We assume that Postbox (or Interlink) and Enigmail are installed by now. If that is not the case, please do so.
In particular, by now we assume that
- Your mail client is installed, all email accounts and identities are set up and hence you can receive and send (unencrypted/unsigned) e-mail;
- Enigmail is installed but not configured yet (default values are set), and you did not restart Thunderbird since installing Enigmail;
- GNU Privacy Guard may or may not be installed yet, and keys may or may not already exist in your keyring.
Even if you already modified Enigmail settings or already have keys, you should be able to follow this guide. Please adapt it for your situation e.g. choosing an existing key instead of creating a new key.
Restart your mail client, and the Setup Wizard window will appear. This wizard will guide you through all steps to configure Enigmail and have it ready to use. This is intended for new users. Using the Setup Wizard is not necessary; experienced users may as well configure Enigmail by hand, which will grant a deeper knowledge of the mechanisms of Enigmail.
What follows is a step-by-step guide to the Setup Wizard followed by a very basic explanation of the signing and encryption functions. If you decide not to use the Setup Wizard, you can go directly to the next topic: Key Management.
The Setup Wizard
The Setup Wizard starts automatically when restarting your mail client after installing Enigmail. The following dialogs will guide you through a basic setup. You may cancel this wizard any time and (re)start it from the menu.
First, the wizard determines, if the Gnu Privacy Guard (GnuPG) is available on your computer. If GnuPG is found, and Enigmail found at least an existing private key in GnuPG, then GnuPG will be used for cryptographic operations. Otherwise, Enigmail will use its own built-in OpenPGP implementation.
Import configuration (for people that are already Enigmail users)
Depending on the types of emails found in your mail account, the Enigmail Setup Wizard will offer you the most suitable action.
For example, you can transfer your private keys from an existing device via an Autocrypt Setup Message. If Enigmail detects such a message, it will offer you to import the keys from that message.
If your keys are already on your computer, then Enigmail will try to apply them automatically. This is done by matching the email addresses of your keys to your accounts.
Alternatively, you can export your keys and settings in your existing Enigmail installation, and re-import them on your new machine. The following screen appears if you selected to import an existing Enigmail configuration. This is the case if e.g. you use Enigmail on a different machine and want to transfer it to the this machine, or if you are restoring a backup of a pre-existing configuration of Enigmail after a crash.
Select the file that contains your backup, then click on Continue. Your pre-existing configuration of Enigmail will be restored.
Start using Enigmail
When you start writing a mail, you will now notice a new icons in the toolbar of the Compose window. These icons allows you to sign and/or encrypt the message using a single click on the shown icons. The key and the pen icons show if encryption and/or signing is enabled.
You can configure the toolbar to add more icons, for example to enable protection of the subject: Right click (or CTRL-click on Mac OS X) and select Customize from the pop-up menu that will appear. You can now drag icons into the toolbar or remove them as you like.
You can immediately send signed mail to anyone. However, in order to allow your correspondents to verify your signature or to send you an encrypted message, you need to provide them your public key. You can send your public key as an attachment either by clicking the Attach My Public Key button in the Enigmail toolbar or by choosing Enigmail → Attach My Public Key in the Compose window.
All your stored keys (your own key pair, and other people's public keys you have acquired) can be seen in the Key Management, via the menu command Enigmail → Key Management. In Postbox, the menu Enigmail is only available in the message composition window.
To send encrypted mail, you need to have the public key of the recipient. Enigmail will automatically try to obtain it via various mechanisms (Autocrypt, WKD). If the key can't be found automatically, you can acquire it in one of the following ways:
- ask them to email you their public key as an attachment; then right click on the attachment and choose Import OpenPGP Key;
- retrieve the public key from a keyserver via Keyserver → Search for Keys in Key Management;
- download the public key from his web site as an ASC file, then import it via File → Import Keys From File in Key Management.
When you receive an e-mail message that has been OpenPGP-secured (signed and/or encrypted), it will appear as such:
Note the pen and the lock icon in the upper right corner, which display if the message was signed and/or encrypted. The example message has been both, signed and encrypted. Clicking on the icons will open a dialog with more detailed information.
The message in the figure has been both signed and encrypted, as shown in the Enigmail status bar.
Thank you for using Enigmail! These are the basics of it. You can read about all topics in detail by perusing the rest of this documentation.