Encrypting everything online including your emails has become necessary. Your confidential information such as login credentials, social security numbers, and bank account details becomes vulnerable when you sent them through emails. Email encryption involves masking the content to the email message to prevent them from being read by unauthorized persons. Sending encrypted emails in Linux is very easy and it involves the open-source tools.
In this article, we are going to learn how to use email encryption in Ubuntu 18.04 LTS.
Following tools will be required for encrypting emails in Ubuntu.
- Mozilla Thunderbird
Mozilla Thunderbird is an open-source email client using which you can send, receive, and manage emails from multiple accounts without using a web browser.
- GNU PGP(GPG.)
GPG is an open-source tool that allows the user to generate key pairs (Private and Public Key) that can be used to encrypt, decrypt, and sign emails.
- Enigmail
Enigmail is an OpenPGP add-on for Mozilla Thunderbird. This add-on allows you to use GnuPG’s encryption feature from within the Mozilla Thunderbird..
GnuPG and Enigmail also allows you to attach digital signatures to your messages
Installing Mozilla Thunderbird
Mozilla Thunderbird is already installed and is the default email client in Ubuntu 18.04 LTS. In case it is not already installed, you can install it using the Terminal application.
Press Ctrl+Alt+T to launch the Terminal, then type the following command to install Thunderbird:
$ sudo apt install thunderbird
Installing GNU PGP(GPG)
Similar to Mozilla thunderbird, GPG is also pre-installed in Ubuntu 18.04 lTS and In case it is not already installed, you can install it by running the following command in Terminal application.
$ sudo apt install gnupg2
Installing Enigmail
To install Enigmail, run the following command in Terminal:
$ sudo apt-get install enigmail
To verify if it is installed and added on Mozilla Thunderbird, open Mozilla Thunderbird application from the launcher on the left side of the Desktop. When Mozilla Thunderbird opens, click the right menu button on the Mozilla Thunderbird application, then click on Add-ons.
Here you can see the installed Enigmail add-on. If you want, you can temporarily disable this add-on from here.
Generating Encryption keys
Now everything is installed, we will need to generate a key pair for encrypting our emails. It generates a pair of two keys Private key and public key.
Private key
The private key can be used to read the encrypted emails that are sent to you by those having a copy of your public key. It is self-protected by a passphrase.
Public key
The public key is used to send someone an encrypted email and only that person can decrypt the email using his private key. Similarly, if someone wants to send you an encrypted email, he will require your public key.
We will generate encryption keys using the Setup wizard.
Select Enigmail from the top menu bar of Mozilla Thunderbird. Then from drop-down menu, click on Setup Wizard.
Leave the default option I prefer a standard configuration selected and click Next.
If you already have a key pair, you can choose that otherwise select the second option I want to create a new key pair for signing and encrypting my email. Then click Next.
If you have multiple accounts, select the one account for which you want to create a key pair for. Then set a strong passphrase. This passphrase will be used to protect your private key. Then click Next.
Now, wait for a while until the key generation process is completed.
When the key generation is completed, you will see a message Your Key has been generated. Click on Close button to close the dialog box.
Next, you will see the option to create a revocation certificate. This certificate is used to invalidate your public key in case your private key is lost or stolen.
Click on Create Revocation Certificate.
Then it will open another dialog box, where you can choose the location to save your Revocation Certificate. Choose any secure location on your system and then click Save.
Integrating Email account with Enigmail
Now we will configure our email account to work with Enigmail. Click on the Settings icon on the right side of the Mozilla Thunderbird window. Then go to Preferences > Account Settings.
Follow the below steps to configure an email account for Enigmail:
Step 1. On the left pane, click on OpenPGP Security tab.
Step 2. Click on the checkbox Enable OpenPGP support (Enigmail) for this identity.
Step 3. Click on Select Key button to select the key pair for this email account.
Step 4. Check the box Encrypt messages by default
Step 5. Check the box Use PGP/MIME by default
Step 6. Click Ok
Exchanging public keys
To exchange public keys, both you and your recipient should follow the below steps:
Step1: On Mozilla Thunderbird, click on Write a new message to create an email.
In the recipient, add the second email account to which you want to share your public key and send encrypted emails.
Step 2: Then click on Enigmail on the top menu bar and then select Attach my Public Key.
Step 3: Then if you have multiple keys, it will ask you to select one key from it. Select the key that you want to send.
Step 4. Click on Send button in the email window. If prompted for passphrase enter your passphrase.
Importing public keys
When you receive an email that contains the public key, import that. Both you and your correspondent have to follow the below steps to import public keys of each other.
Step1: Right-click on the reply email attachment and select Import OpenPGP Key.
When prompted for confirmation, Click OK.
Next, you will see the message verifying that keys are imported successfully.
Step 2: Click on Enigmail on the top menu bar and then select Key management. Here you will see imported public key of your recipient.
Sending and receiving Encrypted email
Once you and your correspondent both have imported each other’s public keys, you can begin sending and receiving encrypted emails. Make note that Enigmail only protects the Email content and attachment of the account for which you have public keys.
Sending Encrypted emails
Step 1: Click Enigmail in the new email window top menu bar to compose an email.
Step 2: Add recipient for whom you have a signed public key.
Step 3: Click Send
You will notice both the lock and the pencil button will automatically light up as soon as you enter the recipient email address for which you have imported the public key.
Receiving Encrypted emails
When you receive an encrypted email, Mozilla thunderbird will automatically decrypt the email.
Step1: Open the encrypted email.
Step 2: Enter your passphrase to decrypt the email. It is the same passphrase you have set for protecting the private key.
Step 3: Click OK. You will see a decrypted email.
While communicating, it is very important to confirm that that the public key used to encrypt email actually should belong to the person with whom you are communicating.
So, this was all about using Enigmail Add-on in Thunderbird to send encrypted emails in Ubuntu. It is not necessary for the other person to use only Enigmail and Thunderbird. They can use other email clients and tools to have encrypted communication with you.