About this Workbook

This workbook is designed to complete specific goals with Thunderbird by providing you with information on how to  use the software. This workbook is not aiming to be a complete manual. There is a great online manual online at http://en.flossmanuals.net/thunderbird.

This workbook is arranged in to groups of chapters called a challenge. Each chapter lists a specific task and gives detailed instructions on how to perform it. 

The challenges are designed to be as self contained as possible to make it easier to reuse this material. We imagine that the material in the workbook will be useful for some of the following;

Contributing to this Workbook

If you are an educator or if you use this Workbook in other ways and would like to help improve or maintain this resource then please sign up to the Flossmanuals discuss email list and introduce yourself.

Account Setup

There are two way to create new email accounts in Thunderbird. The first way is an automated process that guides you through the set up routine. The second is manual, where you enter all of the account information yourself. Let's take a look at both.

Automated Setup

The automated setup process runs the first time that you start Thunderbird. Remember that you can also run the setup at anytime by going to the File menu, pointing at New, and clicking Mail Account.

Here's how to work your way through the automated setup process:

  1. Make sure that your computer is connected to the Internet and then start Thunderbird.
  2. On the first setup screen, enter your name, your email address, your password. Your password is your current email password. If you want Thunderbird to remember your password (so you don't need to keep typing it every time you check your mail), click the Remember password checkbox.

    first_startup_account_wizard_mail_setup_1.JPG

  3. Click the Continue button to go to the next step. Click the Cancel button to stop the set up process.
  4. Thunderbird tries to get your account settings by connecting to the database of Internet Service Providers (ISPs) that is maintained by Mozilla.

    If Thunderbird finds the information for your email provider it automatically enters that information for you. Click the Create Account button to add the account. Click the Cancel button to stop the set up process. 

    first_startup_account_wizard_mail_setup_2.JPG

  5. If Thunderbird cannot find information for your email provider, click the Manual config button in the Mail Account Setup window. For more information on what to do, read the Manual Set Up section below.
  6. Once your account is created, Thunderbird asks you if you want it to be the default application for email, newsgroups, or feeds. Make your choices by clicking the checkboxes.

    If you use Microsoft Windows, you use the Windows Search feature to find messages. Do this by selecting the Allow Windows to search messages checkbox. Click the OK button to save the settings and the Cancel button to leave them unchanged.

    first_startup_account_wizard_mail_setup_3.JPG

    Note: Thunderbird will create your account even if you click Cancel at this point.

  7. Your account has been created and you're ready to go!

    first_startup_account_wizard_mail_setup_4.JPG

  8. Repeat this process for as many accounts as you want to add to Thunderbird.

Manual Set Up

If the automated set up process does not work or if the database of ISPs that Mozilla maintains doesn't contain information about your email provider, you can set up your account manually. Your email provider should supply you with the information that you'll to set up an account. You can usually find this information on your email provider's website, or by contacting their technical support department.

  1. Go to the Tools menu and click Account Settings to open the Account Settings screen.

    account_edit_account_settings.JPG

  2. Go to Account Actions and click Add Mail Account.

    add_mail_account_1.jpg

  3. Thunderbird tries to use the automated process to create your account.

    first_startup_account_wizard_mail_setup_1.JPG

    Enter your name, your email address, and email password and then click the Continue button.

  4. Thunderbird will attempt to use database of Internet Service Providers (ISPs) that is maintained by Mozilla to get the account settings. You can stop this process by clicking the Stop button.

    At this point, click the Stop button to start creating the account manually:

    • Click POP or IMAP in the Incoming row. You won't be able to change from POP to IMAP or IMAP to POP after you have clicked Manual Setup so please double check that you have selected POP or IMAP as appropriate!
    • Click the Manual Config button.

    first_startup_account_wizard_mail_setup_2.JPG

  5. The Account Settings screen will open for your new account. The screen contains your account name, your name, and your email address.
  6. Click Server Settings to configure your account to receive email.

    account_edit_server_settings.JPG

    The IMAP and POP screens look slightly different than the Windows screens. For more information on IMAP and POP, read this short Gmail help article:  https://mail.google.com/support/bin/static.py?page=ts.cs&ts=1668960 

  7. Enter the following settings for your email provider:
    • Server Name
    • User Name
    • Port
    • Security Settings
  8. Click Outgoing Server (SMTP) to setup the account to send email.

    account_edit_smtp_settings_1.JPG

    In Outgoing Server (SMTP) Settings click the Add button.

