone an encrypted email and only that person can decrypt the email using his private key. Similarly, if someone wants to send you an encrypted email, he will require your public key.

We will generate encryption keys using the Setup wizard.

Select Enigmail from the top menu bar of Mozilla Thunderbird. Then from drop-down menu, click on Setup Wizard.

Enigmail setup wizard

Leave the default option I prefer a standard configuration selected and click Next.

Use standard configuration

If you already have a key pair, you can choose that otherwise select the second option I want to create a new key pair for signing and encrypting my email. Then click Next.

Key selection

If you have multiple accounts, select the one account for which you want to create a key pair for. Then set a strong passphrase. This passphrase will be used to protect your private key. Then click Next.

Enigmail Create Key

Now, wait for a while until the key generation process is completed.

Key generation

When the key generation is completed, you will see a message Your Key has been generated. Click on Close button to close the dialog box.

The Key has been generated

Next, you will see the option to create a revocation certificate. This certificate is used to invalidate your public key in case your private key is lost or stolen.

Click on Create Revocation Certificate.

Create Revocation cert

Then it will open another dialog box, where you can choose the location to save your Revocation Certificate. Choose any secure location on your system and then click Save.

Save revocation cert

Integrating Email account with Enigmail

Now we will configure our email account to work with Enigmail. Click on the Settings icon on the right side of the Mozilla Thunderbird window. Then go to Preferences > Account Settings.

Enable Enigmail in your Email account

Follow the below steps to configure an email account for Enigmail:

Step 1. On the left pane, click on OpenPGP Security tab.

Step 2. Click on the checkbox Enable OpenPGP support (Enigmail) for this identity.

Step 3. Click on Select Key button to select the key pair for this email account.

Step 4. Check the box Encrypt messages by default

Step 5. Check the box Use PGP/MIME by default

Step 6. Click Ok

Email account settings

Exchanging public keys

To exchange public keys, both you and your recipient should follow the below steps:

Step1: On Mozilla Thunderbird, click on Write a new message to create an email.

Exchange Public keys

In the recipient, add the second email account to which you want to share your public key and send encrypted emails.

Step 2: Then click on Enigmail on the top menu bar and then select Attach my Public Key.

Attach public key

Step 3: Then if you have multiple keys, it will ask you to select one key from it. Select the key that you want to send.

Select OpenPGP Key

Step 4. Click on Send button in the email window. If prompted for passphrase enter your passphrase.

Importing public keys

When you receive an email that contains the public key, import that. Both you and your correspondent have to follow the below steps to import public keys of each other.

Step1: Right-click on the reply email attachment and select Import OpenPGP Key.

Importing public keys
When prompted for confirmation, Click OK.

Select OK

Next, you will see the message verifying that keys are imported successfully.

Key imported successfully

Step 2: Click on Enigmail on the top menu bar and then select Key management. Here you will see imported public key of your recipient.

OpenPGP Key management

Sending and receiving Encrypted email

Once you and your correspondent both have imported each other’s public keys, you can begin sending and receiving encrypted emails. Make note that Enigmail only protects the Email content and attachment of the account for which you have public keys.

Sending Encrypted emails

Step 1: Click Enigmail in the new email window top menu bar to compose an email.

Step 2: Add recipient for whom you have a signed public key.

Step 3: Click Send

You will notice both the lock and the pencil button will automatically light up as soon as you enter the recipient email address for which you have imported the public key.

Receiving Encrypted emails

When you receive an encrypted email, Mozilla thunderbird will automatically decrypt the email.

Step1: Open the encrypted email.

Step 2: Enter your passphrase to decrypt the email. It is the same passphrase you have set for protecting the private key.

Step 3: Click OK. You will see a decrypted email.

While communicating, it is very important to confirm that that the public key used to encrypt email actually should belong to the person with whom you are communicating.

So, this was all about using Enigmail Add-on in Thunderbird to send encrypted emails in Ubuntu. It is not necessary for the other person to use only Enigmail and Thunderbird. They can use other email clients and tools to have encrypted communication with you.