Secure email

Posted on Posted in Secure email

I’ve been looking for an open solution to interfacing with PGP Secure Email and here is what I’ve found. I use Thunderbird as my primary email client as it gives me a common look and feel across both Windows and Mac.

Enigmail is also available for Thunderbird on both Windows and Mac.

Let’s look at each environment in turn.

Mac

Versions used at time of writing this post are:
Thunderbird 24.2.0 http://www.mozilla.org/en-GB/thunderbird/
OpenPGP with  GnuPG support provided by Enigmail 1.6 https://www.enigmail.net/home/index.php
(just install Enigmail and it will also install the required OpenPGP support) Very straightforward to install.

The really good thing is that it can interrogate key servers for any keys it doesn’t have cached locally. Only thing to watch for is when pointing it at a PGP Universal key server you must include the ldap:// in front of the server name.

Windows

First install Gpg4win and then install Enigmail. As part of Gpg4win it installs a Certificate Manager and Unified Crypto GUI called Kleopatra. This is a very nice certificate manager, and it is also capable of downloading keys from servers, although the same advice applies of be sure to include the ldap:// prefix if pointing it at a PGP Universal key server.

Another very nice feature of this Windows version is that it uses rules defined by the user. So, if for example you always want to encrypt whenever sending to a particular email address, you can easily setup a rule that enforces this, very handy.

Versions used at time of writing this post are:
Gpg4win v2.2.1 which includes Kleopatra v2.2.0 https://www.gpg4win.org/
Enigmail 1.6 https://www.enigmail.net/home/index.php
Thunderbird 24.2.0 https://www.mozilla.org/en-GB/thunderbird/

Android

K-9 Mail
APG v1.0.9

I use K-9 and APG has interface links into K-9 making it very slick to sign and encrypt emails being sent from within K-9. The downside is I haven’t managed to get the APG software to pull any keys from a PGP Universal key server? It looks like it should be able to pull keys from key servers, but I haven’t had any success getting keys from PGP Universal key servers.  Even when receiving signed emails I had problems.  I ended up receiving an asc file, then saving to a local file, which is finally then imported into the APG key manager.

That said, once the keys are stored locally, it is very usable because of the support within K-9 for APG.