Using Enigmail for Thunderbird, the setup wizard automatically sets itself to PGP/MIME and also disables HTML formatting. I am looking for security and have no idea which to use, though I do know HTML will not work with PGP Inline but will with PGP/MIME.
What is the most and least secure way of going about encrypting emails?
What is the most and least secure way of going about encrypting emails?
There is no difference in security: both use the same cryptographic principles, they just use another method of embedding OpenPGP into e-mails.
I am looking for security and have no idea which to use, though I do know HTML will not work with PGP Inline but will with PGP/MIME.
PGP/MIME has the advantage of properly hiding signatures in metadata when the recipient does not have support for OpenPGP (they might see a "weird attachment", though). PGP/MIME is sometimes not properly handled by mailing lists. PGP/MIME lets you also encrypt and sign attachments.
Inline PGP on the other hand is more visible, and more robust in case of bad MIME implementations. Inline PGP cannot encrypt/sign attachments.
Both methods only support the content of the mail, and do not touch the mail headers (subject, sender, recipient, date, ...).
I'm going to totally disagree with the accepted answer.
PGP/inline is in fact considered less secure than PGP/MIME for a number of reasons:
PGP/Inline does not encrypt the complete message body but requires to protect each part of the email message separately which is why it cannot proof authenticity and integrity for the complete message. This causes several problems.
With PGP/inline, emails may contain encrypted as well as unencrypted parts. Therefore, the recipient might get the impression that the message came encrypted while in fact only a part of it was indeed encrypted.
Inline PGP signatures are prone to several other failure modes, up to and including undetectable message tampering. Because PGP/inline can sign only parts of an email, unsigned parts can be existing or being added, and the recipient might not be aware of it.
See Inline PGP signatures considered harmful for more details and an example.
Do not take my word for it. From the GnuPG FAQ:
Should I use PGP/MIME for my emails?
Almost certainly. In the past this was a controversial question, but recently there’s come to be a consensus: use PGP/MIME whenever possible. The reason for this is that it’s possible to armor email headers and metadata with PGP/MIME, but sending messages inline leaves this data exposed. As recent years have taught us, the metadata is often as sensitive as the contents of the message. PGP/MIME can protect metadata; inline can’t.
Not necessarily connected to security (though some are), but definitely even more reasons to go for PGP/MIME:
