Please leave comments if there are gaps / errors that need remedied if you care enough to contribute.
Notes on Interoperability with other encrypted email services
- All you need in order to send an encrypted email to a protonmail user is that they set up a key using RSA 4096.
- From ProtonMail's website: Selecting ECC Curve25519 encrypts and signs your emails using elliptic curve cryptography (ECC)(new window). It is fast, secure, and resistant to timing attacks. Proton Mail now uses ECC Curve25519 by default.
- Thunderbird email client has the options of OpenPGP or S/MIME built in. You will need to furnish a PGP public key using OpenPGP to your friend to use with their ProtonMail account to receive and decrypt and email from you. If you supply a key generated with the OpenPGP option selected I think Protonmail will detect it is RSA-xxxx type key.
- Your friend will need to use an OpenPGP to encrypt and send to you or you will not be able to decrypt. I think this will happen automatically if you furnish a key that is generated with the OpenPGP encryption option selected.
- RSA is an older encryption standard that we implement at its strongest possible setting (4096-bit). It is secure and offers increased compatibility with legacy software than the ECC algorithm, but is also slower.
- Thunderbird as of some previous rev has E2EE ( End to End Encryption ) totally built in. All you have to do is set it up.
- You can set the Tbird to work as: solely encrypted, encrypted or non-encrypted.
- TBird works with any email account: For Example: I use it with my main email account. I opt to use use it as ONLY encrypted. If I try to send without having the recipient's Kpub it gripes and says "No can do".
Why use Thunderbird email client for encryption?
- You can retain your old email address. No problems with changing email address with your friends / contacts.
- Only thing different is when you want to use encryption is that you switch over to Thunderbird Email Tool Interface.
- Unlike ProtonMail only YOU will hold the private key. It's a guaranteed thing that ProtonMail has had a visit from Men In Black and they have been supplied your private key if asked for it.
Who Sees What?
- You: Using Thunderbird > When you are sent an encrypted email and us Thunderbird you see a normal email. No fussing around. Totally normal. Super easy to use
- You: Using Gmail web interface > When you use your normal web client at Gmail you will see what you see in the image below. It's a screen cap of an encrypted message received
- Google: When you use Thunderbird and encryption your stuff will look like this to google. See the two attachments in the image of email below? All garbdy gook encrypted. And only you have the key.
Installation Instructions Start Here
Page Topic Links
Donate if you want to. The page looks intimidating like you must donate. But you do not have to.
Pick a location to download to that you can find
Run the installer you downloaded
Choose the standard install unless you have a good reason not to and are knowledgeable about the choices you will need to make.
Installer will run and entertain you with a progress bar.
Put in any NAME you want. Then use an EMAIL / PASSWORD combination you already have and want to be able to use encryption with.
Alternatively you could create a new email address almost where ever you want and return to this form and enter the EMAIL / PASSWORD combination.
After clicking continue Thunderbird will try to authenticate your credentials and if successful will get the email server configuration so it can set the software up to work with the email account automatically. You can see the results below.
If everything worked correctly you will be informed the account was created successfully. There are a few other setup choices you can make on this form. This article is specifically just how to set up a minimal configuration and then go straight to encryption settings.
Notice the END TO END ENCRYPTION. You can get to the settings for encryption from there or use the upper right menu.
To get to this form go to the 3 horizontal lines at the upper right hand corner of the form.
- Click on the 3 lines
- Click on ACCOUNT SETTINGS
- Click on END TO END ENCRYPTION ( criptografia de ponta a ponta )
The form below should be more or less what you see. However frequent updates may result in it being somewhat different.
RSA encryption uses a public and a private key. Anyone who wants to send you an encrypted email needs your public key. Only you can decrypt the message after it has been encrypted with your public key. Your private key is required to decrypt the message.
The first part of setting up encryption is to creat this PUBLIC, PRIVATE key pair.
Click on Add Key
Select that you want to create an OpenPGP key pair
My preference is RSA key of size 4096 that does not expire
Confirm you want to generate the key pair
After your key pair is generated you can use the OpenPGP Key Manager to export and import keys.
In order to test your configuration you should export your public key as a file and send it to a friend who also has Thunderbird encryption. They can then send you an email that is encrypted using your key to test your configuration is correct.
- Click on the upper right MENU ICON of 3 parallell horizontal lines
- Click on ACCOUNT SETTINGS
- Click on END TO END ENCRYPTION
- Click on OPENPGP KEY MANAGER – looks like a button. Is in a grey box
- Highlight the email you want to export the public key for
- Click on FILE – in the dialog box of the key manager
- Click on EXPORT PUBLIC KEY(S) TO FILE
- Choose a location you want to save keys. Then click on the SAVE button.
- Write an email to your friend and attach this file. He will need to import this key using the same Key Manager interface.
Digitally Signing and Encrypting Messages – this is where I'll place information on digital signing. INCOMPLETE
- Thunderbird Signatures
- Google: thunderbird Digitally Signing and Encrypting Messages
- OpenPGP in Thunderbird – HOWTO and FAQ