  9. Enter the settings for sending email that you got from your email provider.

    account_edit_smtp_settings_2.JPG

    Click the OK button to continue.
  10. To complete the set up process, click the OK button on the Account Settings screen.
  11. Thunderbird asks for your password the first time that you try to get or send email. When this happens you can have Thunderbird remember your email.

Remove an Account

 Here's how to remove an email account from Thunderbird.

  1. Go to the account Manual Set Up screen.
  2. Select the account that you want to remove.
  3. Click Account Actions and select Remove Account from the list.
  4. Thunderbird confirms that you want to remove the account. Click the OK button to continue removing the account.

    remove_account_1.JPG

    The account is removed from Thunderbird and is no longer in the Account Settings screen.

Creating your PGP keys

How to use Enigmail to create a pair of keys needed before you can sign and encrypt your email [15 mins] 

You are now ready to start encryption your mails with PGP. You can do this by using Enigmail within Thunderbird. Enigmail comes with a nice wizard to help you with the initial setup and the important aspect of creating a public/private key pair (see the chapter introducing PGP for an explanation). You can start the wizard at any time within Thunderbird by selecting OpenPGP > Setup Wizard from the menu on top.

Step 1. This is what the wizard looks like. Please read the text on every window carefully. It provides useful information and helps you setup PGP to your personal preferences. In the first screen, click on Next to start the configuration.

Step 2. The wizard asks you whether you want to sign all your outgoing mail messages. If you do not chose to sign all your messages, you will have to specify per recipient if you want to sign your e-mail. Signing all your messages is a good choice. Click on the 'Next' button after you have made a decision.

Step 3. On the following screen, the wizard asks you whether you want to encrypt all your outgoing mail messages. Unlike signing of mails, encryption requires the recipient to have PGP software installed. Therefore you should answer 'no' to this question, to make sure you can still send normal mails. Only answer 'yes' here if you want to prevent Thunderbird from ever sending unencrypted mails. After you have made your decision, click on the 'Next' button.

Step 4: On the following screen the wizard asks if he can change some of your mail formatting settings to better work with PGP. It is a good choice to answer 'Yes' here. The only serious thing is that it will prevent you from doing is sending HTML mail messages. Click on the 'Next' button after you have made your decision.

Step 5: Now it is time to start creating the keys. In the following screen you can select one of your mail accounts, or the default one is selected for you if you have only one mail account. In the 'Passphrase' text box you have to give a password. This is a new password which is used to protect your private key. It is very important both to remember this password, because you cannot read your own encrypted emails any more when you lose it, and to make it a strong password. It should be at least 8 characters long, not contain any dictionary words and it should preferably be a unique password. Using the same password for multiple purposes severely increases the chance of it being intercepted at some point. After you have selected your account and created a passphrase, click on the 'Next' button.

Step 6: In the following screen the wizard basically wraps up what actions it will take to enable PGP encryption for your account. If you are satisfied with the options you chose in the previous windows, click on the 'Next' button.

Step 7: Your keys are being created by the wizard. Have some patience. The progress bar should slowly fill up to the right. The wizard will tell you when the keys have been successfully created, then you can click on the 'Next' button again.

Step 8: You now have your own PGP key-pair. The wizard will ask you if you also want to create a special file, called a 'Revocation certificate'. This file allows you to inform others that your key-pair should no longer be considered valid. Think of it as a 'kill switch' for your PGP identity. You can use this certificate in case you have generated a new set of keys, or in case your old key-pair has been compromised. It is a good idea to create the file and keep it somewhere in a safe place. Click on the 'Generate Certificate' button if you want to create the file, otherwise 'Skip'.

Step 9: Assuming you have decided to generate a revocation certificate, the wizard will ask you where the file should be saved. The dialog may appear a bit different on your particular operating system. It is a good idea to rename the file to something sensible like my_revocation_certificate. Click on 'Save' when you you have decided on a location.

Step 10: Assuming you have decided to generate a revocation certificate, the wizard informs you it has been successfully stored.

Step 11: The wizard will inform you it has completed its setup.


Task

Follow the instructions above to;

SEND AN ENCRYPTED AND SIGNED EMAIL

Send and sign encrypted mail in Thunderbird [10 mins]

Signing emails to an individual

Digitally signing email messages is a way to prove to recipients that you are the actual sender of a mail message. Those recipients who have received your public key will be able to verify that your message is authentic.

1. Offer your friend your public key, using the method described earlier in this chapter.

2. In Thunderbird, click on the icon.

3. Before actually sending the mail, enable the OpenPGP > Sign Message option via the menu bar of the mail compose window, if it is not enable already. Once you have enabled this option, by clicking on it, a marked sign will appear. Clicking again should disable encryption again. See the example below.

