With more and more people trying to get your passwords, and security information, and also stealing identities, as lots of virus does, sending emails to you as if they were some other people, people you know but who never sent you those emails.

Just for you to know what I am talking about, lots of virus, actually seek in the contact list and send emails to all of them with the reply-to field pointing to some other address of you contact list, that way some of your friends will receive an email as if it was sent by some other of your friends. (For Microsoft users only).

Anyway, to avoid password stealing and protect important information sent by email, you should sign and encrypt your emails.

You will need for this:

  • Mozilla Thunderbird - A very good email client
  • Enigmail - A thunderbird add-on to use GNUPG
  • GNUPG - A free tool to encrypt

Installing the required software

Thundebird For Debian and Ubuntu run:

apt-get install thunderbird

For Centos and Fedora run:

yum install mozilla-thunderbird

For Mandriva run:

su -c “urpmi mozilla-thunderbird” or urpmi thunderbird

Enigmail and GNUPG

On Debian and Ubuntu you can run this command:

apt-get install thunderbird

On Fedora, Centos and Mandriva go to this page and follow the instructions


And for GNUPG run this command on Fedora en Centos

yum install gnupg

And on Mandriva run:

urpmi gnupg

Once installed all the required software we need to configure it.

So as soon as you want to send your first email, after installing the software, you will see this screen.


Accept to use the wizard


Select the account or accounts you want to use enigmail with.


Select if you want to sign all your emails, or have per user rules, remember this is not encryption just sign, so is OK to select all.


Select if you want to encrypt all your email, or have per user rules, here is better to choose not to encrypt all your email, unless all or lots of your recipients have your public key, to decrypt your emails, otherwise they will not be able to see it.


The wizard needs to change some configuration options to work better, you can review the changes, click on details for that, and then accept the changes if you want, the only important change is that now all the outgoing email will be by default plain text.


Here you will create you key pair, which is a public key, and a private key, with the public key all your email recipients will verify your signature, and also encrypt email for you. You will need your private key to sign your email, and to decrypt emails sent to you, so as you can see this should be stay really protected, otherwise anybody who has it, will be able to sign emails in your name, or decrypt the emails that are sent to you.


While the keys are being generated, it could be good that you type something or browse the web, that way it will be easier for the computer to create your key, as it will have more random parameters to do it.


You now are asked to create a revocation certificate, in case you loose your private key, it is good to create it.


Choose the folder where you want to save the revocation certificate.


Finally you are done, now you can start sending emails electronically signed and get emails encrypted so only you can read them.

Remember to send only your public key and keep you private key “private”.