Nov 02, 2022
6 mins read
🔐 SECURE PRIVATE 📩 EMAIL 🔑 PGP TUTORIAL: PART II
Unique email setup for Journalists, those interested in technology / security, and all other order of geeks. 🤓 💻
Follow along. Security is fun. 🙂
🐦 THUNDERBIRD 📨 EMAIL WITH 🔐 PGP
Part I, we introduced Onionmail project: Tor Hidden Service Federated Email Server Setup with custom security features.
Today we complete our secure private email tutorial by setting everything up in Thunderbird, with torification, onionmail, and PGP.
Post Thanks: "Someone" for recent ☕ support, members / supporters, followers (following is free); anyone taking moment to reshare content (takes second, makes big impact). 🙂
ℹ️ Info: another option for secure email: Tutanota (encrypted email provider with solid track record). Benefits: Easy to manage encrypted email service. They offer free accounts, optional upgrades (one of the few providers I trust).
💡 Since not on: facebook, Telegram, or other social medias (outside mastodon/twitter), help sharing content greatly appreciated (helps growth against algorithm not friendly to unique topics).
🙌 Part II: Thunderbird + PGP 🔑 (Onionmail Example)
If you missed it (and want to follow along), see: Part I.
📖 Today we setup POP3 email with 🔐 PGP end-to-end encryption on Thunderbird.
TIP: Follow tutorial for any POP3 email account. Doesn't have to be onionmail.
This is overall a Thunderbird + PGP Tutorial.
You can create a new email account inside Thunderbird (offered when first opening Thunderbird). For best privacy practices, follow torification network options below (routing all Thunderbird activity through Tor).
Registering (for free) onionmail (register in Tor Browser) account is easy.
Enter desired login. You will see "Subscription complete" page containing important login information / passwords.
(screenshot or otherwise save page so you don't lose anything!)
(skip ahead to Thunderbird config to use existing email account)
🖥️ 📱 Searching / Installing Thunderbird
🐧 DEBIAN LINUX (POP!_OS, Debian, Kali, Parrot, Ubuntu)
Install thunderbird. Search POP!_OS or other Debian based operating system (Ubuntu, Parrot, Kali) with the following command:
sudo apt update && apt search thunderbird
Or, skip straight to install:
sudo apt install thunderbird -y
🐧 ARCH (Manjaro, Arch, Blackarch, EndeavourOS)
Find Thunderbird on Arch Based:
sudo pacman -Ss thunderbird
Install on Arch (Manjaro, Endeavour, Arch, Blackarch) run:
sudo pacman -S thunderbird
On Windows, it's easy to install Thunderbird mail client. Simply go here and click:
💡 ALTERNATIVE TORIFY OPTIONS:
option 1: alternate solution to torify all app connections: connect to a hardware onion router; prevents IP leaks in app setting bugs;
Ex: "support img" RTPBOX "privacy box" automatic torifying by wifi accesspoint (torifies all wifi clients connected to wifi AP). (ex: torify flatpak e2ee messengers [these don't play well with proxychains/torsocks], etc.
(currently shared as "thank you" to anyone total 6 coffee supports (over any time per) + members: read here info)
option 2: run Thunderbird inside TailsOS / Whonix, torifies all computer apps on local machine running Tails / Whonix.
If using one of aforementioned, skip over Tor client setup.
⚙️ THUNDERBIRD 🧅 TORIFICATION 🛠️
To follow along in the most privacy respecting manner, set Thunderbird to use tor to connect to everything (unless using one of above mentioned options).
Proxying prevents direct IP address leaks, enforces Tor only proxying for registration and login, email usage.
Get started: start 🧅 Tor Client (required for torification)
sudo systemctl start tor
Make Tor Client Start Every Boot (optional, but prevents having to start Tor again):
sudo systemctl enable tor
Now that we've started Tor client, let's make use inside Thunderbird (ensuring we always proxy through Tor)...
ℹ️ PROXY SETTINGS: Search Thunderbird settings for network (seen below):
Click 'Settings' for Connection (seen above).
Copy settings for Thunderbird torification:
🛑 WAIT -- we aren't finished proxy settings yet!
Scroll down further.
Make sure you enable "proxy DNS when using SOCKS5" shown in screenshot below:
Proxy DNS should be enabled. When checking off: "Proxy DNS when using SOCKS v5", Tor network takes care of everything in the background, including resolving domains (for non onion).