5. Click on the button and your signed mail will be sent.

Sending encrypted mails to an individual

1. You should have received the public key from the friend or colleague you want to email and you should have accepted their public key, using the method describe earlier in this chapter.

2. In Thunderbird, click on the icon.

3. Compose a mail to the friend or colleague, from who you have previously received their public key. Remember the subject line of the message will not be encrypted, only the message body itself, and any attachments.

4. Before actually sending the mail, enable the OpenPGP > Encrypt Message option via the menu bar of the mail compose window, if it is not enabled already. Once you have enabled this option, by clicking on it, a marked sign will appear. Clicking again should disable encryption again. See the example below.

5. Click on the button and your encrypted mail will be sent.



Task

Follow the instructions above to;

Setting up PGP

After you have successfully installed the GnuPG software you are now ready to install the Enigmail extension.

Enigmail is a Thunderbird add-on that lets you protect the privacy of your email conversations. Enigmail is simply an interface that lets you use GnuPG encryption program from within Thunderbird. The Enigmail interface is represented as OpenPGP in the Thunderbird console tool bar.

Enigmail is based on public-key cryptography. In this method, each individual must generate her/his own personal key pair. The first key is known as the private key. It is protected by a password or passphrase, guarded and never shared with anyone.

The second key is known as the public key. This key can be shared with any of your correspondents. Once you have a correspondent’s public key you can begin sending encrypted emails to this person. Only she will be able to decrypt and read your emails, because she is the only person who has access to the matching private key.

Similarly, if you send a copy of your own public key to your email contacts and keep the matching private key secret, only you will be able to read encrypted messages from those contacts.

Enigmail also lets you attach digital signatures to your messages. The recipient of your message who has a genuine copy of your public key will be able to verify that the email comes from you, and that its content was not tampered with on the way. Similarly, if you have a correspondent's public key, you can verify the digital signatures on her messages.

A small note on Add-ons 

'Add-ons' add functionality to Thunderbird. You might know them already from Firefox where they have the same function. Thunderbird extensions can pimp the mail-client, but they can also collect and transmit information about you. Before you install any add-on, keep in mind to choose add-ons from trusted sources. Otherwise, an add-on might share information about you without your knowing, keep a record on the sites you have visited, or even harm your computer.

There are several kinds of add-ons: 
    •    Extensions add functionality to Thunderbird. 
    •    Themes change the appearance of Thunderbird. 
    •    Plugins help Thunderbird handle things it normally can't process (i.e. Flash movies, Java applications).

For this chapter we are only going to need the Enigmail extension.

 

Installation steps

To begin installing Enigmail, perform the following steps:

Step 1Open Thunderbird, then Select Tools > Add-ons to activate the Add-ons window; the Add-ons window will appear with the default Get Add-ons pane enabled. 

In the Add-On window, you can search for 'Enigmail' and install the extension by clicking 'Add to Thunderbird ...'

2. After you open the Add-On window, you can search for 'Enigmail' and install the extension by clicking 'Add to Thunderbird ...'

 

 

3. Click on 'Install Now' to download and install the extension.

 

Be aware that you will have to restart Thunderbird to use the functionality of this extension! 

Now that you have succesfully downloaded and installed Enigmail and PGP you can go on to the Chapter that deals with setting up the software for use.

Installing Thunderbird on Mac OS X

Thunderbird runs on Mac OS X 10.4.x and later. Thunderbird will run on a computer with at least the following hardware:

Download and Install Thunderbird

  1. Use your web browser to visit the Thunderbird download page at https://www.mozilla.org/en-US/thunderbird/. This page detects your computer's operating system and language, and it recommends the best version of Thunderbird for you to use.

    If you want to use Thunderbird in a different languages or with a different operating system, click the Other Systems and Languages link on the right side of the page and select the version you need.

  2. Download the Thunderbird disk image. When the download is complete, the disc image may automatically open and mount a new volume called Thunderbird.
    If the volume did not mount automatically, open the Download folder and double-click the disk image to mount it. A Finder window appears:

    drag_to_apps.png

  3. Drag the Thunderbird icon into your Applications folder. You've installed Thunderbird!
  4. Optionally, drag the Thunderbird icon from the Applications folder into the Dock. Choosing the Thunderbird icon from the Dock lets you quickly open Thunderbird from there.

    drag_to_dock.png

Note: When you run Thunderbird for the first time, newer versions of Mac OS X (10.5 or later) will warn you that the application Thunderbird.app was downloaded from the Internet.

