Thunderbird是一款流行的免费电子邮件客户端(free email client),具有强大的功能。它被许多人使用,并具有许多可用于扩展其功能和外观的附加组件。通常,电子邮件是通过容易受到安全威胁的不受信任的网络发送的。为了保护您的数据暴露给无意的入侵者,您需要在Thunderbird中加入加密机制。
Thunderbird中的电子邮件未经加密发送,很容易被互联网黑客和入侵者窃听。Thunderbird没有内置的电子邮件保护功能,但是,它们可以在PGP、GPG 套件(PGP, GPG suite)和名为Enigmail的(Enigmail)Thunderbird扩展的帮助下进行加密。Enigmail连接到GPG工具以实现加密。
在本文中,我们将指导您如何使用流行的公钥加密协议(称为Pretty Good Privacy (PGP)客户端和基于PGP客户端的(PGP)GPG工具在(GPG)Thunderbird上对电子邮件进行加密和数字签名) 。虽然扩展程序会伪装您在不受信任的网络上发送的敏感信息,但公钥加密无法加密电子邮件主题行、发件人(From)和收件人地址等透明数据,因为这些数据需要明确才能将数据定向到最终用户。
加密 Thunderbird 电子邮件
下载并安装 GPG 套件
GPG Suite是一个用于加密和解密电子邮件的软件包。GPG工具基于PGP客户(PGP)端,可免费使用。这是一个开源项目,只需点击几下即可安装。以下步骤将解释如何安装GPG套件。
- 在此处下载 GPG 套件文件。(here.)
- 要安装映像,请双击(Double)下载的文件,然后单击安装(Install)按钮以安装GPG 套件(GPG Suite)。
在Thunderbird中下载并安装 Enigmail(Install Enigmail)
- 启动 Thunderbird 并导航到工具。( Tools.)
- 单击附加组件(Click Add-ons)并搜索扩展Enigmail。
- 点击Add to Thunderbird按钮,安装完成后,一个名为OpenPGP的新选项将添加到菜单中。
创建 PGP 密钥
按照以下步骤创建您的公钥和私钥。
- 导航到OpenPGP并单击设置向导。(Setup Wizard.)
- 选择选项是,我希望向导让我开始(Yes, I would like the wizard to get me started),然后单击下一步(Next)按钮。
- 在弹出的新窗口中,如果要默认签署所有外发电子邮件,请选择适当的选项,然后单击(Select)下一步(Next)按钮。
- 在弹出的新窗口中,如果要默认加密所有外发电子邮件,请选择适当的选项,然后单击(Select)下一步(Next)按钮。
现在,向导(Wizard)将显示您可以更改的电子邮件设置,以确保在您的机器上签名和加密电子邮件没有问题。如果您已经更改了一些默认设置以使OpenPGP在您的计算机上更好地工作,您可以选择选项否(No),否则您可以选择是( Yes)让向导(Wizard)配置您的电子邮件设置以使OpenPGP更可靠地工作。
- 接下来,创建一个新的密钥对来签署(Sign)和加密电子邮件。在这里,您可以使用现有密钥之一对电子邮件进行签名、加密和解密;或者您可以选择创建一个新的密钥对来签名和加密电子邮件。
- 如果要创建用于签名和加密电子邮件的新密钥对,请单击下一步(Next)按钮。
简单来说,创建密钥对只不过是生成公钥和私钥。在密码学中,公钥与想要向您发送电子邮件的人共享。收件人的公钥用于电子邮件加密。另一方面,私钥与公钥相关联,用于解密加密的电子邮件消息。
- 输入密码(passphrase)并单击Next。此密码短语对于保护私钥至关重要。
在摘要页面中,单击下一步(Next)按钮以创建一个新的 2048 位OpenPGP密钥。
最后,系统会提示您生成吊销证书。您可以选择跳过(Skip)或生成(Generate a Certificate)可用于使您的密钥失效的证书,以防您的密钥丢失或泄露。
验证设置
请按照以下步骤检查一切是否设置正确
- 导航到工具(Tools)
- 从菜单中选择 帐户设置(Account Settings)
- 选择您为其生成密钥对的帐户。
- 从菜单中选择OpenPGP 安全。( OpenPGP Security)
- 确保选中为此身份启用 OpenPGP 支持 (Enigmail)(Enable OpenPGP support (Enigmail) for this identity)选项。
此外,应选择使用特定 OpenPGP 密钥选项(Use specific OpenPGP key)
数字签名(Digitally Sign)和加密 Thunderbird(Encrypt Thunderbird)电子邮件
设置Enigmail后,下一步就是加密和解密电子邮件。按照以下步骤登录(Sign-in)并加密Thunderbird电子邮件。
启动Thunderbird并撰写新电子邮件。
浏览OpenPGP。从下拉菜单中选择选项签名消息( Sign Message)和加密消息。( Encrypt Message)
单击选项附加我的公钥(Attach My Public Key)以将公钥添加到电子邮件。Enigmail提供了在电子邮件撰写窗口中附加公钥的选项,或者允许您将公钥上传到任何人都可以访问的公钥服务器。
给收件人公钥以加密电子邮件。
完成后,您的消息将被加密并发送。
要解密加密的消息,您需要提供密码才能将消息显示为任何其他电子邮件。
就这样。(That’s all.)
