Quick start

From Enigmail Wiki
Jump to: navigation, search

We assume that Thunderbird and Enigmail are installed by now. If that is not the case, please do so.

In particular, by now we assume that

  1. Thunderbird is installed, all email accounts and identities are set up and hence you can receive and send (unencrypted/unsigned) e-mail;
  2. Enigmail is installed but not configured yet (default values are set), and you did not restart Thunderbird since installing Enigmail;
  3. GNU Privacy Guard may or may not be installed yet, and keys may or may not already exist in your keyring.

Even if you already modified Enigmail settings or already have keys, you should be able to follow this guide. Please adapt it for your situation e.g. choosing an existing key instead of creating a new key.

Restart Thunderbird, and the Setup Wizard window will appear. This wizard will guide you through all steps to configure Enigmail and have it ready to use. This is intended for new users. Using the Setup Wizard is not necessary; experienced users may as well configure Enigmail by hand, which will grant a deeper knowledge of the mechanisms of Enigmail.

What follows is a step-by-step guide to the Setup Wizard followed by a very basic explanation of the signing and encryption functions. If you decide not to use the Setup Wizard, you can go directly to the next topic: Key Management.

The Setup Wizard

The Setup Wizard starts automatically when restarting Thunderbird after installing Enigmail. The following dialogs will guide you through a basic setup. You may cancel this wizard any time and (re)start it from the menu.

The first screen asks you whether you want to set up everything using the wizard:

2-01.png

The next screen will show a selection for your experience level:

2-02-1.9.png

In most cases you might choose to select I prefer a standard configuration (recommended for beginners). Advanced users (e.g. users of other OpenPGP encryption software) might want to select the second option. Expert users can choose the third option; this is intended for users that are already experienced with Enigmail.

If you are already an Enigmail user and you want to restore on the current machine a previously backed up configuration, select I want to import my settings from a previous installation.

After you have made your choice, click Continue.

No matter your choice, the next step will download and install the Gnu Privacy Guard (GnuPG) if the Enigmail Setup Wizard cannot find it on your computer:

2-03.png

If you are certain that GnuPG is installed on your computer, please point Enigmail to the installed GnuPG program by clicking on Browse and selecting the GnuPG program folder.

Otherwise, if you don't have GnuPG, simply click on Install. The Enigmail Setup Wizard will then download for you the specific package (for Windows or Mac OS X) and automatically run the installer of that package.

On Linux - no matter which distribution - there is almost always a version of GnuPG included, so this step is not needed there.

If in any case you need to install GnuPG manually, please refer to this section.

Installation of GnuPG (Windows)

The following screen is shown during the download and run of the GnuPG installer:

2-04.png

The package is downloaded through a SSL-secured connection. Furthermore, its checksum will be verified by Enigmail so the package is trustworthy.

The next screenshots show the installation of the Windows version of GnuPG, provided by the Gpg4win project. This is the Gpg4win vanilla installer, in case you might want to do this manually. For Mac OS X users, the installation of the GnuPG package for Mac will be shown afterwards.

First, choose the language in which Gpg4win will be installed, then click OK.

2-05.png

The second screen is a welcome message. Click Next.

2-06.png

License agreement. Click Next.

2-07.png

Selection of components (there's only one and compulsory component). Click Next.

2-08.png

Select the folder where the program shall be installed (leave default if you're not sure). Click Next.

2-09.png

Select where you want the installer to place links to the program. Click Next.

2-10.png

If you checked Start Menu in the previous screen, select the Start Menu folder where the shortcut shall be placed in.

2-11.png

Now the installer performs its work showing a progress bar. Click Next when finished.

2-12.png

Now the installer has finished. Check the Show README file if you want to read it. Click Finish.

2-13.png

Installation of GnuPG (Mac)

The following screenshots show the installation of the Mac OS X version of GnuPG:

2-14.png

Double click on Install.pkg to proceed.

2-15.png

Please consider carefully what to install. The only required component for the use within Enigmail is MacGPG2. The other components are not necessary for Enigmail:

  • GPGMail is a plugin for Apple Mail;
  • GPG Keychain Access is a key administration utility outside of Enigmail;
  • GPGServices is a tool to encrypt/decrypt files on your hard disk;
  • GPGPreferences is a tool to administer the GnuPG configuration file.

Please only select those components if you want to use them.


Now you have successfully installed the required GnuPG package for your platform, and the Setup Wizard will continue with the standard, extended, manual, or import configuration, depending on what you selected beforehand.

Standard configuration (for beginners)

The next screen shows the wizard if you selected the standard configuration:

2-16.png

Select the account/User ID you want to use with Enigmail. Don't worry, you can later add other accounts/User IDs if you wish to do so. Then click Continue.

The Wizard will now help you to get your key pair. There are two ways to obtain it: by generating a new key pair, or by using an already existing key pair. The wizard will guide you through the possibilities. If there is an already existing key pair on your computer, Enigmail will detect it and offer it to use. More likely, as this is the first time you use Enigmail, you will need to generate a new key pair. The wizard will do this automatically for you:

2-17.png

You will be asked to choose a passphrase to protect your key pair. This passphrase is needed for signing or decryption of a message. Repeat the passphrase, just to be sure there's no typo.

Important: Please make sure that you remember that passphrase! If you forget it, you will not be able to use your key pair any longer, and everything encrypted for this key pair will be lost. Hints for choosing a good passphrase can be found here.