If you downloaded Thunderbird from the Mozilla site, click the Open button. 

downloaded_from_internet_osx.png

Installing Thunderbird on Windows

Thunderbird runs on Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows 7. Thunderbird will run on a computer with at least the following hardware:

Installing Thunderbird

Installing Thunderbird involves two steps: first, downloading the software and then running the installation program. Here is how to do that:

  1. Use your web browser to visit the Thunderbird download page at https://www.mozilla.org/en-US/thunderbird/. This page detects your computer's operating system and language, and it recommends the best version of Thunderbird for you to use.

    If you want to use Thunderbird in a different language or with a different operating system, click the Other Systems and Languages link and select the version that you need.

  2. Click the download button to save the installation program to your computer.

    The web browser displays a message asking you to start the download:

    Internet Explorer 8

    tbird_win_download_sec_warning.jpg

    Firefox 3.6

    tbird_win_download_firefox.jpg

    Click the Save button to save the Thunderbird Setup file to your computer.

  3. Close all applications running on your computer.
  4. Find the setup file on your computer (it's usually in the Downloads folder) and then double-click it to start the installation. The first thing that the installer does is display the Welcome to the Mozilla Thunderbird Setup Wizard screen.

    tbird_win_install_start.jpg

    Click the Next button to start the installation. If you want to cancel it, click the Cancel button.

  5. The next thing that you see is the Setup Type screen. For most users the Standard setup option is good enough for their needs. The Custom setup option is recommended for experienced users only. Note that Thunderbird installs itself as your default mail application. If you do not want this, clear the checkbox labeled Use Thunderbird as my default mail application.

    tbird_win_install_setup_type.jpg

    Click the Next button to continue the installation. The Back button takes you to the Welcome screen and the Cancel button stops the installation.

  6. After Thunderbird has been installed, click the Finish button to close the setup wizard.

    tbird_win_install_finish.jpg

    If the Launch Mozilla Thunderbird now checkbox is selected, Thunderbird starts after it has been installed.

Installing PGP on OSX

The GNU Privacy Guard (GnuPG) is software which enables you to send PGP encrypted or signed emails. It is necessary to install this software before being able to do any encryption. This chapter covers the installation steps required to install GnuPG on Mac OSX.

Getting started

For this chapter we assume you have the latest version of:

Note on OSX Mail: It is possible to use PGP with the build-in mail program of OSX. But we do not recommend this because this option relies on a hack of the program which is neither open or supported by its developer and breaks with every update of the mail program. So unless you really have no other option we advice you to switch to Mozilla Thunderbird as your default mail program if you want to use PGP.

Downloading and installing the Software

For OSX there is a bundle available which will install everything you need in one installation. You can get it by directing your browser to http://www.gpgtools.org/ and clicking on the big blue disk with "Download GPGTools Installer" written under it. It will redirect you to another page on http://www.gpgtools.org/installer/index.html where you can actually download the software.

(nb. We are using the latest version Firefox for this manual, so the screens might look a little bit different if you are using a different browser)

2. Download the software by choosing 'Save File' and clicking 'OK' in the dialogue.

3. Navigate to the folder where you normally store your downloads (Mostly the desktop or the downloads folder surprisingly) en double click the '.DMG' file to open the virtual disk containing the installer.

4. Open the installer by double-clicking on the icon.

5. The program will check your computer to see if it can run on the computer.

(Note, if you're Mac is bought before 2006 it will not have an intel processor required to run this software and the installation will fail. Sadly it is beyond the scope op this manual to also take into account computers over five year old)

You will be guided by the program through the next steps like accepting the license agreement. But stop pressing all the OK's and Agrees as soon as you come to the 'Installation Type' screen:

6. Clicking 'Customize' will open this screen where you several options of programs and software to install. You can click on each one of them to get a little bit of information on what is is, what it does and why you might need it.

As said in the intro; we advice against using Apple Mail in combination with PGP. Therefore you won't be needing 'GPGMail', as this enables PGP on Apple Mail, and you can uncheck it.

'Enigmail' on the other hand is very important as it is the component that will enable Thunderbird to use PGP. In the screen shot here it is greyed out as the installer wasn't able to identify my installation of Thunderbird. Since this seems to be a bug. You can also install Enigmail from within Thunderbird as is explained in another chapter.

If the option is not greyed out in your installation, you should tick it.

After you checked all the components you want to install click 'Install' to proceed. The installer will ask you for your password and after you enter that the installation will run and complete; Hooray!

