Communication Security

Thunderbird_, Apple Mail_

Encrypt email with a PGP client

LAST UPDATED: 06/23/2021 (CHANGELOG)

Skill Level

ADVANCED

Risk Level

HIGH

Time Cost

MODERATE

Financial Cost

FREE

Platforms

LINUX MAC OS WINDOWS

_IF YOUR WORK involves high-profile subjects or other highly sensitive subject matter, you’ll want to integrate PGPPretty Good Privacy, or PGP for short, is a standard for public key cryptography that is commonly used for sending and receiving encrypted emails. The most popular implementation of PGP is similarly named GPG. email encryption into a standalone email client (e.g., Apple Mail or Thunderbird).

This allows you to have complete control over your encryption keysRefers to pair of keys made up of a public and private key that are used in public key cryptography. The public key is used if you want to encrypt a message to someone, or verify a signed message from someone else. The private key can decrypt messages intended for you, and sign messages as yourself to send to others. See public key cryptography., but it can also be complicated and daunting at first. You’ll be responsible for keeping your private key secure, and for keeping track of the public keys of everyone you send encrypted emails to. Even with this sophisticated PGP setup, your message metadata (e.g., sender and recipient, message timestamp) will not be encrypted, so don’t consider this means of communication as confidential.

There are PGP-compatible email clients for all major desktop and mobile operating systems. Users on all major operating systems have the option to use the free and open source client Mozilla’s Thunderbird. Apple Mail users can integrate PGP with a paid pluginAn additional piece of software that integrates with an existing product. from GPGTools.

Technically advanced users can avoid keeping a copy of their PGP key on their computer at all, and instead store it on a security keyA device that can be thought of as a digital key to unlock access to specific accounts. These devices are typically used as a second-factor. , such as a YubiKey. If you’re interested in learning about advanced applications of PGP, you can contact Freedom of the Press Foundation’s digital security training team.

option 01

Mac users: Integrate email encryption into Thunderbird or Apple Mail

STEP 1

Download and install Thunderbird.

Set up Thunderbird with the email account you plan to use to send and receive encrypted emails.

STEP 2

Next, follow the instructions for enabling OpenPGP email encryption with the email account you want to enable it for.

Once that’s set up, select “Require encryption by default” under “Default settings for sending messages” in the End-to-End encryption settings for that account.

Do you already use Apple Mail to send emails on your computer? You also have the option to integrate PGP into your Apple Mail experience with GPGTools. When you download GPGTools, you can use encrypted email integration with a free month trial. At the end of the trial, you’ll be asked to pay a small yearly fee for continued access to GPG Mail.

option 02

Windows users: Integrate email encryption into Thunderbird

STEP 1

Download and install Thunderbird.

Set up Thunderbird with the email account you plan to use to send and receive encrypted emails.

STEP 2

Next, follow the instructions for enabling OpenPGP email encryption with the email account you want to enable it for.

Once that’s set up, select “Require encryption by default” under “Default settings for sending messages” in the End-to-End encryption settings for that account.

option 03

Linux users: Integrate email encryption into Thunderbird

STEP 1

Download and install Thunderbird.

Set up Thunderbird with the email account you plan to use to send and receive encrypted emails.

STEP 2

Next, follow the instructions for enabling OpenPGP email encryption with the email account you want to enable it for.

Once that’s set up, select “Require encryption by default” under “Default settings for sending messages” in the End-to-End encryption settings for that account.

Image by Enigmail.