Thunderbird Profile Encryption

3

3

Is there any way to encrypt my Mozilla Thunderbird profile (stored emails and such) to protect them with a password?

Solutions such as using Windows encryption or TrueCrypt won't work because I only want to encrypt the contents of the file, not use file system-specific features.

Thank you!

user541686

Posted 2011-01-04T23:45:06.200

Reputation: 21 330

4Your Thunderird profile consists of multiple files. Putting them all in a TrueCrypt container will be much easier than handling encryption/decryption on a per-file basis. You can use a TrueCrypt container file to avoid "file system-specific features." – Mike Fitzpatrick – 2011-01-05T02:46:37.177

But then I'd have to install TrueCrypt, which I specifically said doesn't suit my needs because I just want to encrypt one folder, not an entire partition... – user541686 – 2011-01-05T02:49:01.753

2If you read Mike's comments he did not state encrypting an entire partition. – Unfundednut – 2011-01-05T05:04:54.400

Oh shoot... sorry about that, my bad. Everywhere I'd looked on the internet, I'd read about how TrueCrypt encrypts entire partitions, and I missed that part... thanks, I'll look into it; +1 for both. – user541686 – 2011-01-05T07:04:40.147

Would you mind explaining how to do that? I installed the program, but everything is about encrypting volumes, not folders... – user541686 – 2011-01-05T07:52:24.410

3TrueCrypt creates a virtual encrypted disk within a single file and mounts it as though it was a real disk. This virtual volume will look like a whole drive to the OS and applications. You can then move Thunderbird's profile folder onto this new virtual drive (as described in some of the answers). – martineau – 2011-01-05T11:21:35.880

Huh... okay, so I misunderstood, but it's still the same problem: whether the new volume is virtual or physical, I'm still creating a new volume, which I wanted to avoid. – user541686 – 2011-01-06T04:38:54.813

Answers

7

With TrueCrypt:

  1. Create a new file-based container.
    1. In the main window, Create volume
    2. Create an encrypted file containerStandard volume
    3. Select where you want to store it. (I have an AppData.tc in my user directory.)
    4. Accept the default encryption algorithm.
    5. Select how big do you want the volume to be.
    6. Enter a password, or pick a key file, or both.
    7. Format the volume. (I personally choose NTFS as filesystem, for some reliability.)
      • Even though file-based, the container still has a standard filesystem.
      • The Linux term is "loop mounting".
    8. Click Exit.
  2. In the main TrueCrypt window, open the freshly-created volume.
    1. Use Select File
    2. Pick an empty drive letter from the big list
    3. Click Mount
    4. You can make this step mostly-automatic through FavouritesAdd Mounted Volume to Favourites.
  3. Move your Thunderbird profile.
    1. Copy the current profile from your AppData folder to the drive you chose in 2.2
      • Usually it is in %APPDATA%\Thunderbird\Profiles and has a name similar to mbqbp1tq.default
      • After copying, rename to Thunderbird profile or something, to avoid confusion later.
    2. Securely wipe the old profile.
      • I used to like Eraser, until it received a complete rewrite and became inconvienent to use "but it's .NET now!"
      • Now I stick with sdelete.
    3. Tell Thunderbird about the new location. It's kept in %APPDATA%\Thunderbird\Profiles.ini, but there's an easier way to update it:
      1. StartRun → enter thunderbird -profilemanager
      2. Delete your current profile. Click Don't delete files; you already nuked them in step 3.2.
      3. Click Create Profile, enter any name (such as default), and click Choose Folder.
      4. Pick the location of your encrypted profile from step 3.1.
  4. Start Thunderbird.

If you decide you do not like TrueCrypt, there is FreeOTFE, which works in mostly the same way.

With Windows' built-in Encrypting File System: Not to be confused with BitLocker.

You mentioned that you do not want to use filesystem-specific features, but they can be useful at times.

  1. Browse to your Thunderbird settings folder. Usually %APPDATA%\Thunderbird.
  2. Right-click on Profiles, choose Properties.
  3. AdvancedEncrypt contentsOKOK
  4. Start Thunderbird.
  5. Backup the encryption key. You only need to do it once for your Windows account.
    1. Start → Runcertmgr.msc
    2. PersonalCertificates
    3. Find the one with "Encrypting File System" in its "Intended Purposes" column.
    4. Right-click, All tasksExport
    5. Click Yes, export the private key
    6. Enter the encryption password for the exported key, and choose where to put it.
  6. Oh, one more thing. You have to somehow wipe the old, unencrypted data. I use cipher /w:C: to wipe all unused space, but even one pass takes a long time...

The downside - EFS is only available in Windows * Professional and up.

From a comment:

The only other way (besides transparent encryption, as above) is to build crypto capabilities into Thunderbird itself. And considering the complexity of the program, it is not a solution.

user1686

Posted 2011-01-04T23:45:06.200

Reputation: 283 655

I would mark this as the answer -- it is extremely detailed and well-written -- except that I specifically stated I was not looking at encrypting entire volumes or using file-system features, but your steps indicate that I need to either (1) create another volume, format it, then mount it as a directory, or (2) use NTFS's encrypting file system... which is exactly what I said I was not looking for (I already knew about these methods beforehand!). Thank you for taking the time to write it, though. – user541686 – 2011-01-05T09:32:13.137

@Lambert: You stated you do not want to encrypt a partition. You did not mention anything about putting the data into a file, which my post was about. And TBH, I cannot imagine any other way to transparently encrypt an entire lot of files in real-time, besides doing it at file-system level (either a virtual disk or a special filesystem). Sure, technically you could do some hacking to hook all file accesses made by thunderbird.exe, but that way lies madness. Besides, you have not explained why you are so against either of those methods. – user1686 – 2011-01-05T14:00:39.523

@grawity: Seems like I'm misunderstanding how this works... so instead of formatting a volume and mounting it as a folder, you're doing the opposite -- creating a virtual volume and mounting it as a partition. While slightly better, it still won't work for me because I just don't want to create a whole new volume (I guess "volume" was a better name for it than "partition", since it's virtual), simply because it's overkill and it gets very annoying with multiple OSs. (The second method makes my encryption depend on my Windows password, which I don't like.) Thanks for the reply, though. :) – user541686 – 2011-01-05T19:12:42.077

@grawity: I was just looking for a way to make Thunderbird encrypt its files, not tricking it into thinking its files aren't encrypted when they really are. – user541686 – 2011-01-05T19:13:34.900

2@Lambert: TrueCrypt does work on Linux. Similarly, FreeOTFE can open LUKS volumes. As for "overkill"... I'd rather spend five minutes configuring a widely known and used program than spend five hours implementing an encryption scheme in Thunderbird itself and then hoping I patched all functions that deal with files. – user1686 – 2011-01-05T20:45:23.150

@grawity: Who said I was dual-booting with Linux, and who said the problem was compatibility? The problem, simply, is that it's specifically the solution I was not looking for; while your answer is great for some situations, the point of this question was to know if there were any other solutions except this, and this simply isn't answering the question, even if it's a great solution. – user541686 – 2011-01-05T21:38:34.820

2@Lambert: The only other way (besides transparent encryption) is to build crypto capabilities into Thunderbird itself. And considering the complexity of the program, it is not a solution. So, no. – user1686 – 2011-01-06T14:32:38.617

@grawity: That's exactly the kind of answer I was looking for, thanks! (Feel free to put that in your post and I'll mark it as the answer.) – user541686 – 2011-01-06T18:47:54.120

Asked: 2011-01-04T23:45:06.200

Viewed: 8 872 times

Active: 2017-11-17T07:52:36.010