Installing up Engimail

Step 1. Open Thunderbird, then Select Tools > Add-ons to activate the Add-ons window; the Add-ons window will appear with the default Get Add-ons pane enabled.

In the Add-On window, you can search for 'Enigmail' and install the extension by clicking 'Add to Thunderbird ...'

2. After you open the Add-On window, you can search for 'Enigmail' and install the extension by clicking 'Add to Thunderbird ...'

3. Click on 'Install Now' to download and install the extension.

Be aware that you will have to restart Thunderbird to use the functionality of this extension!

Testing and Troubleshooting

To test if this has been successful you can progress to the next part of this challenge and try to generate a keypair. If you get errors when you try to do this then either share them with the person leading this course or post them to the Enigmail forum.1 

One Common Installation Problem

One common problem when using Mac OSX is that Enigmail can't find the GPG programme. If this is the case you can try to solve this by updating where Enigmail goes to try to find GPG.

In the main window you should go OpenGPG > Preferences > Advanced  (you may need to tick Expert Settings) and in the Override With box browse to the gpg.exe file in the folder where you installed GPG. If this doesn't help then try the Enigmail forum.

  1. http://www.mozilla-enigmail.org/forum/^

Installing PGP on Ubuntu

We will use the Ubuntu Software Centre for installing PGP (Enigmail and accessories). First open the Ubuntu Software Center through Applications -> Ubuntu Software Center:

Type into the search field 'Enigmail' and search results should be returned automatically:

Highlight the Enigmail item (it should be highlighted by default) and click 'Install' and you will be asked to authenticate the installation process.

Enter your password and click 'Authenticate'. The installation process will begin.

When the process is completed you get very little feedback from Ubuntu. The progress bar at the top left disappears. The 'In Progress' text on the right also disappears. Enigmail should now be installed.

Installing PGP on Windows

To complicate matters a little - PGP is the protocol used for encrypting e-mail by various softwares. To get PGP to work with Thunderbird we need to install GPG - a free software implementation of PGP and Enigmail - an extension of Thunderbird that allows you to use GPG... Confused?! Don't worry about it, all you have to know is how to encrypt your email with PGP and you need to install both GPG and Enigmail. Here is how to do it...

Installing PGP (GPG) on Microsoft Windows

The GNU Privacy Guard (GnuPG) is software which is required to send PGP encrypted or signed emails. It is necessary to install this software before being able to do any encryption.

Head to the website of the Gpg4win project. Go to http://gpg4win.org/

On the left side of the website, you will find a 'Download' link. Click on it.

 

This will take you to a page where you can download the Gpg4Win. Click on the button which offers you the latest stable version (not beta) of Gpg4Win.


This will download you an .exe file. Depending on your browser, you may have to double-click on this downloaded file (which will be called something like gpg4qin-2.1.0.exe) before something happens. Windows will ask you if you are sure you want to install this program. Answer yes.

Then complete the installation by agreeing to the license, choosing appropriate language and accepting the default options by clicking 'Next', unless you have a particular reason not to. 

The installer will ask you where to put the application on your computer. The default setting should be fine but make a note of it as we may need this later. Click on 'Next' when you agree.

Installing with the Enigmail extension

After you have successfully installed the PGP software as we described above you are now ready to install the Enigmail add-on.

Enigmail is a Thunderbird add-on that lets you protect the privacy of your email conversations. Enigmail is simply an interface that lets you use PGP encryption from within Thunderbird.

Enigmail is based on public-key cryptography. In this method, each individual must generate her/his own personal key pair. The first key is known as the private key. It is protected by a password or passphrase, guarded and never shared with anyone.

The second key is known as the public key. This key can be shared with any of your correspondents. Once you have a correspondent's public key you can begin sending encrypted e-mails to this person. Only she will be able to decrypt and read your emails, because she is the only person who has access to the matching private key.

Similarly, if you send a copy of your own public key to your e-mail contacts and keep the matching private key secret, only you will be able to read encrypted messages from those contacts.

Enigmail also lets you attach digital signatures to your messages. The recipient of your message who has a genuine copy of your public key will be able to verify that the e-mail comes from you, and that its content was not tampered with on the way. Similarly, if you have a correspondent's public key, you can verify the digital signatures on her messages.

Installation steps

To begin installing Enigmail, perform the following steps:

Step 1. Open Thunderbird, then Select Tools > Add-ons to activate the Add-ons window; the Add-ons window will appear with the default Get Add-ons pane enabled.

Step 2. Enter enigmail in the search bar, like below, and click on the search icon.

Step 3. Simply click on the 'Add to Thunderbird' button to start the installation.