How to Encrypt and Digitally Sign a Thunderbird email
Thunderbird is a popular free email client that comes with great feature. It is used by many people and has numerous add-ons which can be used to extend its functionality and appearance. Generally, the emails are sent over the untrusted network which is vulnerable to security threats. In order to protect your data being exposed to unintended intruders, you need to put in an encryption mechanism to Thunderbird.
Emails in Thunderbird are sent without encryption and are vulnerable to eavesdropping from the internet hackers and intruders. Thunderbird doesn’t have a built-in capability to secure the email, however, they can be encrypted with the help of PGP, GPG suite and a Thunderbird extension called Enigmail. Enigmail connects to the GPG tool in order to implement the encryption.
In this article, we guide you on how to encrypt and digitally sign emails on Thunderbird using a popular public key encryption protocol called Pretty Good Privacy (PGP) client and a GPG tool that is based on PGP client. While the extension camouflages the sensitive information you send on an untrusted network, the public key encryption cannot encrypt the transparent data like email subject line, From and To addresses as these need to be clear in order to direct the data to the end user.
Encrypt Thunderbird Email
Download and Install the GPG Suite
GPG Suite is a package used to encrypt and decrypt the email messages. The GPG tool is based on PGP client and it is available for free. This is an open source project which can be installed with just a few clicks. Following steps will explain how to install the GPG suite.
- Download the GPG suite file here.
- To mount the image, Double click on the downloaded file and click on the Install button to install the GPG Suite.
Download and Install Enigmail in Thunderbird
- Launch Thunderbird and navigate to Tools.
- Click Add-ons and search for extension Enigmail.
- Hit the Add to Thunderbird button and once the installation is complete a new option called OpenPGP will be added to the menu.
Creating PGP keys
Follow the below steps to create your public and private keys.
- Navigate to OpenPGP and click Setup Wizard.
- Choose the option Yes, I would like the wizard to get me started and click the Next button.
- In the new windows that pops up, Select the appropriate option if you want to sign all your outgoing email by default and click the Next button.
- In the new window that pops up, Select the appropriate option if you want to encrypt all the outgoing email by default and click the Next button.
Now the Wizard will display email settings which you can change to make sure there are no problems with signing and encrypting email on your machine. You can choose the option No if you have already made a change to few default settings in order to make OpenPGP work better on your machine else you can select Yes to let the Wizard configure your email settings to make OpenPGP work more reliably.
- Next, create a new key pair to Sign and encrypt email. Here you can either use one of your existing keys to sign, encrypt and decrypt emails; or you can choose to create a new key pair for signing and encrypting email.
- If you want to create a new key pair for signing and encrypting email, click the Next button.
In simple words, creating a key pair is nothing but a generating public key and private key. In cryptography, the public key is shared with people who want to send you an email. The public key of a recipient is used for email encryption. The private key, on the other hand, is associated with the public key and is used for decrypting the encrypted email message.
- Enter the passphrase and click Next. This passphrase is essential to protect the private key.
In the Summary page, click the Next button to create a new 2048-bit OpenPGP key.
At last, you will be prompted to generate a revocation certificate. You can either choose to Skip or Generate a Certificate which can be used to invalidate your key in case your secret key gets lost or compromised.
Verify the Setup
Follow the below steps to check if everything is set up correctly
- Navigate to Tools
- Select Account Settings from the menu
- Select the account for which you generated key pair.
- Select OpenPGP Security from the menu.
- Make sure the option Enable OpenPGP support (Enigmail) for this identity is checked.
Also, the option Use specific OpenPGP key should be selected
Digitally Sign & Encrypt Thunderbird email
Once the Enigmail is setup the next step is to encrypt and decrypt the email. Follow the below steps to Sign-in and encrypt the Thunderbird email.
Launch Thunderbird and compose a new email.
Navigate OpenPGP. Select the option Sign Message and Encrypt Message from the drop-down menu.
Click on the option Attach My Public Key to add a public key to the email. Enigmail gives an option to attach the public key on the email compose window or lets you upload the public key to public keyserver that can be accessed by anyone.
Give the recipients public key to encrypt email.
Once done your message will be encrypted and sent.
To decrypt the encrypted message, you need to give the passphrase in order to display the message as any other email.
That’s all.