With the abundance of breached passwords and the NSA snooping on everything we do, privacy has been on our minds lately. For those of us who would like email friends or loved ones with no stress or want to trust that the documents you email to your accountant or client aren’t being intercepted and read, we have found the solution for you… Encrypted Email. Thanks to our friends at lifehacker.com we have put together a guide on how to encrypt your emails so you can worry less about exactly who is reading them.
How PGP Encryption Works, and What You’ll Need
Encrypting your email may sound strenuous however it’s actually rather easy to do. Using the PGP method will make your messages look like jumbled text to uninvited onlookers. It’ll also obscure credit card numbers, addresses, photos, and anything else you may prefer be private if you don’t already have a secure connection to your email provider.
Ready to get started? Here’s what you’ll need:
- GNU Privacy Guard (GnuPG), in the form of GPGTools (OS X) or Gpg4win (Windows)P
- Thunderbird (Win/OS X/Linux) or Postbox (Win/OS X) for desktop emailP
- Enigmail, an OpenPGP add-on for Thunderbird and Postbox. You can get the Thunderbird add-on here, and the Postbox add-on here.P
- Mailvelope for Chrome or Firefox, and a webmail account like Gmail, Outlook, Yahoo, or GMX.P
* Due note that you’ll need friends who also use PGP, and you’ll have to exchange public keys with them to make sure they can read your messages. Many people post their public keys to their personal websites, or just send them as attachments to everyone they email, just so they have them.
Step One: Install GnuPG and Enigmail to Generate Your Keys
First you will need to install GNU Privacy Guard (akd GnuPG, aka GPG) and generate our public and private keypair. Remember, your public key is the one you’ll give out to people in order to exchange encrypted messages. Your private key is the one you keep close to pocket.
- Download the GPG installer for your operating system (we used GPGTools for OS X andGpg4win in Windows) and install it. On the Mac, GPGTools will launch as soon as you finish the install. Go ahead and close it—it’s easier for us to generate our keypairs from inside Thunderbird or Postbox.
- Once you have GPG installed, it’s time to install the Enigmail extension for your desktop email client. Grab it here for Thunderbird, and here for Postbox. You may need to save the extension files to your desktop and then drag them into Thunderbird or Postbox to install them.
- Once installed, restart your mail program. You should see a new “OpenPGP” menu along with File, Edit, View, and the rest. Click the OpenPGP menu and select “Key Management.”
- The OpenPGP Key Management window should appear. From here, click the “Generate” menu, and select “New Keypair.”
- The Generate OpenPGP Key window should appear. Select the email address you want to generate a keypair for from the drop-down menu. Type in a passphrase for your keypair—or essentially the password you’ll have to enter in order to encrypt or decrypt messages. Make sure it’s a good, strong password you’re not using somewhere else.
- Click “Generate Key.” It could take a few minutes, but to help build random data for the operation, jiggle the mouse a bit, or just leave the window up while you do other things while the key generates. Every time I did it, it was a matter of seconds.
- You may be prompted to generate a revocation certificate at the end of the process. If you are, do it. That key can be used to invalidate your public key in case someone gets their hands on your private key, or if it’s ever compromised. Save it somewhere safe, preferably somewhere backed up regularly.
Once you’ve created your keypair, export it for safe keeping (also, we’ll need it again later). Here’s how:
- In Thunderbird or Postbox, click the OpenPGP menu and select “Key Management.”
- Right-click the keys you want to save and select “Export Keys to File.”
- You’ll get an alert asking if you want to include your secret key in the saved file. Click “Export Secret Keys” to include it.
- Select a safe place for your keys, and click Save.
If you have multiple email addresses, you don’t need to generate separate keys for each account. You can, of course, but your keys are separate from your email accounts and their providers. You can use the same public and private key for multiple addresses if you want to keep things simple.
Step Two: Configure Thunderbird or Postbox to Encrypt Your Messages
Open a new message in Postbox or Thunderbird, and click the “OpenPGP” menu. You should see option to “Sign Message” and “Encrypt Message.” You can do either, but you should do both. In Thunderbird, you can also toggle signing and encryption using the key and pencil icons at the bottom right of the compose window.P
Compose your message as normal, and click send. When you do, you’ll be prompted for your passphrase. Type it in, and your email will turn into a jumbled mess. Whoever gets it will need your public key in order to decrypt and make sense of it.
If you have an attachment to send, as soon as you drag it into the message window you’ll get an alert asking if you’d like to just encrypt the message text and not the attachments (never do this), encrypt and sign each attachment separately and send the whole thing using inline PGP.
Step Three: Configure Mailvelope for Your Webmail
Once you have the add-on installed, here’s how to set it up:
- Open your browser’s extensions page and click to open Mailvelope’s options.
- Everything here should be blank. Note: If you don’t use a desktop client at all, you can generate your keys right here. Mailvelope supports generating keys with passphrases from the menu on the left, and exporting them for safe keeping from your key ring.
- Click “Import Keys” from the menu on the left.
- You’ll see an empty text window. Open up the text file that contains your public and private keypair in your favorite text editor (but it has to be a text editor!)
- Select all, and copy all of the text to your clipboard. Then paste everything into the text field in Mailvelope’s settings.
- Click submit. You should get two different alert boxes in green on the page that tell you both public and private keys were successfully imported to your key ring.
Your key should appear in the key ring now (and you can export it if you ever need to). One of the best things about Mailvelope is that you don’t have to set up each keypair for every address you use. Once you have a keypair added, you can use it at Gmail, Outlook, Yahoo, or any other webmail client you add to the “Watch List” in Mailvelope’s preferences