Step 4. Thunderbird will ask you if you are certain you want to install this add-on. We trust this application so we should click on the 'Install now' button.

Step 5. After some time the installation should be completed and the following window should appear. Please click on the 'Restart Thunderbird' button.

Be aware that you will have to restart Thunderbird to use the functionality of this extension! 

Testing and Troubleshooting

To test if this has been successful you can progress to the next part of this challenge and try to generate a keypair. If you get errors when you try to do this then either share them with the person leading this course or post them to the Enigmail forum.1 

One Common Installation Problem

One common problem when using Windows is that Enigmail can't find the GPG programme. If this is the case you can try to solve this by updating where Enigmail goes to try to find GPG.

In the main window you should go OpenGPG > Preferences > Advanced  (you may need to tick Expert Settings) and in the Override With box browse to the gpg.exe file in the folder where you installed GPG. If this doesn't help then try the Enigmail forum.

  1. http://www.mozilla-enigmail.org/forum/^

Installing Thunderbird on Ubuntu

There are two procedures for installing Thunderbird on Ubuntu: one for version 10.04 or later, and one for earlier versions of Ubuntu. We take a look at both below: 

Thunderbird will not run without the following libraries or packages installed on your computer:

Mozilla recommends that a Linux system also has the following libraries or packages installed:

Installing Thunderbird on Ubuntu 10.04 or newer

If you're using Ubuntu 10.04 or newer, the easiest way to install Thunderbird is through the Ubuntu Software Center.

  1. Click Ubuntu Software Center under the Applications menu.

    Screenshot_Ubuntu_Software_Center.png

  2. Type "Thunderbird" in the search box and press the Enter on your keyboard. The Ubuntu Software Center finds Thunderbird in its list of available software.
  3. Click the Install button. If Thunderbird needs any additional libraries, the Ubuntu Software Center alerts you and installs them along with Thunderbird.

You can find the shortcut to start Thunderbird in the Internet option under the Applications menu:

install_ubuntu_menu

Installing Thunderbird on older versions of Ubuntu

If you are installing Thunderbird under a version of Ubuntu older than 10.04, you can do it with either

the Ubuntuzilla package or with Synaptic Package Manager. You can get more information about Ubuntuzilla here: http://sourceforge.net/apps/mediawiki/ubuntuzilla/index.php.

To install Thunderbird using the Synaptic Package Manager

  1. Click Administration under the System menu, then click Synaptic Package Manager.

    install_ubuntu_synaptic

  2. You'll be asked to enter your root password. This is the password that you use to log into Ubuntu.
  3. In the Quick search box, type "Thunderbird" and then press Enter on your keyboard.
    A list of software that you can install (called packages) appears.
  4. Find Thunderbird in the list, right click on it, and then click on Mark for installation from the menu that appears.
  5. If Thunderbird needs any additional libraries, Synaptic Package Manager alerts you and marks those packages for installation along with Thunderbird.
  6. Click the Apply button.

Installing from a Personal Package Archive

If you want to stay on the cutting edge of Thunderbird, you can install it from a Personal Package Archive (PPA). A PPA is special repository for Ubuntu software that's separate from ones you would normally use either with the Ubuntu Software Center or Synaptic Package Manager. A PPA contains more frequent updates to software -- updates which are often created nightly.

Remember that the software that you get from a PPA is 'cutting edge'. It may be buggy or unstable. Use it at your own risk.

To install Thunderbird from a PPA

  1. Go to the Mozilla PPA at https://launchpad.net/~ubuntu-mozilla-daily/+archive/ppa.
  2. At the Mozilla PPA site, select your version of Ubuntu from the Display sources.list entries for: list. Two lines, which look like the following, appear below the list:

    deb http://ppa.launchpad.net/ubuntu-mozilla-daily/ppa/ubuntu maverick main
    deb-src http://ppa.launchpad.net/ubuntu-mozilla-daily/ppa/ubuntu maverick main

  3. In Ubuntu, click Administration under the System Menu and then click Software Sources.
  4. You'll be asked to enter your root password. This is the password that you use to log into Ubuntu. The Software Sources window appears.

    ubuntu_install_software_sources

  5. In the Software Sources window, click the Other Software tab and then click Add.

    ubuntu_install_add_sources

  6. Copy the first line from list of sources that you created in step 2, paste it into the APT Line field, and then click Add Source.
  7. Repeat steps 5 and 6 for the second line from list of sources that you created in step 2.
  8. In the Software Sources window, click Close. Ubuntu will update the list of software sources that it uses.
  9. Once that's done, you can install Thunderbird using Synaptic Package Manager.

