This is a brief overfiew of what I have been doing to try
and get secure e-mail running for myself.
I have not got everything running yet, but in time as I learn,
I will report my lessons here.
This is a newbie tutorial. Some things have been oversimplified to
protect the uninitiated.
See the GnuPG website for more complete
information on GnuPG.
Check the Enigmail/Mozilla
developers site for more information about how to install Enigmail.
This tutorial is written because (IMOHO) there is not much information
at the Engimail site about how to USE Enigmail if you are not already
familiar with PGP/GPG.
At this point, you should note that Enigmail is automagicly verifying
- Install GPG.
- Install Enigmail for your Mozilla mail reader.
- Make a directory like /home/username/.mozilla/EnigLog
- Through Mozilla, go to the Enigmail Adcanved Preferences, and set the
log directory to the above directory.
- Set the default send option to "no encryption".
If you are a beginning user, like me, you will want to be sending
cleartext e-mail MOST of the time anyway.
No reason to clog up the key servers for typical, boring e-mail.
- You should note when composing mail that Enigmail-->Insert Public Key
will insert the public key for your desired e-mail address.
- You may need to update your gpg options (~/.gnupg/options).
Most of the changes I made, i don't THINK were necessary except perhaps
the following. Let me know if these changes for v1.0.6 seem reasonable...
I also did:
But I'm pretty sure that they were unnecessary.
- When reading mail with Mozilla, it will be pretty informative to view
the Enigmail Console (Enigmail-->View console).
I find the logfile viewer less useful.
When learning your way around, try running
tail -f ~/.mozilla/EnigLog/enigdbug.txt and watch what happens.
- It looks like Enigmail is adding public keys to my ring from a keyserver
as it automagicly verifies signatures on e-mail that I read.
From the documents, it looks like I could import a public key from a file with:
gpg --import publicKey.txt
It looks like this will also work from a saved mail message, folder, or any file
with an armored ASCII key in it.
My best guess is that <Enigmail-->Import public key> will parse the currently
displayed e-mail message for a public-key and import it.
You can check your list of known public keys with:
- You should have a revocation cert., in case your private key is comprimized.
this can be generated with
gpg --gen-revoke <key-id>
print this out, and put it in a fire safe.
I don't know how to use it yet... but I can find out how if/when i need it.
I think it will decrypt automagicly also... but I have not excercised that yet.
I still need to learn how I would encrypt mail to somebody
whose key was just provided to me as ASCII (not on a server).
I will put a key on a server once I know what I'm doing, and am ready
to publish a "golden" key.
Last modified: Wed Nov 23 08:15:58 MST 2005