OpenPGP Email Encryption with Thunderbird


If you do not have PGP-Keys on your Nitrokey yet, please look at this page first.

You need to have GnuPG and Thunderbird installed on your System. The newest GnuPG version for Windows can be found here and the newest version for MacOS can be found here. Thunderbird can get downloaded here. Users of Linux systems please install both with help of the package manager (e.g. sudo apt-get install thunderbird gnupg2 on Ubuntu).

Installing Add-On Enigmail

For being able to encrypt and sign mails in Thunderbird, you need to install the Add-on Enigmail. In Thunderbird open the menu and click on "Add-Ons".

open add-ons

Click on "Extensions" on the left-hand side and use the search field to look for "Enigmail".

search for enigmail add-on

A new tab opens, click on "Add to Thunderbird" to install the Enigmail Add-on.

add enigmail to thunderbird

Now open the account settings to enable OpenPGP encryption by right-clicking on your account entry on the left-hand site.

Open account settings

Click on "Enable OpenPGP support". You are asked if you want to quit the "Junior Mode". As you have proper keys on your Nitrokey, you don't need the Junior Mode. Thus, agree to disable it. Click "OK" afterwards to close the account setting.

enable OpenPGP usage


Now you have one icon for encrypting and one icon for signing a message in the composing window. Click on these icons to en- or disable these functions. GnuPG will start signing and encrypting the mail as soon as you click on 'send'.

enable encryption in composing window

First time you use the encryption you may are asked whether to encrypt the subject as well. Choose as you like.

choose subject protection