The purpose of this tutorial is to get you up and running with PGP. Our end goal is to be able to send and receive encrypted email using PGP. To complete this tutorial, you’ll need a Mac or PC that’s connected to the Internet. You’ll also need administrator rights on the machine so that you can install software.
In this tutorial we’ll get on the same playing field by creating a virtual machine running Ubuntu. Then we’ll configure an e-mail account in Mozilla Thunderbird, create our keys, and then send and receive encrypted messages. We’ll be using the Enigmail plugin for Thunderbird to handle encrypting and decrypting our messages for us.
Part 1: Getting Set Up
- Begin by completing Parts 1, 2, and 3 in my Creating a Linux Virtual Machine, with Wireshark tutorial. Note that some of the version numbers in the tutorial may be outdated, but you should have no problem following along. Also, note that the screenshots assume that you are running on a Mac, but the instructions easily “translate” to Windows.
- Next, run the following commands in the Terminal (here’s how to launch the Terminal):
sudo apt-get install pgpgpg
- After running command 1, you may get a message saying that this is already installed; don’t worry about it either way
sudo apt-get install rng-tools
sudo rngd -r /dev/urandom
- Commands 2 and 3 help generate random numbers, which we’ll need later when we’re generating our public and private keys. Note that after running command 3, the computer won’t give you any kind of confirmation message; it will just return you back to a new command prompt. This is normal and expected.
- Launch Thunderbird (similar to how you launched the Terminal)
- Set up your mail account (the instructions will vary depending on the service you use; note that Gmail accounts created after June 2014 will not work with Thunderbird).
- In Thunderbird, go to the gray bar at the very top of the screen, and then select Tools > Add-ons. Search for and install Engimail.
- Restart Thunderbird.
- Select “Yes, I would like the wizard to get me started.”
- Select “Encrypt all of my messages by default, because privacy is critical to me.”
- Select “Sign all of my messages by default.”
- Select “Yes.”
- Select “I want to create a new key pair for signing and encrypting my email.”
- Select a strong passphrase.
- Click “Next.” The key creation process will begin.
- When the key generation process is complete, select “Generate Certificate.” Save the file to a convenient location, such as your Desktop.
- If you see Thunderbird’s “System Integration” dialog, simply click “Skip Integration.”
- Close the Add-ons Manager.
- Next, we’ll want to upload our public key to a key server such as http://pgp.mit.edu. To do this, go to the gray bar at the very top of the screen, and then select Engimail > Key Management. Right-click on your email address, and select “Upload Public Keys to Keyserver.”
Part 2: Sending an Encrypted Message
- In Thunderbird, start a new message. Identify another user of PGP with whom you’d like to communicate (for example, you can use my account, firstname.lastname@example.org). Fill in the recipient, subject, and message as normal.
- We want to encrypt this message, but your email client doesn’t yet know the public key for the recipient. Click the Engimail button in the compose window, select “Force Encryption,” and hit OK. Click Send.
- You’ll see a window saying “Recipients not valid, not trusted or not found.” Click “Download missing keys.”
- Select pgp.mit.edu as the key server from the “Select Keyserver” window, then hit “OK.”
- Select the key you wish to import (it’s possible that there are several keys associated with a particular account), and hit OK.
- Hit “OK” through the alert.
- Check the boxes for both the sender and receiver, then click “Send.” You want to use the key for yourself so that you can read the message yourself, from your Sent folder!
Part 3: Receiving an Encrypted Message
- Click on the encrypted message in your inbox. You’ll be asked for your passphrase; this is the passphrase you created earlier, which protects your private key. You’ll be using your private key to decrypt the message, which was encrypted using your public key.
- You’ll see the decrypted message. It’s really as easy as that.
This tutorial hasn’t gone into great depth about what exactly PGP is, how revocation certificates work, how the Web of Trust works, how to import and export keys, or how to use PGP to secure communications other than email. Those might be good topics for a follow-up tutorial, but for now, I point you to this excellent resource: How To Use GPG to Encrypt and Sign Messages on an Ubuntu 12.04 VPS.