How to Exchange Encrypted Emails in Windows Using GPG4Win and Thunderbird

Step-by-Step Guide

1. 1

   Step 1: Install the Encryption Engine found here into Windows: http://www.gpg4win.org/download.html GPG4Win is free

   While not absolutely essential for Windows users, the combination of a local email client with the Enigmail plugin will eliminate a number of hassles including writing and encrypting your email in one program and then cutting and pasting encrypted text into another. , It cannot be run by itself.
   
   Enigmail takes care of the day-to-day operations of sending and receiving secure emails, keys, and digital signatures, making security procedures faster, friendlier, and less prone to inadvertent mistakes. , This is possible by changing the contents of a text file., Click “Start Button” > Run Type: cmd , Type: gpg
   --version Look for the output:
   Home:
   C:\... which is usually:
   C:\Users\$NAME\AppData\Roaming\gnupg C:\Documents and Settings\$NAME\Application Data\gnupg , Append the following to the file gpg.conf located in the GPG Home Directory:personal-cipher-preferences AES256 AES192 AES CAST5 3DES personal-digest-preferences SHA512 cert-digest-algo SHA512 default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed Note:
   If there is no file name gpg.conf in your GPG Home Directory, open a Text Editor such as Notepad and paste the above text. , Save the text file in your GPG Home Directory as gpg.conf in order to use this text file as your GPG Configuration File. ,, Thunderbird will be very helpful here.
   
   If you have never installed Thunderbird before, the first time you start Thunderbird you will see a large "Welcome to Thunderbird" screen that will guide you through this process.
   
   Alternatively, you can always select "Thunderbird > Local Folders" and click "Email" under "Create a new account"
   
   Select "Plain Text” , Unselect "Compose Messages in HTML Format."
   
   Click Thunderbird > OpenPGP > Preferences.
   
   On the "Basic" tab, if you see (error) because Enigmail did not locate your gpg.exe file, click “Browse” and point Enigmail manually to the folder that holds gpg.exe (e.g., C:\Program Files\GNU\GnuPG\pub\).
   
   Click "Display Expert Settings"
   
   On the “Sending” tab, check all boxes. “Add my own key to the recipients list” is a must if you want to read any secure, encrypted email you send to anyone else. “Always confirm before sending” is a great idea for beginners! , On the “Key Selection” tab, check “By rules and email addresses”, On the “Advanced” tab, check and uncheck the boxes as shown above. , On the "Keyserver" tab, if blank, specify your keyserver as the following: hkps://hkps.pool.sks-keyservers.net Other comma-separated keyservers are allowed. ,, This will enable you to receive secure emails.,, o (Confirm that your USER-ID is correct) Note: you can change the expiration date of your GPG Keypair at ANY time, even after the Keypair has expired! Note:
   If you decide to publish your GPG Keypair to a keyserver at some point, this name and email will get copied to the keyserver and be searchable by anyone. ,, You must generate a revocation certificate NOW (while you control your Keypair) in order to revoke your Keypair LATER (when you may not control your Keypair). , This will help you avoid revoking the wrong Keypair in the future. , Copy revoke.NAME-0xxxxxxxxxxxxxxxx.asc to at least one backup location. ,,,,,,, No, not that Adele.
   
   Write your message to Adele the friendly OpenPGP email robot., Let’s get Adele’s Public Key and then send her a test message.,,, Type [email protected] , Select the Keypair “Adele (The friendly OpenPGP email robot) <[email protected]>" and click “OK.” , Click “Thunderbird > Write” or click “Thunderbird > File > New > Message” or type “Ctrl + N” in order to open a new message composition window Write “[email protected]” in the To: field , This message is ENCRYPTED.
   
   This message is DIGITALLY SIGNED.
   
   This message includes my PUBLIC KEY.
   
   Yours truly, NAME , If you do not give others your Public Key, they cannot send you encrypted messages.
   
   Click “OpenPGP > Key Management” within the message composition window Select your Keypair and click “Edit > Copy Public Keys to Clipboard” and click "OK" Click on your message to Adele and paste (Ctrl + V) or (“Edit > Paste”) in order to include your Public Key in your message. , Click "Send" You should see a new pinentry box by which gpg-agent is asking you for the passphrase needed to digitally sign the message. , Hint:
   Your GPG passphrase is NOT your email password. , You may be asked for your email account password in order to SEND email.
   
   Hint:
   This is NOT your GPG passphrase. ,, Note the orange pencil icon in the lower-right and the red circle over the envelope in the upper-right indicate Adele did not digitally sign her message.
2. 2

   Step 2: open-source software that securely encrypts and decrypts files and text for Windows users.

3. 3

   Step 3: Install the Local Email Client found here into Windows: https://www.mozilla.org/en-US/thunderbird Thunderbird is a free

4. 4

   Step 4: open-source email client.

