We assume that Postbox (or Interlink) and Enigmail are installed by now. If that is not the case, please do so.
In particular, by now we assume that
- Your mail client is installed, all email accounts and identities are set up and hence you can receive and send (unencrypted/unsigned) e-mail;
- Enigmail is installed but not configured yet (default values are set), and you did not restart Thunderbird since installing Enigmail;
- GNU Privacy Guard may or may not be installed yet, and keys may or may not already exist in your keyring.
Even if you already modified Enigmail settings or already have keys, you should be able to follow this guide. Please adapt it for your situation e.g. choosing an existing key instead of creating a new key.
Restart your mail client, and the Setup Wizard window will appear. This wizard will guide you through all steps to configure Enigmail and have it ready to use. This is intended for new users. Using the Setup Wizard is not necessary; experienced users may as well configure Enigmail by hand, which will grant a deeper knowledge of the mechanisms of Enigmail.
What follows is a step-by-step guide to the Setup Wizard followed by a very basic explanation of the signing and encryption functions. If you decide not to use the Setup Wizard, you can go directly to the next topic: Key Management.
The Setup Wizard
The Setup Wizard starts automatically when restarting your mail client after installing Enigmail. The following dialogs will guide you through a basic setup. You may cancel this wizard any time and (re)start it from the menu.
First, the wizard determines, if the Gnu Privacy Guard (GnuPG) is available on your computer. The wizard can download and install the GnuPG automatically if it cannot find it on your computer:
If you are certain that GnuPG is installed on your computer, please point Enigmail to the installed GnuPG program by clicking on Browse and selecting the GnuPG program folder.
Otherwise, if you don't have GnuPG, simply click on Install GnuPG. The Wizard will then download for you the specific package (for Windows or Mac OS X) and automatically run the installer of that package.
On Linux - no matter which distribution - there is almost always a version of GnuPG included, so this step is not needed there.
If in any case you need to install GnuPG manually, please refer to this section.
Installation of GnuPG (Windows)
The following screen is shown during the download and run of the GnuPG installer:
The package is downloaded through a SSL-secured connection. Furthermore, its checksum will be verified by Enigmail so the package is trustworthy.
The next screenshots show the installation of the Windows version of GnuPG, provided by the Gpg4win project. This is the Gpg4win vanilla installer, in case you might want to do this manually. For Mac OS X users, the installation of the GnuPG package for Mac will be shown afterwards.
First, choose the language in which Gpg4win will be installed, then click OK.
The second screen is a welcome message. Click Next.
Selection of components. There's only one compulsory component: GnuPG. Click Next.
Select the folder where the program shall be installed (keep the default if you're not sure). Click Next.
Now the installer performs its work showing a progress bar. Click Next when finished.
Now the installer has finished. Check the Show README file if you want to read it. Click Finish.
Installation of GnuPG (Mac OS)
The following screenshots show the installation of GnuPG for OS X (GpgOSX):
Double click on Install.pkg to proceed.
Follow the steps of the installer screen.
Now you have successfully installed the required GnuPG package for your platform, and the Setup Wizard will continue with configuring Enigmail.
Standard configuration (for first-time users)
If you don't have any keys yet, and never sent any encrypted emails, then the Setup Wizard will automatically create keys for your account(s) and configure your account(s) properly for Enigmail. You can click on Done and start to use encrypted mails.
Import configuration (for people that are already Enigmail users)
Depending on the types of emails found in your mail account, the Enigmail Setup Wizard will offer you the most suitable action.
For example, you can transfer your private keys from an existing device via an Autocrypt Setup Message. If Enigmail detects such a message, it will offer you to import the keys from that message.
If your keys are already on your computer, then Enigmail will try to apply them automatically. This is done by matching the email addresses of your keys to your accounts.
Alternatively, you can export your keys and settings in your existing Enigmail installation, and re-import them on your new machine. The following screen appears if you selected to import an existing Enigmail configuration. This is the case if e.g. you use Enigmail on a different machine and want to transfer it to the this machine, or if you are restoring a backup of a pre-existing configuration of Enigmail after a crash.
Select the file that contains your backup, then click on Continue. Your pre-existing configuration of Enigmail will be restored.
Start using Enigmail
When you start writing a mail, you will now notice a new icons in the toolbar of the Compose window. These icons allows you to sign and/or encrypt the message using a single click on the shown icons. The key and the pen icons show if encryption and/or signing is enabled.
You can configure the toolbar to add more icons, for example to enable protection of the subject: Right click (or CTRL-click on Mac OS X) and select Customize from the pop-up menu that will appear. You can now drag icons into the toolbar or remove them as you like.
You can immediately send signed mail to anyone. However, in order to allow your correspondents to verify your signature or to send you an encrypted message, you need to provide them your public key. You can send your public key as an attachment either by clicking the Attach My Public Key button in the Enigmail toolbar or by choosing Enigmail → Attach My Public Key in the Compose window.
All your stored keys (your own key pair, and other people's public keys you have acquired) can be seen in the Key Management, via the menu command Enigmail → Key Management. In Postbox, the menu Enigmail is only available in the message composition window.
To send encrypted mail, you need to have the public key of the recipient. Enigmail will automatically try to obtain it via various mechanisms (Autocrypt, WKD). If the key can't be found automatically, you can acquire it in one of the following ways:
- ask them to email you their public key as an attachment; then right click on the attachment and choose Import OpenPGP Key;
- retrieve the public key from a keyserver via Keyserver → Search for Keys in Key Management;
- download the public key from his web site as an ASC file, then import it via File → Import Keys From File in Key Management.
When you receive an e-mail message that has been OpenPGP-secured (signed and/or encrypted), it will appear as such:
Note the pen and the lock icon in the upper right corner, which display if the message was signed and/or encrypted. The example message has been both, signed and encrypted. Clicking on the icons will open a dialog with more detailed information.
The message in the figure has been both signed and encrypted, as shown in the Enigmail status bar.
Thank you for using Enigmail! These are the basics of it. You can read about all topics in detail by perusing the rest of this documentation.