How to encrypt Thunderbird email

How to encrypt your Thunderbird email

Use Mozilla Thunderbird? When you need to protect the privacy of an email, it’s time to encrypt Thunderbird email.

While messaging apps like WhatsApp contain end-to-end encryption, when it comes to emails most people remain vulnerable.

Launched in 2004 Mozilla Thunderbird is a free, secure email package that offers a wide range of features such as a sophisticated spam filter, a news-client feature and an RSS feed reader.

Mozilla is the group behind Firefox and it is worth noting Thunderbird is no longer actively developed, apart from security updates.

All encryption email packages need to use a PGP (Pretty Good Privacy) protocol. PGP is a data encryption and decryption computer program.

This scrambles your email to prying eyes and allows the person at the other end to read your email as normal.

How to encrypt Thunderbird email

With Thunderbird you install a program called GnuPG, which stands for GNU Privacy Guard which gives you your PGP.

Alongside GnuPG you will need to install Enigmail, a Thunderbird add-on.

You can find both at the Mozilla Thunderbird website.

Installing GnuPG

To install GnuPG you will need to download the right package from the GnuPG page then follow the installation instructions whether installing on Windows or a Mac.

Installing Enigmail

In Thunderbird select Tools>Add-ons.

Use the search bar in the right-hand corner and search for Enigmail. Select it and simply follow the
instructions to install the add-on.

Creating your very own public and private keys

Having an encrypted email system means owning keys that you can use to keep emails safe between yourself and those you communicate with. These are the Public and Private Keys.

On the Thunderbird menu click on OpenPGP and select Set-up Wizard.

The Wizard will give you a choice of having keys for selective emails for signing or for all emails. It is
highly recommended to choose Sign all of my Email option.

If you choose Encrypt all Emails, then make sure all your recipients have the Public keys that enables them to read the emails. You will need to click on creating per-recipient rules.

To send and receive Public keys you will first need to send them to your chosen recipients.

Compose a message

  • From the Thunderbird menu select OpenPGP and then select Attach My Public Key. Then send the email as usual.
  • You will need to store Public keys. To do so open the message. At the bottom of the window double-click on the attachment that ends in asc. This is the file that contains the Public Key.
  • Thunderbird automatically recognises this as a PGP key and asks you to either Import or View the key. Click on Import and the key will be saved.

Send your encrypted Thunderbird email

Compose the message as usual.

From the Thunderbird menu select OpenPGP and enable Sign Message option. To encrypt
the message then enable the Encrypt Message option. The system may ask you to enter
a Passphrase before encrypting the message.

Passphrase refers to a sequence of words or other text which is used to control access to
a computer system, program or data. A Passphrase is similar to a password but is
generally longer for added security.

If your email address is associated with a PGP key, the message will be automatically
encrypted. If not, you will be prompted to select a key from a list.
Then send the message as usual.

Reading a digitally signed/or encrypted email

When you receive an encrypted email, Thunderbird will ask you to enter your Passphrase
to decrypt the message.

To ascertain if the message has been encrypted or signed you need to look at the
information bar above the message.

If Thunderbird recognises the signature, a green bar appears above the message. The
green bar will also show the content of the email if it has been both signed and

If the message has been encrypted but not signed the green bar will show a ‘decrypted
message’. Remember, a message which has not been signed could be from someone
trying to impersonate someone else.

Revoking your key

If you think your Private key may have been compromised, you can delete it and create
new ones. To revoke your key, click on OpenPGP on the Thunderbird menu.

A dialog box appears and check Display All Keys by Default to view all the keys. Right-
click on the key you want to revoke and select Revoke Key to proceed.
Another dialog box will ask for your Passphrase. Enter that and click OK to fully revoke
the key.


To encrypt Thunderbird email may seem a little daunting, but it is well worth the effort for your piece of mind.

Thunderbird is an effective streamlined and powerful interface and keeps your emails safe.

Look regularly for updates and extensions to keep the system tip-top and good luck!

Leave a Reply

Your email address will not be published. Required fields are marked *

DO Version