(start Tor client first: above this section to ensure the proxying works)
📒 THUNDERBIRD CONFIGURATION (📩 EMAIL PROVIDER)
Now that we've properly anonymized connections inside Thunderbird, we can begin adding email account settings.
Recall my earlier screenshot sharing subscription information. You should have something similar to this, for your own email account.
Feel free to substitute unique provider information (if not onionmail, use alternative acct info).
📩 SMTP (Simple Mail Transfer Protocol)
Below I share SMTP server configuration for an onionmail account.
SMTP standing for "simple mail transfer protocol".
This is the server used to "send" out email. In our case it uses unique subscription information, provided by email provider (in this case, onionmail server).
Same applies, whether onionmail, or alternative providers.
Substitute your own valid smtp server information:
Click on "Outgoing Server (SMTP)" shown below (squared off in red):
Fill in the correct server and port (in our case port 25)
Fill in the connection security (onionmail server uses STARTTLS)
📩 POP3 MAIL SERVER CONFIGURATION
Now we need to add our mailbox server (to receive mail). In this case, POP3.
If using same onionmail server as myself, copy this info directly (you will be asked your unique password when first checking mail):
(can disable some of the above settings like "leave messages on server" to store locally - optional)
🔐 END-TO-END ENCRYPTED 📩 EMAIL (🔑 PGP)
If you like the idea of adding end-to-end encryption using PGP, follow along here.
BENEFITS: encrypts email content locally before it is even sent out (on network), ensuring integrity, security, and privacy.
STEP 1: Generate PGP Key For Email Address (inside End-To-End Encryption Setting):
We can set our key to expire (recommended for higher security), and select desired keysize.
Larger keysize for those seeking greater security.
Generating 4096bit key size (RSA):
You will need to select "Confirm" to generate new key (seen below):
Once your key is generated, select your key under "End-To-End Encryption" setting area:
SHARING PUBLIC PGP KEY
Right click on the key in question on the "More" box. Export Public Key to file.
Share that file with others you plan to use PGP with.
Since end-to-end encryption is a two sided game, we need to import public keys for all of those we wish to maintain end-to-end encrypted emails with.
💡 TIP: Privatebin Tor Hidden Service offer a secure way to share keys
IMPORTING PGP KEYS (OF OUR CONTACTS)
See: OpenPGP Key Manager. You can do this multiple ways, easiest being importing their public key file (ask them to export or save their public key to .asc file, or paste in privatebin):
Now that we have OpenPGP key created, and imported (public key) those of our contacts, we can check email, and send our first test email.
💡 TIP: You may wish to restart Thunderbird first to ensure all settings are preloaded properly
📬 RECEIVING EMAIL
To download / check for new emails, we go to our Inbox. Select "Get Messages" (in red):
📨 SENDING OUR FIRST EMAIL
We can select "Write" from inside our inbox:
By default, emails are not PGP encrypted end-to-end.
We can send normal emails with anyone we like (as long as our mail server is not blocked by the receiving email server - some are)
Once we hit the "Encrypt" button (in red), our email will send an end-to-end encrypted (PGP) email:
We can drop down the OpenPGP button, viewing ways PGP is utilized in this email. Having email end-to-end encrypted with PGP even encrypts subject for us (not done on standard email), signed verifies integrity of the sender (spoofed emails will not be signed with your PGP key, proving identity).
"Get Messages" checks for / downloads new emails.
✅ SUCCESS: sent / received our very first end-to-end 🔒 encrypted (PGP) email ! 🥳
🎉 Congrats: You Successfully Setup Thunderbird To Send / Receive: End-To-End Encrypted (PGP) Email! 😀
✅ First went out to Supporters / Members (Thank You for supporting this mission).
Using an official onionmail server offers unique security and privacy measures to protect communications (especially the case when emailing to / from [email protected]).
Onionmail: Part I.
📬 Want to try your onionmail setup?
Test your new account. 🙂
🔐 End-to-end encrypted email: import public PGP key: found here (Tor Browser link).
🔑 Migrate PGP Keys Between Thunderbird Devices?: PART III
🔗 RELATED LINKS
Onionmail Project (donate to onionmail)
Example Onionmail Server (Ridot)
Thunderbird Mail Client (donate)
Tor Project (donate)