Email encryption with GPG, Enigmail, and Icedove.

Hi how are you, in this little post I will help you configure and learn more about email encryption tools. First we will talk a little about them, GnuPG is a free software tool used for secure communications and data storage. It can be used for both encryption and creating digital signatures. To obtain authenticity, it creates a digest (usually SHA-1) of the message, and encrypts it with the private key, using an asymmetric encryption algorithm (like ElGamal, although you can also use DSA or RSA). Later, the recipient can verify that the summary calculated from the received message matches the decryption.
To obtain confidentiality, it uses a hybrid scheme, in which an asymmetric algorithm (ElGamal by default) encrypts a key for a symmetric algorithm (AES, among others), which is the one that actually encrypts the indicated file.

Key generation.

  1. Let's start by creating a key pair using:

Your GNU / Linux distribution must have GPG installed

gpg −−gen − key

As the command has been executed for the first time, the .gnupg directory will be created with the configuration file and the secring.gpg and pubring.gpg files. The private keys will be stored in the secring.gpg file and the public keys in pubring.gpg.

  1. Export the public key to a file to be able to send it later wherever you prefer to broadcast it.
    gpg −a −o user.asc −−export (identifier)
  2. View the list of public keys that you own. Your public and private key will be displayed.
    gpg −−list − keys

  3. Obtain the fingerprint of your public key.
    gpg −−fingerprint

With these steps you have already obtained the required key pair for use in the email service you want to use. The next thing is to install and configure the mail account in Icedove.

For users of a distro other than Debian find it as Iceweasel

Install Icedove / Iceweasel.

Basic and just run from the terminal (Debian based distros):

sudo apt-get install icedove or sudo apt-get install iceweasel

Install Enigmail.

Enigmail is an Icedove / Iceweasel extension that helps to manage the GPG keys on your registered email accounts. It is installed in the same way that you installed the mail manager:

sudo apt-get install enigmail

Since we have both installed, we start Icedove and continue with the configuration of an email account if we do not have one already registered in the application.

Creating email account

Then, after the creation and verification of the account, the Enigmail wizard will start automatically, if not, we will look for the option found in OpenPGP -> Configuration Wizard.

It will ask if we want to encrypt all outgoing mail. We will tell you yes, as this allows other people to verify that an email really comes from us and not from someone else. The wizard detects that we have already configured the GPG keys:

Verify that there are already keys

We finished the wizard and now we are going to continue with sending our first encrypted email.

My first encrypted email.

This is easy, we only go to the option to compose a new email and select the button «Encrypt with GPG»

Encrypting outgoing mail

NOTE: You must have the recipient's public key, otherwise you can only send them an unencrypted email.

If you don't have the recipient's public key, you can send them an unencrypted email, enclosing your key in a "user.asc" file.

sending public key

I hope you can use this little tutorial, my first post trying to explain a little detail regarding the creation of encrypted email. These tools as well as other good security practices are excellent for activists, journalists, and users who want to keep their private affairs a little away from the eyes of malicious agencies. Start using crypto, it doesn't matter if you have nothing to hide; a profile of yours may in the future be your background and act against you. Your privacy is a right.


4 comments, leave yours

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   James said

    The icedove mail client (thunderbird), when using the Enigmail add-on, needs to exchange the emails in plain text, for which the account must be configured in "Compose and addresses" by unchecking the option "Compose messages in HTML".

    Although this will work the exchange of encrypted emails, it will generate the problem of not being able to see the rest of the emails received in HTML to that account, unless icedove (thunderbird) is configured to detect and display it correctly: menu View> Body of the message as> original HTML.

    When sending emails, some recipients may treat them as plain text and others as HTML. To configure it correctly choose "Send the message in plain text and in HTML" in the Edit> Preferences> Writing> General> Sending options menu (although another option is "Ask me what to do" and it is the one I have selected).

    Add that, even if the account is configured to compose messages either in plain text or in HTML, this configuration can occasionally be switched by holding down the shift key before clicking on the [Compose] button.

    (All of the above and more read in the mozilla thunderbird FAQs)

    On the other hand, a great address to understand in detail the subject that is being discussed is the PERSONAL DEFENSE OF EMAIL (https://emailselfdefense.fsf.org/es/index.html), where you can also do the full circle of generating your key pair + sending an encrypted test email + receiving an encrypted test email.

    1.    evaristogz said

      What a tip the one with the shift key! Although I only installed it for tests, it drove me crazy because the signature HTML did not come out (I understood that it was from Enigmail).

      Greetings Jacobo.

  2.   courage 2.0 said

    You're beautiful!!

  3.   Amelie borestein said

    Jacobo, thank you for your contribution! Cheers!