EnigMail/GPG Tutorial

This is a brief overfiew of what I have been doing to try and get secure e-mail running for myself. I have not got everything running yet, but in time as I learn, I will report my lessons here.

This is a newbie tutorial. Some things have been oversimplified to protect the uninitiated. See the GnuPG website for more complete information on GnuPG.
Check the Enigmail/Mozilla developers site for more information about how to install Enigmail. This tutorial is written because (IMOHO) there is not much information at the Engimail site about how to USE Enigmail if you are not already familiar with PGP/GPG.

  1. Install GPG.
  2. Install Enigmail for your Mozilla mail reader.
  3. Make a directory like /home/username/.mozilla/EnigLog
  4. Through Mozilla, go to the Enigmail Adcanved Preferences, and set the log directory to the above directory.
  5. Set the default send option to "no encryption". If you are a beginning user, like me, you will want to be sending cleartext e-mail MOST of the time anyway. No reason to clog up the key servers for typical, boring e-mail.
  6. You should note when composing mail that Enigmail-->Insert Public Key will insert the public key for your desired e-mail address.
  7. You may need to update your gpg options (~/.gnupg/options). Most of the changes I made, i don't THINK were necessary except perhaps the following. Let me know if these changes for v1.0.6 seem reasonable... I also did:
    But I'm pretty sure that they were unnecessary.
  8. When reading mail with Mozilla, it will be pretty informative to view the Enigmail Console (Enigmail-->View console).
    I find the logfile viewer less useful. When learning your way around, try running
               tail -f ~/.mozilla/EnigLog/enigdbug.txt
    and watch what happens.
  9. It looks like Enigmail is adding public keys to my ring from a keyserver as it automagicly verifies signatures on e-mail that I read. From the documents, it looks like I could import a public key from a file with:
               gpg --import publicKey.txt
    It looks like this will also work from a saved mail message, folder, or any file with an armored ASCII key in it. My best guess is that <Enigmail-->Import public key> will parse the currently displayed e-mail message for a public-key and import it.
    You can check your list of known public keys with:
               gpg --list-keys
  10. You should have a revocation cert., in case your private key is comprimized. this can be generated with
               gpg --gen-revoke <key-id>
    print this out, and put it in a fire safe. I don't know how to use it yet... but I can find out how if/when i need it.
At this point, you should note that Enigmail is automagicly verifying signatures.
I think it will decrypt automagicly also... but I have not excercised that yet.
I still need to learn how I would encrypt mail to somebody whose key was just provided to me as ASCII (not on a server).
I will put a key on a server once I know what I'm doing, and am ready to publish a "golden" key.
Aaron Birenboim
Last modified: Wed Nov 23 08:15:58 MST 2005