Encrypting Email Messages

Most email messages you send travel vast distances over many networks, secure and insecure, monitored and unmonitored, passing through and making copies of themselves on servers all over the Internet. In short, pretty much anyone with access to any of those servers - or sniffing packets anywhere along the way - can read your email messages sent in plain text.

PGP (Pretty Good Privacy) software won't protect you against the focused attention of a major government, but it will stop efforts to harvest credit card numbers and information that can be used to commit identity theft. Email encryption is easy, free and offers strong protection against prying eyes.

An example of the PGP email encryption process

Alex wants to send Basil a secret email (i.e. one only Basil can read). Basil uses PGP and has a PUBLIC key published on his web site for anyone who wants to send him encrypted email messages to use. Basil also has a PRIVATE key (which only he has).

Alex first looks up Basil's public key. He composes the secret message, encrypts it with that public key, and sends Basil the message. In sending, copies of that message are made on Alex's email server and Basil's email server - (but these copies are encrypted so cannot be sensibly read).

When Basil receives the message in Thunderbird, his private key decrypts it. When it does, he can read the message in (pretty good) privacy.

Instructions if using the Thunderbird Email Client

Configuring PGP in Thunderbird

The Thunderbird extension Enigmail is required (this is already installed on the departmental Linux machines). If you are not using a departmental machine then you can download the enigmail extension (be sure to click "Save Link As..." and download the extension to your computer; otherwise Firefox will try to install it.) Under windows you'll also need to download the free GNUPGP software for Windows (this will typically already be installed or available as a package on a Linux system).

If necessary run the GPGP installer. Next if necessary install enigmail (in Thunderbird open Tools -> Options -> Extensions -> Install New Extension, and then choose the Enigmail extension file).

Under windows when you've restarted Thunderbird with Enigmail installed, you will see an OpenPGP menu item. Open it and go to Preferences. There you'll find a dialog to point to your GnuPGP binary. Click Browse. On a typical machine, GPG might be installed under Program Files\GNU\GnuPG\gpg.exe.

Generating a public/private key pair within Thunderbird

From the OpenPGP menu item, choose Key Management. From the Generate menu, choose New Key Pair. Choose the email address you want to create a key for, and set a passphrase. Hit the "Generate Key" button (it may take a while for the key to be generated).

Getting the public key of other people within Thunderbird

To find someone's public PGP key, from the OpenPGP menu, choose Key Management. From the Keyserver menu, choose Search. Search for another PGP user by name or email address and add his or her key to your key manager. Once it's in there you will be able to encrypt mail to that person.

Sending an encrypted email in Thunderbird

Compose your message as usual. Encrypt it by clicking the little key down on the lower right of your compose window. You can also cryptographically sign your message to prove it's you; that's the little pencil. Both of these buttons will turn green to show that they're active.

Instructions if using the Outlook Email Client

To encrypt a message, you need to have a copy of the intended recipient's digital certificate/public key. When you receive a signed message, you can store the sender's digital certificate in your address book.

In the message, on the Message tab, in the Options group on the ribbon, click the Encrypt Message Contents and Attachments button. If you don't see this button, click the Options Dialog Box Launcher (last in the group) to open the Message Options dialog box. Click the Security Settings button and in the Security Properties dialog box, select Encrypt message contents and attachments. Click OK and then close the Message Options dialog box. Compose your message and send it.

Warnings

Just because you have encrypted an email there are various other considerations to take into account to ensure the information remains private, e.g.

  • If you store the unencryted information in a shared file system accessible by others
  • If you fail to keep your private key secure

You should also be aware if you lose the private key you can no longer decrypt the information so it would be lost to you.

Last updated on 2 Apr 2022, 9:54pm. Please contact us with feedback and comments about this page.