Using End-To-End Encryption (E2EE) for email has – for historical reasons – always been more involved. Thankfully though, Mozilla’s Thunderbird email client makes it easier. Thunderbird supports End-To-End Encryption out of the box, using common standards like Pretty Good Privacy (PGP).
In this step-by-step guide, we’ll be using these digital tools to take charge of our online privacy. It’ll take a few minutes, but the result will be a private email experience and the ultimate peace of mind. Let’s begin.
- Download and install Thunderbird:
- Run the program and follow the prompts to sign in.
- After signing in, open the “End-To-End Encryption” page:
- Bottom left ‘cog’ icon > “Account Settings” > “End-To-End Encryption”.
- Generate your personal keys:
- “Add Key…” > “Create a new OpenPGP Key” > “Continue”.
- “Generate key” > “Confirm”.
- Compose a new message:
- “New Message”.
- Enter your recipients’ email addresses in “To” field.
- Enable encryption for this message:
- If there are missing keys, then a yellow message regarding “key issues” will appear. Open the “OpenPGP Key Assistant” page and import the missing keys automatically:
- “OpenPGP” > “Key Assistant” > “Discover Public Keys Online…”.
- If you have successfully imported all keys, then the “OpenPGP Key Assistant” page will tell you that your message “can be encrypted”.
- If there are sill missing keys, then we’ll import them manually. For example, to get a recipient’s public key from their website:
- Look for a file like this. PGP public key files usually end in
.asc
or .gpg
.
- If your browser displays the contents of the file, press Ctrl+S to download it.
- Back on “OpenPGP Key Assistant” page, import the public keys:
- “Import Public Keys From File…”.
- Navigate to the file you downloaded and import it.
- If you have successfully imported all keys, then the “OpenPGP Key Assistant” page will tell you that your message “can be encrypted”.
By default, you’ll enable encryption per email thread. If you’d like, Thunderbird can do it for you, based on whether encryption to the recipient is possible.
- Open the “Privacy & Security” page:
- Bottom left ‘cog’ icon > “Privacy & Security”.
- Enable automatic encryption:
- Scroll down to “Automatic Use of Encryption” section.
- Enable “Automatically enable encryption when possible” checkbox.
Well done; you are now able to use End-To-End Encrypted mail. I hope that this guide has been useful to you.
Be sure to keep your personal keys safe – you won’t be able to recover encrypted messages otherwise. After all, that’s what End-To-End Encryption is for.
Further reading: Setup your email account for using End-To-End Encryption | Thunderbird Help.
Posted on 23.12.24, written by Myron.
- Tested on 23.12.24 via Thunderbird Flatpak.
- Updated on 24.01.19: “Importing recipients’ public keys” – simplified;
- and on 24.11.08 and prior: Minor clarity improvements.
Myron Heng > How to use End-To-End Encryption for Email with Thunderbird in 20 Minutes or Less
This page and its markdown source are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.