This is a continuation to Email Encryption Made Easy with a hope to be more straightforward and useful. Here we will learn how to encrypt Gmail, the mail service used by millions today, in our computer with Thunderbird mail client. The purpose of encryption is security so that your mails can only be read by your recipients and vice versa by disabling other parties, including Google company, ability to read them.

Subscribe to UbuntuBuzz Telegram Channel to get article updates.

About This Tutorial

This article is a rewrite to the Made Easy because of three reasons, first because BitMessage Mail service is discontinued, second because Gmail is used by nearly all people in the world (that means you and me), and third because Thunderbird now has its own encryption system without Enigmail anymore. This tutorial uses Thunderbird version 78 and security-wise you should please update your version first before continuing. We strongly recommend you to not practice this alone but do with at least one friend of yours using the same Thunderbird so you can completely practice sending as well as receiving encrypted emails.

Get Thunderbird

Thunderbird is a mail client program that is free-libre-open-source-software (FLOSS) and also cross-platform.

- Ubuntu users can run Thunderbird from start menu. 

- Windows users can download it from Thunderbird Download.

- MacOS users can download it from Thunderbird Download.

 

Step 1. Setup Gmail

First step is to get Gmail inbox into Thunderbird. The result is you can read mails offline and send mails with encryption. More specifically, this is important to keep your data in your own custody and keep copies at Google's server at minimum.

1. Open Thunderbird. 

2. Menu > New > Existing Mail Account > email setup will open.

3. Type your full name, your email address, and the email's password.

4. Click Continue > a web browser will open Gmail access > accept it.

5. Your email setup finished.

Step 2. Create and Save Keys

Second step is to make your Gmail keys -- in order to secure your emails, you first must have keys (security experts call them GPG keys) consisted of public key and private key. Public key for other person to mail you, private key to read email sent to you (public is okay to share, private must be kept safely in your computer).

1. Right-click your email address > Settings > End to End Encryption.

2.  Click add key > Create a new OpenPGP key > Continue > Generate > follow everything else accordingly.

3. You get a pair of keys.

4. You are ready to receive encrypted mails sent to you. 

Still in second step, you should save public key of your friend (who are willing to mailing securely) in order to send secure mail to him/her. 

1. Receive an email with public key attached from him/her.

2. Click OpenPGP button > Import Key > accept everything accordingly > his/her key imported. 

Or alternatively, download the attached public key > save to a folder > saved as a plain text .asc file.

Go to menubar Tools > OpenPGP Key Manager > File > Import Public Key from File > select that .asc file > his/her key imported.  

3. You are ready to send encrypted email to him/her.

Step 3. Send Email

Third step is to send email. Here we have not yet encrypted our mail. To start your new life, share your public key to your friends who are willing to mailing securely with you. In this exercise, send a copy of public key to your friend.

1. Create a new email, 
2. type the recipient's email address, 
3. type the subject, 
4. type the content, 
5. attach your public key file (.asc), 
6. send it to him/her,
7. recipient will save your key.

Step 4. Receive Email

Fourth step is to receive email. Here we also have not yet encrypted our mail. To complete your new life, ask your friend to send his/her public key to you -- otherwise you cannot send encrypted email to him/her. Once received, follow step 2 to save his/her public key. Later, you should ask more friends to send you their public keys too.

An unencrypted email will show Message Is Not Encrypted sign under the OpenPGP button without any green color.

Step 5. Send Encrypted Email

Fifth step is to send encrypted email. It means you use recipient's public key to send email to him/her. This process is automatic in Thunderbird once you saved his/her public key.

1. Create a new email,
2. select Security to be OpenPGP,
3. enable Require Encryption,
4. type recipient's address, subject, and mail content as usual,
5. send,
   
6. recipient can read your email (after decrypting it with his/her private key; and this process is also automatic in Thunderbird).
   

To verify this step, your friend should be able to read your secure mail in Thunderbird but not in Gmail in web browser, and that means your encryption is successful.

Step 6. Receive Encrypted Email

Sixth step is to receive encrypted email. It means your friend uses your public key to send email to you -- then, only you can open it.

1. Ask you friend to send encrypted email to you,
2. he/she should follow step 5 above,
   
3. you receive the mail,
4. you read the mail.

To verify this step, you should be able to read it in Thunderbird but should not be able to read it in Gmail web browser, and that means our encryption is successfully achieved. An encrypted email will show Message Is Encrypted sign below the OpenPGP green check mark.

Step 7. Invite Friends to Secure Emails

If you reached this step, congratulations! You managed to secure your Gmail. Now you can share this article to your friends so they can follow you to secure their Gmail too (as well as other emails if they have, like Yahoo! or MSN, if they are willing to). If you are a school teacher, please consider teaching this to your students. More people willing to means more "herd security" we will have for our emails and --not less important-- more accustomed we are to email security. Lastly, we all need chances and exercises to make ourselves familiar with email encryption. I hope this article really makes it easier for you to encrypt emails.