Sysadmins of the North

Technical blog, where topics include: computer, server, web, sysadmin, MySQL, database, virtualization, optimization and security

Encrypt email with PGP – GnuPG

How to encrypt email with PGP (GnuPG) to protect and secure your online privacy. The last few weeks a lot is said about government privacy infringement programs like the NSA’s program Prism and UK GCHQ’s Tempora… Did you know you can easily protect your privacy, identity and your data transmissions by encryption?

For websites, you can visit only SSL/TLS-encrypted websites, make use of a VPN tunnel, (RDP over) ssh tunnel with PuTTY, or TOR project and network. But your business communications like email need to be secured too! Why not encrypt your email?

Encrypt email with PGP – GnuPG, for Microsoft Office Outlook and Mozilla Thunderbird

For more privacy and security, it’s now more important than ever to encrypt email with PGP.

Several implementations and methods to encrypt your email exist. In this article, we focus on Pretty Good Privacy, or PGP, for short. PGP was first created by Phil Zimmermann in 1991, and its open source implementation GNU Privacy Guard (GnuPG) to encrypt your email.

For Windows operating systems, there is a Gpg4win flavor available that we’ll be using in this article, and as a mail client we use Mozilla Thunderbird.

This may interest you:   "Joomla sites misused to deploy malware" - Update

In this article, we won’t dive into the more advanced options of PGP. Options such as adding multiple email addresses to a key or a web/ring of trust iss beyond the scope of this article.

Public Key Cryptography

Important to mention is that PGP uses public key cryptography, with asymmetrical keys. This means you have two keys:

  1. a private key
  2. a public key

And this means the other person with who you want to exchange an encrypted email, needs to have this set up too. An public key is bound to an user or email address and is published to a keyring server. For others to download of course, hence the “public” part. The public key is needed to decrypt an encrypted message. The private key needs to be… well, private! It represents you, your identity and trustworthiness.

You can find more information about – the inner workings of – PGP on Wikipedia

Set up GnuPG’s Gpg4win, how-to

Assuming you already have an email address set up in your email client, we start with downloading GnuPG’s Gpg4win. Its website is Gpg4win.org. You can start the download of the current version 2.1.1, at the time of this writing (Released: 2013-05-31).

After downloading Gpg4win, just follow the installer, but we skip the Root certificate configuration.

Outlook Privacy Plugin for Office Outlook 2010 – 2013

If you use Office Outlook 2013 you also need the Outlook Privacy Plugin with Gpg4win. You find more information about this plugin here. You can follow this great manual if you’re using Outlook 2010 or 2013.

This may interest you:   BIND 9.x vulnerable for remote Denial of Service through a magic packet

This article focuses on Mozilla Thunderbird and the EnigMail plugin.

Mozilla Thunderbird and EnigMail

Download enigmail-1.5.1-sm+tb.xpi Thunderbird plugin and install this plugin through the Add-ons Manager > Plugins > Install Add-on From File. Browse to your downloads and select the enigmail-1.5.1-sm+tb.xpi file, and click open. Wait three seconds, click Install Now and restart Thunderbird.

Add Enigmail add-on to Thunderbird 1

Add Enigmail add-on to Thunderbird 2

Add Enigmail add-on to Thunderbird 3

Add Enigmail add-on to Thunderbird 4

Add Enigmail add-on to Thunderbird 5

Next, we need to set up our private and public GPG keys.

Create and manage your PGP keys with Kleopatra

The full version of Gpg4Win also includes Kleopatra: a certificate manager application. We use this program to set up our PGP identity and keys. You find this program in your start menu under Gpg4win.

Follow the next screen shots to set up your key pair with Kleopatra.

Our PGP key pair has now been created, as the next screen confirms. Now we want a back-up for safekeeping, so click Make a Backup Of Your Key Pair.

Once the back-up is created it’s time to upload our public key to a key server for others to find. Click Upload Certificate To Directory Service. You can safely ignore the warnings.

Our key is all set now!his key is valid for two accoun

Don’t forget your passphrase, you must remember this one!

This may interest you:   SMTP over Hidden Services with postfix

Setup OpenPGP in Mozilla Thunderbird how to

Now our PGP key pair is created, it’s time to let Mozilla Thunderbird (and EnigMail) know about this. We need to set up our OpenPGP identity.

The OpenPGP identity (key) was discovered automatically:

Key Management in Mozilla Thunderbird

Before we send an email we need to find the public key of the recipient. This is done through a key server (or you might have received someone’s key on a thumb drive, or as a download .asc file).

As you can see, this key is valid for two accounts/email addresses.

Sending your first encrypted email with Mozilla Thunderbird

Now everything is configured (that was easy, wasn’t it? ;)), you are ready to send your first encrypted email message. Just do what you normally do, but also choose the Encrypt Message option.

The email is sent encrypted:

Import senders public key

Now the other end received the email and needs to decrypt it. Upon opening the email you are prompted for your passphrase.

All we now need to do is to import the public key to verify the signature.

Conclusion: encrypting email with PGP/GnuPG in Office Outlook and Mozilla Thunderbird is easy

… So why don’t you?

Because of government programs like Prism and Tempora it’s more important than ever to protect your online identity and to encrypt email with PGP, and your other online communications. This article showed you how easy it is to set up a PGP key pair to encrypt email with PGP. For other online communications you can use Tor, a VPN or SSL/TLS.

Even if the other side is not using PGP/GnuPG, you can still sign (not encrypt) your emails, to “prove” you were the sender.

2 Comments

  1. GPG is wonderful project. But if you had any trouble getting it work with Outlook, we’d love your feedback on a new addin we developed for OpenPGP for Outlook. Since we are a 10 year old software development company that focuses on MS Office/Outlook, and we fully understand what a pain in the ass it can be to develop and support Outlook, we decided to take it on as a challenge and share it free for personal/non-profit/journalist use.

    You can get Encryptomatic OpenPGP for Outlook at
    https://www.encryptomatic.com/openpgp/

    Its a clean install, code signed single installer. Support for Outlook 2016 thru 2007, both 64/32 bit versions, supports imap/pop/exchange, key servers, signing, etc. It works great for us, but If you have some ideas for us, or encounter any issues, we’d love to hear about them.
    Thanks,

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.