5. 5

   Step 5: Install the Plugin found here into Thunderbird: https://addons.mozilla.org/en-us/thunderbird/addon/enigmail/ Enigmail is an email plugin that functions by connecting Thunderbird and GPG4Win.

6. 6

   Step 6: Configure GPG4Win to use stronger forms of security.

7. 7

   Step 7: Open a command-line interface in Windows.

8. 8

   Step 8: Locate the GPG Home Directory.

9. 9

   Step 9: Change the GPG Configuration File.

10. 10

    Step 10: Save the text file.

11. 11

    Step 11: Configure Thunderbird to use your existing email account and to use Plain Text in order to function as expected when exchanging encrypted messages.

12. 12

    Step 12: Connect Thunderbird to your existing email account.

13. 13

    Step 13: Click Thunderbird > View > Message Body As.

14. 14

    Step 14: Click Thunderbird > Tools > Account Settings > Account Name > Composition and Addressing.

15. 15

    Step 15: Configure Basic settings.

16. 16

    Step 16: Configure Sending settings.

17. 17

    Step 17: Configure Key Selection settings.

18. 18

    Step 18: Configure Advanced settings.

19. 19

    Step 19: Configure Keyserver settings.

20. 20

    Step 20: Ignore the “Debugging” tab and click “OK."

21. 21

    Step 21: Create (“generate”) a unique GPG Keypair consisting of a Public Key that you can give to anyone (or even post on the internet) and a Secret Key that only you should ever possess.

22. 22

    Step 22: Return to the command-line interface in Windows.

23. 23

    Step 23: Type the following commands to generate a GPG Keypair: gpg --gen-key (Generate a Keypair) 1 (An RSA Keypair) 1y (That expires in 1 year) y (Confirm that your expiration date is correct) Enter your “Real Name

24. 24

    Step 24: ” “Email address

25. 25

    Step 25: ” and leave “Comment” blank.

26. 26

    Step 26: Enter a strong

27. 27

    Step 27: unique GPG passphrase.

28. 28

    Step 28: Should you ever lose your GPG Keypair or believe someone else has acquired your Secret Key

29. 29

    Step 29: revoke your Keypair and create a new one.

30. 30

    Step 30: Type the following command to generate a revocation certificate: gpg --output revoke.NAME-0xxxxxxxxxxxxxxxx.asc --gen-revoke 0xxxxxxxxxxxxxxxx Note: "NAME" should be a human readable Keypair identifier and "0xxxxxxxxxxxxxxxx" should be the unique long key-id of the Public Key you just created

31. 31

    Step 31: the last 16 elements of your Public Key's fingerprint.

32. 32

    Step 32: Save the Revocation Certificate.

33. 33

    Step 33: Click "Thunderbird > Tools > Account Settings"

34. 34

    Step 34: Under the appropriate account

35. 35

    Step 35: select “OpenPGP Security” and check “Enable OpenPGP support (Enigmail) for this identity”

36. 36

    Step 36: Then select “Use specific OpenPGP key ID (0x1234ABCD)” and click “Select Key …”

37. 37

    Step 37: Select the appropriate Keypair and click “OK”

38. 38

    Step 38: Under “Message Composition Default Options

39. 39

    Step 39: ” this LifeGuide Hub recommends: Sign encrypted messages by default Encrypt messages by default

40. 40

    Step 40: Then click “OK”

41. 41

    Step 41: To get your feet wet

42. 42

    Step 42: practice exchanging encrypted messages by sending your first message to Adele.

43. 43

    Step 43: Remember

44. 44

    Step 44: in order to send a secure

45. 45

    Step 45: encrypted email to Adele (or anyone else)

46. 46

    Step 46: you must have their Public Key.

47. 47

    Step 47: Click “Thunderbird > OpenPGP > Key Management”

48. 48

    Step 48: Click “Keyserver > Search for Keys”

49. 49

    Step 49: Search for Adele's Public Key.

50. 50

    Step 50: Select the correct Adele.

51. 51

    Step 51: Open a message composition window.

52. 52

    Step 52: Compose a short message: Dearest Adele

53. 53

    Step 53: This message is a test.

54. 54

    Step 54: Include your Public Key in this email so that Adele can send you an ENCRYPTED message.

55. 55

    Step 55: Send your ENCRYPTED and DIGITALLY SIGNED message to Adele.

56. 56

    Step 56: Enter your GPG passphrase.

57. 57

    Step 57: Click “Send Message” at the pop up confirmation.

58. 58

    Step 58: Open Adele's reply.

59. 59

    Step 59: Enter your GPG passphrase to decrypt and read Adele's ENCRYPTED message.

Detailed Guide

About the Author