[Previous entry: "quote of the day"] [Main Index] [Next entry: "Windows 98 and ME may be safe from WMFs"]
01/02/2006 Archived Entry: "Installing Enigmail under Linux"
Unix and Linux gurus have been able to do encryption for ages. Just compose the email in a text file, type the command line to encrypt that file, copy the new file into an email message, and send. Yech.*
In my Windows days, PGP functions could be integrated with Eudora...but I never got through the 70-page primer that I needed to configure it. Since my move to Linux, I've wanted an encyption package that is integrated with a Linux email client, easy to use, and easy to configure. I'm happy to report that I finally found one: Enigmail for Mozilla Mail and Thunderbird.
Enigmail is also available for Windows, Mac OS X, BSD, and Solaris, but you'll have to figure out the instructions yourself. What follows is from my experience installing Enigmail under Xandros Linux. (Some of it will be relevant to other operating systems, though.)
The secret to my success was finding this page of instructions from Andrew Howlett, a Linux user. You'll also want to refer to the Enigmail instructions.
I encountered a few bumps in the road.
First, to use the downloaded version of Enigmail, they say that you must use the standard Thunderbird distribution from the Mozilla site. Fortunately I had done this -- I have Thunderbird 1.02 in /usr/local/thunderbird -- but had I installed Thunderbird from Xandros Networks it might not have worked.
Second, I discovered (with the command gpg --version) that Xandros Linux 2.0 comes with GNU Privacy Guard (GnuPG) version 1.23. Enigmail requires GnuPG 1.4 or higher. I wasn't able to update this through Xandros Networks, so I had to learn how to use the Debian package manager:
Having upgraded GnuPG, I was able to use gpg --gen-key to generate my key. For some reason you need to issue this command twice. I accepted all the default settings. It's important to select a long but easily-remembered passphrase. This is like a password, but can be longer, even a line of text from a favorite book. Do not forget this phrase! All of your GnuPG activities are protected by this phrase -- you'll need to type on every occasion you want to send or receive encrypted email. (After you type it, it remains active for several minutes, so you can send several emails after typing it once.)
Once GnuPG is configured, you can install Enigmail. Launch Thunderbird, click Tools > Extensions > Install, navigate to the directory where you saved the downloaded Enigmail .xpi file, and select that file. You then need to close Thunderbird, and re-launch Thunderbird. You'll now have an "Enigmail" option on the top menu bar.
You will be asked "Do you wish to configure Enigmail" for your email account. (If you have multiple email accounts in Thunderbird, you can configure Enigmail separately for each.) I used Andrew Howlett's recommendations for all the preferences. I did not define a log file. Note that you can change these preferences later if you wish.
Now, when you write an email, you will have an "OpenPGP" button in the compose window. Clicking the button gives you the options to "sign message" and/or "encrypt message". Encrypting a message requires knowing the other person's "public key", which can be obtained from a keyserver, from that person's web page, or directly from that person.
When an encrypted email arrives, you'll get an extra "Enigmail" status line telling you if the message is encrypted or signed. You may have to get the public key of the sender to read or verify the message; but Enigmail can actually find that key if it's in one of the configured keyservers. I'm still learning how to add other people's keys; these functions are found under Enigmail > OpenPGP Key Management.
I expect I'll have more to report in the near future. But this should get you started, without having to read 70 pages.
brad
* Yes, I know that this procedure can be automated with Emacs. Emacs can fold my laundry, solve Fermat's Last Theorem, and find the Ark of the Covenant if I'd only bother to climb its learning curve. Thanks, but I prefer something easier.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.1 (GNU/Linux)mQGiBEKjNgURBAC3OEulAxc1Qxe7I+o2SfqNJ9tnhiP80v4oEquLwdEpcP8ynWcT
99bX5ZXZnIY/dZGolqDXcZC/lEtY8nqNxeLtKmn4TqNoMOPOLKS5xdh+oO4CzgkW
SxQ5YSObAXpdJ79x7BUec1WP/m8mdvydqY593fjE4QCaNUfFkinDa6KjqwCg1niX
6DntGmL6EotfQp/RzT8ZaLkD/1Ph49SW5IvpVxW6LXPvvZoFy9AGQScsdrswfbil
lVAUH6rkmkkbGi/0qgBtvrL+KKT0z6d8Ig4rv+aoWOznU652UkcWhSXLQwzJKbVG
wBhQvkwpNeKki8G1gkNsBrvi7zq+547t0804o54ofpgGSYU64tzCF/4RK1Ddtm4v
xU6wBACCbkqRUne+uKK2azgwwljJ/iLYtszoyylMz63ncD8gyO2goblJJhT9b15j
Lgve5qqY9lb6N7e4HCFYkqD4uGwDlqHtHjJ+mUxvdg+L0alIlphBLAu45D8r5F/2
ohVzOgDJjIcqQH4Ce2TCyoZDXlS9YLokSfL7KnB87Aa2rq58JbQhQnJhZCBSb2Ry
aWd1ZXogPGJqMkB6ZXRldGljcy5jb20+iF4EExECAB4FAkKjNgUCGwMGCwkIBwMC
AxUCAwMWAgECHgECF4AACgkQF6SxZ2muiQ3/MgCdFKzXVWdLbf0RVkf09tOSOvTC
Q8UAnRqFgWrgpLD4vuFNac8YSrf/lk3OuQINBEKjNmMQCACe/WpR8cKjsOmHAKa9
wGCY6Irt3cay4WXaLFf/sO1OnVwuffSQCt68TGTH7VENGWQbMyw5oJcONsefEFGb
EN8YiWOGIU6u8Iz/ZHKj9Y+r0K4S09GQ1pRJ2HunG0TzFcCFWWWMblbQEkxHnRGQ
4MJvfb3sLuBdFYX9v5m3mFcbC4O7TZcm02/f11309KoBwmycdieSRA5tatPdv9qZ
gfsmopcAk3LcMcoYGxsJ1zWgD9B6uvlBJDH/bgA/cgMBgfxUZBNv/Bx5u57YskD5
G/r8TamnFEIT3XOGWNeQClAeInOjIoZ8x2pGV7ud3TMeg04vmRTbU8z2hmS+mj4B
gZzvAAMFB/9V46FjfYKNO++CoZ90933SH1AlHWtIoB45gsPUqXItakgojlmNPYVm
c53Gm6YH2y7fbI3NHxRUrztRtvRyNNfRorm2wBGNK//5cLaLdrsWKgXgHrplqAWU
domK+z07bES9j9ZrNqWJqomGRlPj3+2FTyOop2OMOpa0Mg8AdSOyHQ1/65Wy8bmN
V+eop8PZXwJJqBdvttsHqzlH4tGwsp8tWMS/421Jj6CYW3D4ZER9+pH6N83zbwjq
R/1dzEtMw9N2sYUpGUZnYahyTFYtpH8EabiyOsgGpM5kWdTlmLOYJJ0qwBSrF1rN
ODHa34QH020JxSALDGGd3i1mMmZ/j2zhiEkEGBECAAkFAkKjNmMCGwwACgkQF6Sx
Z2muiQ3t+QCeOVJaMhGZuNf963DduD+d2uaayDoAnjRsq7ULD+g09oscidx465Zk
TA0K
=OiID
-----END PGP PUBLIC KEY BLOCK-----