[Previous entry: "quote of the day"] [Main Index] [Next entry: "Windows 98 and ME may be safe from WMFs"]

01/02/2006 Archived Entry: "Installing Enigmail under Linux"

Unix and Linux gurus have been able to do encryption for ages. Just compose the email in a text file, type the command line to encrypt that file, copy the new file into an email message, and send. Yech.*

In my Windows days, PGP functions could be integrated with Eudora...but I never got through the 70-page primer that I needed to configure it. Since my move to Linux, I've wanted an encyption package that is integrated with a Linux email client, easy to use, and easy to configure. I'm happy to report that I finally found one: Enigmail for Mozilla Mail and Thunderbird.

Enigmail is also available for Windows, Mac OS X, BSD, and Solaris, but you'll have to figure out the instructions yourself. What follows is from my experience installing Enigmail under Xandros Linux. (Some of it will be relevant to other operating systems, though.)

The secret to my success was finding this page of instructions from Andrew Howlett, a Linux user. You'll also want to refer to the Enigmail instructions.

I encountered a few bumps in the road.

First, to use the downloaded version of Enigmail, they say that you must use the standard Thunderbird distribution from the Mozilla site. Fortunately I had done this -- I have Thunderbird 1.02 in /usr/local/thunderbird -- but had I installed Thunderbird from Xandros Networks it might not have worked.

Second, I discovered (with the command gpg --version) that Xandros Linux 2.0 comes with GNU Privacy Guard (GnuPG) version 1.23. Enigmail requires GnuPG 1.4 or higher. I wasn't able to update this through Xandros Networks, so I had to learn how to use the Debian package manager:

  1. Remove the existing gnupg (with Xandros Networks)
  2. Edit /etc/apt/sources.list to include standard Debian sources, per the apt how-to.
  3. apt-get update
  4. apt-get install gnupg/testing (I learned by experimentation that you need the "testing" to get version 1.4)

Having upgraded GnuPG, I was able to use gpg --gen-key to generate my key. For some reason you need to issue this command twice. I accepted all the default settings. It's important to select a long but easily-remembered passphrase. This is like a password, but can be longer, even a line of text from a favorite book. Do not forget this phrase! All of your GnuPG activities are protected by this phrase -- you'll need to type on every occasion you want to send or receive encrypted email. (After you type it, it remains active for several minutes, so you can send several emails after typing it once.)

Once GnuPG is configured, you can install Enigmail. Launch Thunderbird, click Tools > Extensions > Install, navigate to the directory where you saved the downloaded Enigmail .xpi file, and select that file. You then need to close Thunderbird, and re-launch Thunderbird. You'll now have an "Enigmail" option on the top menu bar.

You will be asked "Do you wish to configure Enigmail" for your email account. (If you have multiple email accounts in Thunderbird, you can configure Enigmail separately for each.) I used Andrew Howlett's recommendations for all the preferences. I did not define a log file. Note that you can change these preferences later if you wish.

Now, when you write an email, you will have an "OpenPGP" button in the compose window. Clicking the button gives you the options to "sign message" and/or "encrypt message". Encrypting a message requires knowing the other person's "public key", which can be obtained from a keyserver, from that person's web page, or directly from that person.

When an encrypted email arrives, you'll get an extra "Enigmail" status line telling you if the message is encrypted or signed. You may have to get the public key of the sender to read or verify the message; but Enigmail can actually find that key if it's in one of the configured keyservers. I'm still learning how to add other people's keys; these functions are found under Enigmail > OpenPGP Key Management.

I expect I'll have more to report in the near future. But this should get you started, without having to read 70 pages.


* Yes, I know that this procedure can be automated with Emacs. Emacs can fold my laundry, solve Fermat's Last Theorem, and find the Ark of the Covenant if I'd only bother to climb its learning curve. Thanks, but I prefer something easier.

Version: GnuPG v1.4.1 (GNU/Linux)


Powered By Greymatter