Receive encrypted email


Using Thunderbird and Enigmail to receive encrypted e-mails [15 mins]

RECEIVE ENCRYPTED MAIL

Using Thunderbird and Enigmail to receive encrypted e-mails [15 mins]

The decryption of e-mails is handled automatically by Enigmail, the only action that may be needed on your behalf is to enter the pass-phrase to your secret key. In order to receive encrypted correspondence with somebody, they will need your public key.

Entering your pass-phrase

For security reasons, the pass-phrase to your secret key is stored temporarily in memory. Every now and then the dialog window below will pop-up. Thunderbird asks you for the pass-phrase to your secret key. This should be different from your normal email password. It was the pass-phrase you have entered when creating your key-pair in the previous chapter. Enter the pass-phrase in the text-box and click on 'OK'

 

Verifying incoming e-mails

Decrypting email messages sent to you will be fully automatic and transparent. But it is obviously important to see whether or not a message to you has in fact been encrypted or signed. This information is available by looking at the special bar above the message body.

A valid signature will be recognized by a green bar above the mail message like the example image below.

The last example message was signed but not encrypted. If the message had been encrypted, it would show like this:

When a message which has been encrypted, but not signed, it could have been a forgery by someone. The status bar will become gray like in the image below and tells you that while the message was sent securely (encrypted), the sender could have been someone else than the person behind the email address you will see in the 'From' header. The signature is necessary to verify the real sender of the message. Of course it is perfectly possible that you have published your public key on the Internet and you allow people to send you emails anonymously. But is it also possible that someone is trying to impersonate one of your friends.

Similarly if you receive a signed email from somebody you know, and you have this persons public key, but still the status bar becomes yellow and displays a warning message, it is likely that someone is attempting to send you forged emails!

Sometimes secret keys get stolen or lost. The owner of the key will inform his friends and send them a so-called revocation certificate (more explanation of this in the next paragraph). Revocation means that we no longer trust the old key. The thief may afterwards still try his luck and send you a falsely signed mail message. The status bar will now look like this:

Strangely enough Thunderbird in this situation will still display a green status bar! It is important to look at the contents of the status bar in order to understand the encryption aspects of a message. PGP allows for strong security and privacy, but only if you are familiar with its use and concepts. Pay attention to warnings in the status bar.


Task

Test your learning by following the instructions above to;

  • Send your public key to someone you know who uses PGP email encryption. You can use encryptedenigma@aktivix.org to test this.
  • Ask them to send you an encrypted email.

Discusión de la Tarea


  • Mohit Kumar dijo:

    Signed and sent my public PGP key to the Enigmail person and waiting for his encrypted email reply.

    en 18 de marzo de 2013 a las 08:34
  • mnoooo dijo:

    Ok , 

    I also finished every possible task :

    -Download Thinderbird, Enigmamail, PGP

    -Generated Key into Keyring,

    -Remembered my pass

    -Exchanged e-mails with that "enigmamail person",  I  his public key

    -Sent him a my public key. Well this was the last step I was little bit confused wit OpenPGP Menu in Thunderbird.

    And what is next? How do I apply for badge ?

    en 31 de octubre de 2012 a las 08:43

    Mick Fuzz dijo:

    Good Work! You can apply for your badge here. https://p2pu.org/en/badges/encrypt-and-sign-your-email-with-thunderbird/ nice one, Mick
    en 31 de octubre de 2012 a las 08:48 en Respuesta a mnoooo
  • Rodolfo Aguirre dijo:

    Hello Like my colleague


    firewire2879

    • I attached my public key
    • signed and encrypted my emails
    • waiting for an encrypted email
    • approved the sender's public key
    • memorized my password

    waiting for response from encryptedengima@aktivix.org

    en 3 de septiembre de 2012 a las 21:56
  • firewire2879 dijo:

    ok I think I got it this time

    • I attached my public key
    • signed and encrypted my emails
    • waiting for an encrypted email
    • approved the sender's public key
    • memorized my password

    waiting for response from encryptedengima@aktivix.org

    en 21 de agosto de 2012 a las 23:18

    Mick Fuzz dijo:

    You have it. You have completed the course and can apply for your badge here. https://p2pu.org/en/badges/encrypt-and-sign-your-email-with-thunderbird/ nice one
    en 22 de agosto de 2012 a las 04:42 en Respuesta a firewire2879
  • ciderpunx dijo:

    I think I did the first excercise (sending my public key) a couple of excercises ago, don't get why its here again. Maybe just for reference?

    en 20 de junio de 2012 a las 14:35

    Mick Fuzz dijo:

    Fixed, I moved that around and forgot to delete the original. Thanks!

    en 20 de junio de 2012 a las 17:30 en Respuesta a ciderpunx
  • Gzikskud dijo:

    Pedant warning.... Consider using private key rather than secret.. It will make it a lot simpler when you progress to talking about SSL or using shared secret technologies.

    en 19 de junio de 2012 a las 07:51

    boneidol dijo:

    No I think this is wrong.  The correct phrase IS secret key

    The man page and all the options for gnupg it uses the term secret key

    examples from the man page

    "Use a *good* password for your user account and a *good* passphrase to protect your secret key"

     

    "--sign-key name
                  Signs a public key with your secret key. This is a shortcut version of the subcommand "sign" from --edit."

    " --lsign-key name
                  Signs  a  public key with your secret key but marks it as non-exportable. This is a shortcut version of the subcommand "lsign" from --edit-
                  key."

    etc ...
     

    en 19 de junio de 2012 a las 07:59 en Respuesta a Gzikskud

    ciderpunx dijo:

    It took me ages to get my head around the keys.

    It was when someone told me to think of them as the encrypting (for public) key and the decrypting (for private) key that I "got it".

    en 20 de junio de 2012 a las 14:32 en Respuesta a boneidol