How To Install and Configure Enigmail Enigmail is a Mozilla mail client plug in that allows you to send and receive encrypted email messages. It also allows you to digitally sign e-mail messages. Installing Enigmail is pretty straightforward. First you MUST upgrade your Mozilla browser to version 1.0.2 see: http://www.stonehill.edu/compsci/CS314/HowToUpgradeMozilla.pdf Logon to Linux as ROOT. Click on the Mozilla icon at the bottom of the display. Type in the following URL: http://enigma.mozdev.org/download.html Your browser should display something like this:

It will look a little different because I’m reinstalling enigmail, but you’ll be installing it for the first time. You should see the “You appear to be using Mozilla version 1.0.2 on Linux xxx” however.

Click on the “Install” button, then click on the “Install” button again in the dialog box. If the installation is successful, you’ll see the following:

Close down ALL browser windows and logoff as root. Log back on using your regular user account, (this should be the one you use to send me e-mails). Bring up mozilla again and select the mail/news client under the Window drop down. You should see a NEW drop down in the mail client called “Enigmail”:

Select Enigmail->Preferences and enter your e-mail address. I entered “[email protected]”:

Click on the “Advanced” button and enter “/usr/bin/gpg” as the path to the GnuPG exectuable:

Click OK on both dialogs to close them. Now it’s time to generate your public and private keys so you can start encrypting. Select Enigmail->Generate Key. The following dialog appears:

In the “Passphrase” dialog enter a password that you can remember (like your login password). Enter it again in the second passphrase dialog. In the comment dialog enter “Enigmail Generated Key”. You should see something that looks like this:

Press the “Generate Key” button. After some processing you should see this:

Now it’s time to test your encryption. Compose an e-mail to yourself. Make the subject “test” and for the message itself type “test”:

Now press the “EnigSend” button. This button will encrypt the message and send it to the recipient (you). Now go to the Enigmail->Automatically decrypt/verify messages and make sure that this is UNCHECKED. This will allow you to see the decryption in action. Wait a few seconds, then press the “GetMsgs” button:

If you just look at the e-mail message you sent to yourself it is a mess of garbage characters. Because of the mathematics behind RSA, it would be extremely difficult for anyone to crack this encrypted e-mail. To view the actual message, press the “Decrypt” button. You will be prompted for your passphrase. This is the password you entered when you generated the key a few minutes ago. After entering your password you should see the decrypted e-mail:

OK. Now you can send and receive encrypted e-mails from/to YOURSELF... but what about the rest of the world? To allow others to SEND you an encrypted email, you need to provide them with your public key. Public keys are usually placed in easy to access places like someplace on your personal website, or a public key server like: www.keyserver.net. When you generated your public and private keys a few moments ago, an entry was made in the GnuPG data repository on your linux machine. This data repository is called a “keyring”. We need to access that keyring and export the your public key to a file so people can access it. Bring up a linux shell and type “gpg --list-keys”:

This command lists all of the public and private keys that the GnuPG program is aware of on your system. There should be only ONE pair matching the pair you just generated. Now we’ll export your public key to an ascii file with the following command: gpg –a --export Bob Dugan > publickey.asc Verify that the key was exported with “cat publickey.asc”:

Now you need to get this public key file in a public place where others can access it to send you encrypted messages. Bring up the website: http://www.keyserver.net/en

Click on “Add A Key”.

Type “gedit publickey.asc” in a shell (for some reason regular hilighting in the shell and in emacs doesn’t work so we have to use gedit). Highlight all of the text in the file and select edit->copy:

Paste the contents of the publickey.asc file into the browser window and press the submit button:

Now let’s see if your public key is in the server database. Select “Find A Key” and type in your e-mail address (e.g. [email protected]): NOTE: Some people have reported problems with www.keyserver.net. If you have problems with this keyserver, try http://pgp.mit.edu.

Press the “Get List” button and you should see something like the following:

Now your public key is in a database accessible to anyone in the world. That means that anyone can send you encrypted messages that are virtually unbreakable. If you want to send an encrypted message to someone, you are going to need their public key. You can get this public key from a database like www.keyserver.net, or from a website, or even e-mailed to you from the user. At www.keyserver.net you type in the e-mail address of the person you want to send the encrypted e-mail to and a link to the public key for that person will appear. Since you have to send me an e-mail message... you might as well use [email protected] as the recipient. Click on the link and the public key will be displayed:

Now you have to get the text of this public key from the browser into your GnuPG database. To do this, highlight the text starting on the line: ----BEGIN PGP PUBLIC KEY BLOCK----And ending on the line: -----END PGP PUBLIC KEY BLOCK----Select Edit->Copy to copy the public key to the clipboard:

We need to get this ascii encoding of the public key for [email protected] into a file that can be read by gpg. In a shell, type: emacs bobkey.asc Paste the contents of the clipboard to the emacs window, save the file, and quit out of emacs:

In a shell type “cat bobkey.asc” to verify that you created the shell ok. In the same shell, type “gpg --list-keys”. You’ll see something that looks like this, but the key listed will be YOUR e-mail address. The gpg database has a public and private key for your e-mail address that you generated using Enigmail. We want to add a new public key for the email address [email protected] so that you can send me an encrypted email. To do this, you must import the public key for [email protected] into the gpg database. Type “gpg --import < bobkey.asc”. You should see something like the following acknowledging that the public key was read in:

OK! Now you are ready to send an encrypted e-mail from your e-mail address to another e-mail address! Bring up the Mozilla mail program and send an e-mail from your account to [email protected]:

Select Enigmail->Encrypted Send to encrypt and send the e-mail message:

That’s all folks!

Moving beyond Linux and Mozilla You probably don’t use Mozilla as your regular e-mail client. If you’d like to be able to send and receive secure messages read on! Enigmail works with Mozilla and uses GnuPG encryption system. GnuPG is a free software system that implements public and private key security using the RSA algorithm. It is distributed by the Free Software Foundation and is available on most popular operating systems. GnuPG is a FREE alternative to the commercial PGP system. GnuPG is ALREADY installed on your linux box, but if you want to install the basic encryption software on a Windows machine go here: ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.2.1-1.zip There are a number of e-mail clients that support a GnuPG plug in. These include Microsoft Outlook, Netscape Messenger, and Eudora. You can install the plugin into your favorite e-mail client by looking at the “MUA Plugins” header by following this link: http://www.gnupg.org/(en)/related_software/frontends.html For documentation on how to use GnuPG go here: http://webber.dewinter.com/gnupg_howto/english/GPGMiniHowto.html