If you do not have PGP-Keys on your Nitrokey yet, please look at this page first.
You need to have GnuPG and Thunderbird installed on your System. The newest GnuPG version for Windows can be found here and the newest version for MacOS can be found here. Thunderbird can get downloaded here. Users of Linux systems please install both with help of the package manager (e.g.
sudo apt-get install thunderbird gnupg2 on Ubuntu).
Installing Add-On Enigmail
For being able to encrypt and sign mails in Thunderbird, you need to install the Add-on Enigmail. In Thunderbird open the menu and click on "Add-Ons".
Click on "Extensions" on the left-hand side and use the search field to look for "Enigmail".
A new tab opens, click on "Add to Thunderbird" to install the Enigmail Add-on.
Now open the account settings to enable OpenPGP encryption by right-clicking on your account entry on the left-hand site.
Click on "Enable OpenPGP support". You are asked if you want to quit the "Junior Mode". As you have proper keys on your Nitrokey, you don't need the Junior Mode. Thus, agree to disable it. Click "OK" afterwards to close the account setting.
Now you have one icon for encrypting and one icon for signing a message in the composing window. Click on these icons to en- or disable these functions. GnuPG will start signing and encrypting the mail as soon as you click on 'send'.
First time you use the encryption you may are asked whether to encrypt the subject as well. Choose as you like.