Feeds

Still sending naked email? Get your protection here

Buckle your seatbelt, encrypt your bits

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Step 3: Install the Enigmail add-on for Thunderbird

If you plan to receive encrypted emails on a regular basis, you'll probably want a seamless way to decrypt them. Plenty of email clients, Thunderbird among them, have ways to do just that. This tutorial assumes you've already installed Thunderbird. If you haven't, you can either install it first or skip this step and find some other way to decrypt your messages.

Navigate to this page on the add-ons section of the Mozilla website. Click on the "Download now" link and save the file (at time of writing it was enigmail-0.95.7-tb+sm.xpi) to your desktop.

In Thunderbird, go to Tools > Add-ons and then click the Install button at the bottom left of the popup window. In the "Select an extension to install" window, change the folder to your desktop. In the list of files, highlight the Enigmail file you just downloaded and choose Open. In the resulting Software Installation window, click Install Now. Then restart Thunderbird.

Enigmail should immediately open an OpenPGP Setup Wizard that prompts you to select a key to sign and encrypt email. Highlight the key you just created and select Next.

Once Enigmail opens, choose the key you just created

Once Enigmail opens, choose the key you just created

By now, one of the contacts you emailed earlier should have had time to send you an encrypted message using your public key. When you use Thunderbird to open it, you'll be prompted for your passphrase. Enter the passphrase you chose when you generated your key pair. If all goes well, Enigmail will decrypt the message and it will look something like this:

With the private key, email looks like this

With the private key, email looks like this

Congratulations. You've just decrypted your first email. For an idea what the same message looks like to anyone without the key, open the same email on a web-based email service or a client that hasn't been set up to work with your key pair. It will look something like this:

To a snoop without the private key, the same email looks like this

To a snoop without the private key, the same email looks like this

Note that subject lines are never encrypted, so remember to never include private information there.

Internet Security Threat Report 2014

More from The Register

next story
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.