Thunderbird is one of the most widely used email client thats works on most of the desktop platforms such as Linux, MacOS and Windows.
As of version 78.2.1 OpenPGP has been integrated into Thunderbird so no additional plugins are needed to make it work. If you don't have Thunderbird installed yet, please visit: Thunderbird's website
To create a new keypair for your email you need to:
- Select "end to end ecryption" option from your account's overview page:
- In "End-to-End Encryption" settings you can see whether you have already a keypair assigned to your account. Assuming you don't go ahead and select "+Add key" option
- Unless you have a keypair (on another device) and wish to import it, select "Create a new OpenPGP Key" option
- Before your computer generates your key make sure you have selected correct email address to which your key pair will be assigned.
We recommend changing key type to Ecliptic Curve as it is considered more secure and efficient then RSA keys.
Next, confirm your choices and read the warning carefully. Key generation depending on entrophy generated by your comuter at the time of work may take a whie. Do not close thunderbird and let it do it's work even if it may seem "stuck".
Congratulations! Your new encryption key is created and ready to be used.
- Although you are technically done, please consider backing up the key. It happened to us all in the past. Loosing important data is devastating. Loosing key to open all your email communication can be even worse. Always have a backup stored safely offline, just in case.
Select option to backup your key to a file:
When creating a file backup it is important to secure it with a good password. Otherwise, anyone who obtains access to the backed up key could potantially decrypt all your email communication. Don't overthink it though. If you forget your password to unlock your key, you will loose access to the key and thus communication in case you need to restore your key. Either keep the password somewhere safe (post-it sticker stuck on your computer screen is not recommended) for example a password manager or use something you are sure you will remember.
With proper end to end encryption, you are your service provider so the only person to blame for lost key or password is you! With great security comes great responsibility.