Ade Malsasa Akbar contact
Senior author, Open Source enthusiast.
Thursday, September 6, 2018 at 14:48

In your encrypted emailing life, your pair of public and private keys can be moved to another computer in case you have one email account in multiple devices. This also means backup and restore your keys. This way, you don't have to create new pair in every computer (or even in every installed distro). This simple tutorial explains how to import/export keys in Thunderbird Mail Client with Enigmail add-on as continuation to Email Encryption Made Easy tutorial. Enjoy!

Subscribe to UbuntuBuzz Telegram Channel to get article updates directly.


To make this easier, here's details of my identity:
  • My email is and 
  • my key ID is BC...21 (16 chars long, started with BC ended with 21). 
  • my exported public key (pub) will have filename MyName_LastName_Email@Account_(0xYY...YY)_pub.asc
  • my exported public-private keys (pub-sec) will have filename MyName_LastName_Email@Account_(0xYY...YY)_pub-sec.asc
  • Notice that pub means only public key, and pub-sec means both public and private key in one file.
So, your identity should looks like that as well.

1. Importing

This involves (1) importing public keys of your friends (so you can send them secure emails) and (2) importing your own public-private key pair.

(1) Import Public Key

You will do this mostly. Encrypting emails is using public key of the recipient, so of course you will have public keys of all your recipients. If you have* ASC file (.asc) of a public key, you can import it using Enigmail's Key Management:

  • Go to Thunderbird menu Enigmail > Key Management 
  • Go to menu File > Import Keys from File
  • File chooser dialog appears
  • Select the ASC (.asc) file
  • The identity of your friend immediately appears in Key Management

*) For example, you receive email from your friend with his/her public key (ASC file) attached.

(2) Import Both Keys

This is not often to do especially in daily basis. You will need this only when restoring from backup or moving your own pair of keys to another computer. Or, for example, like me, when you create a pair on a LiveCD session and want to transfer it to permanently installed systems. Beside importing keys, you should configure your mail account as well to use that keys.

  • 1. Go to Thunderbird menu Enigmail > Key Management
  • 2. Go to File > Import Keys from File
  • 3. Select your exported ASC file with pub-sec in its filename > Open
  • 4. You will be asked for the password of the private key being imported
  • 5. Enter its password (remember, you created this when creating the pair)
  • 6. Your identity imported and appeared in Key Management 
  • 7. Right-click your email account > Settings > Account Settings dialog appears > under your email address: select OpenPGP Security > give check mark to Enable OpenPGP Support (Enigmail) > select Use specific OpenPGP ID > click Select Key > Key Management appears > select your imported keys > OK > OK.

Looking for exported ASC file that contains your public & private keys:

Successfully imported key pair:

Setting your email account to use that imported keys:

2. Exporting

This involves (1) exporting individual public key in your Key Management (including yours) mainly to share them with others (2) exporting your own public-private key pair. Both are usable as backup as well.

(1) Export Public Key

  • Go to menu Enigmail > Key Management
  • Select individual key you want > right-click > Export Public Key to File
  • While asked, answer "Export Public Keys Only"
  • Save file dialog appears: the file name shows your name + your email address + your key ID (in this example, my ID is BC...21) + pub ended with .asc format
  • Save it to a folder that is safe.
Notice that pub code above indicates the key is public key.

Confirmation of exporting:

The result and notice the pub in its filename:

(2) Exporting Both Keys

Exporting pair of public-private keys is generally making backup of it.
  • Go to menu Enigmail > Key Management.
  • Select your identity that contains your private key.
  • Right-click > Export to File
  • While asked, answer with "Export Secret Keys"
  • Enter your key's password (it's the password created while you create your key pair) > OK
  • Your pair exported in an ASC file.

Exporting confirmation:

The result and notice the pub-sec in its filename:

Keep the ASC file in safe place


This article is licensed under CC BY-SA 3.0.