Introduction to Thunderbird

These days many people manage their email on the web using services such as Gmail or Hotmail. These services offer access to email accounts through any web browser. It is convenient because you can get your email from almost any computer. If you live in New York and you are backpacking in Thailand, just find an Internet cafe, log on to a computer, and check your email. 

thunderbird_logo

Another way to handle your email is to use an email client program installed on your own computer. A program like this offers many advantages over using a web email client. It lets you organize your email exactly how you want, it enables you to check email when you are not connected to the Internet, and you can manage multiple email accounts in one place. That said, desktop email clients and web email clients can coexist side-by-side. Using an email client at home doesn't preclude you from using web email when you want to check your account while you are on the road.

Mozilla Thunderbird is a feature-rich, reliable, and secure tool for managing your email.


RECEIVE ENCRYPTED MAIL

Using Thunderbird and Enigmail to receive encrypted e-mails [5 mins]

The decryption of e-mails is handled automatically by Enigmail, the only action that may be needed on your behalf is to enter the pass-phrase to your secret key. In order to complete this part of the challenge you will need to ask someone you have exchanged keys with to send you an encrypted email.

Entering your pass-phrase

For security reasons, the pass-phrase to your secret key is stored temporarily in memory. Every now and then the dialog window below will pop-up. Thunderbird asks you for the pass-phrase to your secret key. This should be different from your normal email password. It was the pass-phrase you have entered when creating your key-pair in the previous chapter. Enter the pass-phrase in the text-box and click on 'OK'

 

Verifying incoming e-mails

Decrypting email messages sent to you will be fully automatic and transparent. But it is obviously important to see whether or not a message to you has in fact been encrypted or signed. This information is available by looking at the special bar above the message body.

A valid signature will be recognized by a green bar above the mail message like the example image below.

The last example message was signed but not encrypted. If the message had been encrypted, it would show like this:

When a message which has been encrypted, but not signed, it could have been a forgery by someone. The status bar will become gray like in the image below and tells you that while the message was sent securely (encrypted), the sender could have been someone else than the person behind the email address you will see in the 'From' header. The signature is necessary to verify the real sender of the message. Of course it is perfectly possible that you have published your public key on the Internet and you allow people to send you emails anonymously. But is it also possible that someone is trying to impersonate one of your friends.

Similarly if you receive a signed email from somebody you know, and you have this persons public key, but still the status bar becomes yellow and displays a warning message, it is likely that someone is attempting to send you forged emails!

Sometimes secret keys get stolen or lost. The owner of the key will inform his friends and send them a so-called revocation certificate (more explanation of this in the next paragraph). Revocation means that we no longer trust the old key. The thief may afterwards still try his luck and send you a falsely signed mail message. The status bar will now look like this:

Strangely enough Thunderbird in this situation will still display a green status bar! It is important to look at the contents of the status bar in order to understand the encryption aspects of a message. PGP allows for strong security and privacy, but only if you are familiar with its use and concepts. Pay attention to warnings in the status bar.


Task

Test your learning by following the instructions above to;

SEND AND RECEIVE PUBLIC KEYS

Add keys to your keyring and send your public key [25 mins]

Our task is to send and receive encrypted and signed email. To do this we will need to exchange public keys with the person that we want to send emails to. Normally to exchange public keys you will contact that person and ask them to send you their key via email or you will download it from the Internet. Conversely, you can then send them your key via email or put in online for them to download. 

Receiving public keys and adding them to your keyring

Downloading keys from the web

Many people put their public keys on the web so that it is possible for others to download their key. Later challenges will cover the use of key servers as another way of receiving and sending keys.  

To continue with this task you may want to use the following key and email to test your ability to send encrypted mail.

PGP key:  http://clearerchannel.org/keys/mickfuzz.gpg
Associated email:  mickfuzz@clearerchannel.org

To be able to send an encrypted email to this address you first need to add that key to your keyring in Thunderbird. To do this click on the link to the PGP key and download that file to your computer. 

Then, in the Thunderbird application go to OpenPGP > Key Management

In the Key Management window select File > Import Keys from File

Browse to the place where you saved the public key you downloaded and then select it and click on the Open button

You should then receive an alert message saying that The key(s) were successfully imported.

You should now be able to progress to sign and encrypt email.

