I've written and lectured many times about e-mail security. Sometimes, I discuss securing e-mail systems. I rarely discuss protecting e-mail against modification or eavesdropping, because it seems we just don't care. See what I've written in the past at my Secure E-mail Collection. And recently, I blogged E-mail Security: We Still Don't Bother
I also have written about my love affair with the Eudora e-mail client, but thoughts of moving over to Thunderbird.
But, I like Thunderbird's interface. I like its being free. I like its older brother, Firefox. I recommend moving to Thunderbird to others. I almost moved a while back. But, there were some speed bumps, blogged here. But, recently I decided to slowly give it another try.
So far, things are working smoothly. I've not cut over to using it instead of Eudora, yet. But, I find some interesting security features. Recall, in the aforementioned E-mail Security: We Still Don't Bother, my friend Dave wrote,
I am disappointed that I have to give up PGP but could not reasonably continue to purchase $100-200 worth of email and security software for the purpose of communicating with 9 people. What a sad indictment on the state of email security, huh?
Well, I've got Thunderbird with PGP and S/Mime now. It was fairly straightforward. First, S/MIME: Thunderbird comes with it. I followed the instructions for Getting an S/MIME certificate. I got mine from Thawte. Then I followed those for installing the certificate. And it just worked.
For PGP, I used the Thunderbird Enigmail plugin. But first, I installed GPG (in this case, for Windows), using the installer I found at www.gnupg.org. It installed smoothly.
if you are not going to install existing key rings you can skip the next step.
I then downloaded my secret and private PGP key rings, and used GPG from the command line to read convert them to GPG from PGP. (I did this in the GnuPG folder.) Once I did this, I installed the Enigmail extension to Thunderbird, restarted it and imported the key files using Enigmail's key manager.
If you are new to all this, you'll use Enigmail to create your first key pair and store it.
This will be your decryption and signing key pair. Since I had one already, I needed
to fiddle with Thunderbirds configuration file to point to my key.
Actually, I had created a keypair, and had a horrible time trying to get it to use my
old one. But, finally I figured it out. So, go ahead and generate a new one.
Ff you want to use the old one, edit the prefs.js file (in your Thunderbird
identity folder), and edit the "mail.identity.id3.pgpkeyId" value
to have your key ID. Mine looks like this:
user_pref("mail.identity.id3.pgpkeyId", "0x3521CEA0");
A restart of Thunderbird, and everything is working. If only people actually used encrypted mail...
Just wanted to let you know that I have PGP set up with Enigmail in Thunderbird and it is working GREAT for me. I've had a lot of time to fiddle with several different set ups as I've "converted" my friends and clients at work.
With me using PGP Desktop 9.0 and Mail.app on my PowerBook, it decrypted and authenticated great. Thanks, Jason!
I just noticed you updated your blog with an excerpt from my email to you. I was going to suggest that you post this email address along with my PGP key for anyone who may need help.... I'd be happy to help. I believe it's very important that more people begin to take their privacy seriously. This would be an opportunity for me to help others make their own lives a little more secure.You can contact Jason and get his public PGP key at http://home.comcast.net/~jason.wyman/ or at keyserver http://keyserver.pgp.com/.
Arrrrg!