This article describes how to setup the Mozilla email client so that it can use PGP encryption, to send and receive secure and trusted messages between any other person or organisation using the standard OpenPGP format for encrypted or signed emails
The article assumes you have the Mozilla browser, and are using it's email client to send and receive email, or that you're using Mozilla Thunderbird as a standalone email client.
Both of these tools are cross-platform, and for people who dual-boot, you can even share the same store of email messages and options between your Linux and Windows partitions, allowing you to read the same emails regardless of your computer's mode. These instructions concentrate on the Windows installation of Mozilla mail
The first step is to upgrade your Mozilla Mail client to recognise the possibility of using encrypted messages. You do this by installing the EnigMail add-on, which upgrades the menus and toolbars to show options for encrypting and decrypting email, signing email, and checking digital signatures
As a note here, the use of signatures in email doesn't refer to people writing their names at the bottom, or even including a scan of their physical signature. The phrase 'digital signature' refers to a complex code which is attached to the email, and can be used by compatible programs to verify that the email you received is exactly the same as the email which was sent.
On a Windows machine, you can simply go to the download section of the enigmail site, and click the install button. When it's done, you only need to restart Mozilla to see the new options. (if mozilla stays in the taskbar by your clock when you close it, you'll need to right-click on that and select 'close', before opening mozilla again)
With enigmail installed, you should have a new set of padlock buttons on your email editor, and a new enigmail section on your preferences window. Most of these buttons will not be functional until you install GnuPG
The GNU privacy guard is a Free implementation of PGP, which is available as a Windows program on their download page.
It's a command-line tool, although it's designed to be used as a back-end to graphical programs such as mozilla mail and KMail. The graphical interface to it will be called GPA, but isn't in a finished state yet, and you don't need it anyway for setting up email.
Open Mozilla Mail, and use the tools provided by enigmail to set up your new PGP key. There is a new key wizard, which should be fairly self-explanatory
If you already have a PGP key (in the program files/pgp6.0/keyrings directory, most likely), you can use that existing key with GPG:
If you can, include the c:\gnupg\bin directory in your PATH, so that you can just type gpg --help from a command-line prompt anywhere, and it will still work. Otherwise, you'll have to type c:\gnupg\bin\gpg --help to get the help file, and a similar command each time you want to run GPG. Don't worry, you only need to use it a couple of times to import your keyrings, and after that you can handle everything from inside Mozilla Mail / engimail.
Go to the directory where your PGP keyrings are (this will be a directory called PGP Keyrings somewhere in Program Files, so it's probably got too many spaces in the filename to type easily...
gpg --import-keys pubring.pkr
gpg --import-keys secring.skr
That's it, that should be all you need to do. You can go into MozillaMail now, and sign or decrypt your emails. If you have someone's PGP key in your keyring, you can send them encrypted emails by pressing the padlock icon while you're writing it, and enigmail will find the right key based on the recipient's address.
To be complete about it though, you might need to tell GnuPG which key is your ultimately trusted key. (If you're setting up KMail, this is required, but shouldn't be needed for Mozilla Mail)
gpg --list-keys
gpg --edit-key E1AF37A1 (or whatever the number of your own key is)
> trust
> 5 - I trust ultimately
> do you really want to do that? Yes
> quit
That should setup your private key properly, so GnuPG knows it's yours, and anybody whose keys you've signed (using the private key you just marked as ultimately trusted) will then be marked as valid.
For more information, see the GnuPG and enigmail websites. It's possible that enigmail will be installed as standard in later versions of Mozilla, so you may not need to install it separately in future. For more help, try searching for enigmail tutorials.
OJW