Receiving keys by email

Let's say are able to request and receive a public key from a friend by mail. The key will show up in Thunderbird as an attached file. Scroll down the message and below you will find tabs with one or two file names. The extension of this public key file will be .asc, different from the extension of an attached PGP signature, which ends with .asc.sig

Look at the example email in the next image, which is a received, signed PGP message containing an attached public key. We notice a yellow bar with a warning message: 'OpenPGP: Unverified signature, click on 'Details' button for more information'. Thunderbird warns us that the sender is not known yet, which is correct. This will change once we have accepted the public key.

What are all those strange characters doing in the mail message? Because Thunderbird does not recognize the signature as valid, it prints out the entire raw signature, just as it has received it. This is how digitally signed PGP messages will appear to those recipients who do not have your public key.

The most important thing in this example is to find the attached PGP public key. We mentioned it is a file that ends with an .asc. In this example it's the first attachment on the left, which is in the red circle. Double-clicking on this attachment would make Thunderbird recognize the key.

In the example image above, we should double-click on the attached .asc file to import the PGP public key.

After we have clicked on the attachment, the following pop-up will appear.

Thunderbird has recognized the PGP public key file. Click on 'Import' to add this key to your keyring. The following pop-up should appear. Thunderbird says the operation was successful. Click on 'OK' and you are done. You now have the ability to send this friend encrypted messages.

Sending public keys

There are multiple ways to distribute your public key to friends or colleagues. By far the simplest way is to attach the key to a mail. In order for your friend to be able to trust that the message actually came from you, you should inform them in person (if possible) and also require them to reply to your mail. This should at least prevent easy forgeries. You have to decide for yourself what level of validation is necessary. This is also true when receiving emails from third-parties containing public keys. Contact your correspondent through some means of communication other than e-mail. You can use a telephone, text messages, Voice over Internet Protocol (VoIP) or any other method, but you must be absolutely certain that you are really talking to the right person. As a result, telephone conversations and face-to-face meetings work best, if they are convenient and if they can be arranged safely.

Sending your public key is easy.

1. In Thunderbird, click on the icon.

2. Compose a mail to your friend or colleague and tell them you are sending them your PGP public key. If your friend does not know what that means, you may have to explain them and point them to this documentation.

3. Before actually sending the mail, click to OpenPGP > Attach My Public Key option on the menu bar of the mail compose window. Next to this option a marked sign will appear. See the example below.

4. Send your mail by clicking on the button.


Task

 

Why Encrypt and Sign Email

Some background information about email and how you can install software to sign and encrypt it  [30-45 mins]

E-mail is one of the oldest forms of communication on the Internet. We often use it to communicate very personal or otherwise sensitive information. It is very important to understand why e-mail in its default configuration is not secure. In the following tasks we will describe the different methods necessary to secure your e-mail against known threats.


No sender verification: you cannot trust the 'from' address

Most people do not realize how trivial it is for any person on the Internet to forge an e-mail by simply changing the identity profile of their own e-mail program. This makes it possibly for anyone to send you an e-mail from some known e-mail address, pretending to be someone else. This can be compared with normal mail; you can write anything on the envelope as the return address, and it will still get delivered to the recipient (given that the destination address is correct). We will describe a method for signing e-mail messages, which prevents the possibility of forgery.

E-mail communications can be tapped, just like telephones

An e-mail message travels across many Internet servers before it reaches its final recipient. Every one of these servers can look into the content of messages, including subject, text and attachments. Even if these servers are run by trusted infrastructure providers, they may have been compromised by hackers or by a rogue employee, or a government agency may seize  equipment and retrieve your personal communication.

 

There are two levels of security that protect against such e-mail interception. The first one is making sure the connection to your e-mail server is secured by an encryption mechanism. The second is by encrypting the message itself, to prevent anyone other than the recipient from understanding the content. This challenge covers E-mail encryption using PGP within Thunderbird.

Installing Thunderbird, Enigmail & PGP / GPG

Thunderbird is an email client which has many options and add ons which give you better email security. One of these add ons is a tool called Enigmail. Enigmail needs another bit of software called GPG (which is also known as PGP) to work. What Enigmail does when it is installed is to add a menu item called OpenPGP to your Thunderbird email client when you are checking or sending emails.


Before we can continue we need to make sure you have the right tools for the job. In some operating systems it is quite easy to install these tools so that they work well together. It should only take you 5 minutes if you are using Ubuntu. However in other operating systems getting these three tools to play nicely together can be a bit tricky. You may have to do some troubleshooting. We really wish that this stage was easier. If you run in problems, try to have patience and read the instruction well help you if you get stuck.


Task

Install Thunderbird, PGP and Enigmail and set up an email account. 

If you don't already have Thunderbird, PGP and Enigmail tools installed then;