Once the key has been generated, the wizard will display a confirmation together with the button Create Revocation Certificate. Creating a revocation certificate is highly recommended as if you lose your key or forget your passphrase, you can use this revocation certificate to revoke your key. Click on the button and you will be prompted for a location on where to save the revocation certificate. Save it in a safe location outside of your computer. You can also create the revocation certificate later.

If you would like to know more about key generation, read here.

Close the dialog by clicking on Continue.

2-18.png

The Setup Wizard has finished its job, and Enigmail is now ready to use.

Extended configuration (for advanced users)

The following screens appear if you selected the extended configuration option on the first page of the Setup Wizard. If you did this accidentally or are feeling unsure whether this was the right choice, click on Go Back.

2-19.png

Here you can choose whether to have Enigmail configured to work on all your email accounts and identities, or only for some. This can be changed at any time later. How to set up an account to use it with Enigmail is explained here.

Click Continue.

The Wizard will now help you to get your key pair. There are several ways to obtain it:

  • Using an already existing key pair
  • Generating a new key pair
  • Importing an existing key pair

The Wizard will guide you through the possibilities. If there is an already existing key pair on your computer, Enigmail will detect it and offer you to use it:

2-20.png

Select the key suggested by the Wizard (or the one you want to use if there is more than one) and click Continue.

If no key pair is found, you are offered to either create a new key pair or to import one:

2-21.png

Select your option and click Continue.

If you decide to import a key pair the following dialog allows you to browse for the file(s) containing the key:

2-22.png

Select the file(s) and click Continue.

If you decide to create a new key pair, the following dialog will be shown:

2-22.png

The name and email address you select here (called User ID) will be associated with the new generated key pair. You can associate more than one User ID with a key. Adding another User ID to the new generated key can be done easily later.

2-17.png

You will be asked to choose a passphrase to protect your key pair. This passphrase is needed for signing or decryption of a message. Repeat the passphrase, just to be sure there's no typo.

Important: Please make sure that you remember that passphrase! If you forget it, you will not be able to use your key pair any longer, and everything encrypted for this key pair will be lost. Hints for choosing a good passphrase can be found here.

Once the key has been generated, the wizard will display a confirmation together with the button Create Revocation Certificate. Creating a revocation certificate is highly recommended as if you lose your key or forget your passphrase, you can use this revocation certificate to revoke your key. Click on the button and you will be prompted for a location on where to save the revocation certificate. Save it in a safe location outside of your computer. You can also create the revocation certificate later.

If you would like to know more about key generation, read here.

Close the dialog by clicking on Continue.

2-18.png

The Setup Wizard has finished its job, and Enigmail is now ready to use.

Manual configuration (for experts)

The following screen appears if you selected the manual configuration option on the first page of the Setup Wizard. If you did this accidentally or are feeling unsure whether this was the right choice, click on Go Back.

There is no real wizardry here, in fact this dialog shows where to find everything needed for the manual configuration.

2-23.png

Clicking the button Key Management will bring you to the Key Management of Enigmail, where you can manually generate a key.

Also from here you can access your Enigmail Preferences (expert view is already activated) via the Preferences button.

Once you've finished, click on Done.

Import configuration (for people that are already Enigmail users)

The following screen appears if you selected to import an existing Enigmail configuration. This is the case if e.g. you use Enigmail on a different machine and want to transfer it to the this machine, or if you are restoring a backup of a pre-existing configuration of Enigmail after a crash.

2-24.png

Select the file that contains your backup, then click on Continue. Your pre-existing configuration of Enigmail will be restored.

Start using Thunderbird with Enigmail

When you start writing a mail, you will now notice a new Enigmail toolbar below the normal toolbar of the Compose window. This toolbar allows you to sign and/or encrypt the message using a single click on the shown icons. On the right end of this extra toolbar, a pen and/or a key icon are displayed to show if signing and/or encryption is enabled.

You can configure this toolbar like the normal toolbar above: Right click (or CTRL-click on Mac OS X) and select Customize from the pop-up menu that will appear. You can now drag icons into the toolbar or remove them as you like.

2-27.png

You can immediately send signed mail to anyone. However, in order to allow someone to verify your signature or to send you an encrypted message, you must provide him your public key. You can send your public key as an attachment either by clicking the Attach My Public Key button in the Enigmail toolbar or by choosing Enigmail → Attach Public key... in the Compose window, and then by selecting your key in the Key Selection window that will appear.

All your stored keys (your own key pair, and other people's public keys you have acquired) can be seen in the Key Management, via the menu command Enigmail → Key Management.

To send encrypted mail, you need to have the public key of the recipient. You can acquire it in one of the following ways:

  • ask him to email you his public key as an attachment; then right click on the attachment and choose Import OpenPGP Key;
  • retrieve his public key from a keyserver via Keyserver → Search for Keys in Key Management;
  • download his public key from his web site as an ASC file, then import it via File → Import Keys From File in Key Management.

When you receive an e-mail message that has been OpenPGP-secured (signed and/or encrypted), it will appear as such:

2-28.png

The message in the figure has been both signed and encrypted, as shown in the Enigmail status bar. If the Enigmail status bar doesn't show you the full message, click on the little box on the left edge and it will expand.


Thank you for using Enigmail! These are the basics of it. You can read about all topics in detail by perusing the rest of this documentation.