The latest version of Enigmail is 1.9.9Last revised/verified:2018-02-06.
It is an add-on for Thunderbird email that lets you digital sign and or encrypt mail
using PGP (Pretty Good Privacy) encryption. This means people spying on your email in
transit will just see gibberish. It is a GUI (Graphic User Interface)
interface to GnuPG (or GunPG4Win on Windows). You can work with the menus inside
Thunderbird or do more advanced work from the gpg.exe
command line. Enigmail works best with plain text, rather than
HTML (Hypertext Markup Language)
formatted. Here are the steps to getting it to work:
Install the GnuPG package. It is a
stand-alone program not a Thunderbird add-on. If you have Windows, install
The latest version is 3.0.3Last revised/verified:2018-01-12.
Install the Enigmail add-on in Thunderbird Tools ⇒
Add-ons ⇒ gear icon ⇒ Install from file If there is no install
button, double click the *.xpi file in the Windows
Explorer. Tell it that you want thunderbird.exe to handle
processing. Be careful, this approach may feed the install to Firefox which will
choke on it.
If you have used PGP, before import your existing
PGPsecring.skr keys and pubring.pkr keys into
EnigMail not GnuPG.
If you don’t already have a PGP
key, Make sure you have no email open, then click OpenPgp on the top bar, then click key
management and generate key pair — a public and private key. Pick a
pass phrase you can remember with writing it down, not just a word. Pick something
unguessable that no one else on earth would dream of using.
Generate a key revocation file and put it away for safe keeping if ever you
forget your password, or lose your master key.
Export your public key (without the secret key!!!) and post it
on your website for people wanting to send you encrypted mail. Only you have the
private key to decrypt it. Use the Export keys function. I
repeat, make sure you select export public keys only or everything you write will
be public to everyone. You can export more than one key to a file if you want.
In Key Management, upload your public key(s) to all the keyservers, so other
people can find your public key knowing only your email address. With the
line you can do bulk uploads of your public keys to additional servers.
GNUpg saves its crucial files in
Make sure you back them up. pubring.gpg contains your
public keys, secring.gpg contains your secret keys and
trustdb.gpg contains your trusted keys.
Send some test messages to yourself. Try combinations of signing, encrypting,
with and without S/MIME (Secure Multipurpose Internet Mail Exchange), with and without
Try reading the test messages so you can see what the various types look like
when they arrive. Often EnigMail automatically decrypts them so it might
superficially look at though nothing happened at all.
Try sending test messages to a friend. Depending on their email software, none,
some or all of the messages will work.
To send someone an encrypted email, you will first have to get their public
key and mark it with your level of trust that you think it truly is their public
key. You can use Enigmail’s key management ⇒ search
for keys function to find keys posted on public keyservers. You can also
look for the key posted on their website. You can also ask them to email the key to
you. There is no need to keep a public key secret. The CIA (Central Intelligence Agency)
can snoop all they want.
When you send a message, you sign it with your own private key,
the one associated with the from email address and encrypt it with the
recipient’s public key, the one they ask you to use for that
particular email address.