Sysadmins of the North
Don't forget to share this post!

Encrypt email with PGP – GnuPG

How to encrypt email with PGP (GnuPG) to protect and secure your online privacy. The last few weeks a lot is said about government privacy infringement programs like the NSA’s program Prism and UK GCHQ’s Tempora… Did you know you can easily protect your privacy, identity and your data transmissions by encryption?

For websites, you can visit only SSL/TLS-encrypted websites, make use of a VPN tunnel, (RDP over) ssh tunnel with PuTTY, or TOR project and network. But your business communications like email need to be secured too! Why not encrypt your email?

Encrypt email with PGP – GnuPG, for Microsoft Office Outlook and Mozilla Thunderbird

For more privacy and security, it’s now more important than ever to encrypt email with PGP.

Several implementations and methods to encrypt your email exist. In this article, we focus on Pretty Good Privacy, or PGP, for short. PGP was first created by Phil Zimmermann in 1991, and its open source implementation GNU Privacy Guard (GnuPG) to encrypt your email.

For Windows operating systems, there is a Gpg4win flavor available that we’ll be using in this article, and as a mail client we use Mozilla Thunderbird.

In this article, we won’t dive into the more advanced options of PGP. Options such as adding multiple email addresses to a key or a web/ring of trust iss beyond the scope of this article.

Public Key Cryptography

Important to mention is that PGP uses public key cryptography, with asymmetrical keys. This means you have two keys:

  1. a private key
  2. a public key
This may interest you:   10% WordPress plugins in top ~1000 is vulnerable, a PHP static code analysis shows

And this means the other person with who you want to exchange an encrypted email, needs to have this set up too. An public key is bound to an user or email address and is published to a keyring server. For others to download of course, hence the “public” part. The public key is needed to decrypt an encrypted message. The private key needs to be… well, private! It represents you, your identity and trustworthiness.

You can find more information about – the inner workings of – PGP on Wikipedia

Set up GnuPG’s Gpg4win, how-to

Assuming you already have an email address set up in your email client, we start with downloading GnuPG’s Gpg4win. Its website is You can start the download of the current version 2.1.1, at the time of this writing (Released: 2013-05-31).

After downloading Gpg4win, just follow the installer, but we skip the Root certificate configuration.

Outlook Privacy Plugin for Office Outlook 2010 – 2013

If you use Office Outlook 2013 you also need the Outlook Privacy Plugin with Gpg4win. You find more information about this plugin here. You can follow this great manual if you’re using Outlook 2010 or 2013.

This article focuses on Mozilla Thunderbird and the EnigMail plugin.

Mozilla Thunderbird and EnigMail

Download enigmail-1.5.1-sm+tb.xpi Thunderbird plugin and install this plugin through the Add-ons Manager > Plugins > Install Add-on From File. Browse to your downloads and select the enigmail-1.5.1-sm+tb.xpi file, and click open. Wait three seconds, click Install Now and restart Thunderbird.

Add Enigmail add-on to Thunderbird 1

Add Enigmail add-on to Thunderbird 2

Add Enigmail add-on to Thunderbird 3

Add Enigmail add-on to Thunderbird 4

Add Enigmail add-on to Thunderbird 5

Next, we need to set up our private and public GPG keys.

This may interest you:   How to filter web traffic with blacklists

Create and manage your PGP keys with Kleopatra

The full version of Gpg4Win also includes Kleopatra: a certificate manager application. We use this program to set up our PGP identity and keys. You find this program in your start menu under Gpg4win.

Follow the next screen shots to set up your key pair with Kleopatra.

Our PGP key pair has now been created, as the next screen confirms. Now we want a back-up for safekeeping, so click Make a Backup Of Your Key Pair.

Once the back-up is created it’s time to upload our public key to a key server for others to find. Click Upload Certificate To Directory Service. You can safely ignore the warnings.

Our key is all set now!his key is valid for two accoun

Don’t forget your passphrase, you must remember this one!

Setup OpenPGP in Mozilla Thunderbird how to

Now our PGP key pair is created, it’s time to let Mozilla Thunderbird (and EnigMail) know about this. We need to set up our OpenPGP identity.

The OpenPGP identity (key) was discovered automatically:

Key Management in Mozilla Thunderbird

Before we send an email we need to find the public key of the recipient. This is done through a key server (or you might have received someone’s key on a thumb drive, or as a download .asc file).

As you can see, this key is valid for two accounts/email addresses.

This may interest you:   Joomla websites abused as open proxy for Denial-of-Service attacks

Sending your first encrypted email with Mozilla Thunderbird

Now everything is configured (that was easy, wasn’t it? ;)), you are ready to send your first encrypted email message. Just do what you normally do, but also choose the Encrypt Message option.

The email is sent encrypted:

Import senders public key

Now the other end received the email and needs to decrypt it. Upon opening the email you are prompted for your passphrase.

All we now need to do is to import the public key to verify the signature.

Conclusion: encrypting email with PGP/GnuPG in Office Outlook and Mozilla Thunderbird is easy

… So why don’t you?

Because of government programs like Prism and Tempora it’s more important than ever to protect your online identity and to encrypt email with PGP, and your other online communications. This article showed you how easy it is to set up a PGP key pair to encrypt email with PGP. For other online communications you can use Tor, a VPN or SSL/TLS.

Even if the other side is not using PGP/GnuPG, you can still sign (not encrypt) your emails, to “prove” you were the sender.

About the Author Jan Reilink

My name is Jan. I am not a hacker, coder, developer, programmer or guru. I am merely a system administrator, doing my daily thing at Vevida in the Netherlands. With over 15 years of experience, my specialties include Windows Server, IIS, Linux (CentOS, Debian), security, PHP, WordPress, websites & optimization. Want to support me and donate? Use this link:

follow me on:

Leave a Comment:

Add Your Reply
Skip to content