How can I force Thunderbird to encrypt an email and its attachments?

0

How can I force Thunderbird to encrypt and email and its attachments?

Here is what I have so far:

  1. With Thunderbird open, I clicked on the Write button.
  2. I chose Enigmail > Force Encryption and Enigmail > Force Signing.
  3. I added an attachment to the email.
  4. I designated the recipient as an address for which I already have the public key imported in Thunderbird.
  5. This resulted in the following dialog box, at which chose to encrypt each attachment separately, and I clicked OK:

  1. Next, I encountered the following dialog box warning of complications from html formatting:

Note the dialog box indicates that the message will not occur again, even if there is a recurring problem.

  1. I clicked OK, and checked the remote server that received the email, only to find that it was not encrypted.
  2. I then unchecked the "Compose Messages in Html format" option as per @JorgeCastro's advice in this posting.
  3. I then closed Thunderbird and restarted Thunderbird.
  4. I then repeated the above steps to send another encrypted email with attachments to the remote server.
  5. I checked the remote server, and the email and attachments are almost surely not encrypted.

What am I doing wrong? What can I fix in this setup to make sure that the sent email is encrypted?

Keep in mind that these steps will have to be done on every machine that sends email to my app, so the solution needs to be transparent for non-technical end users.

CodeMed

Posted 2015-02-06T00:14:34.667

Reputation: 324

Answers

1

In order to encrypt something, you must have your own key, AND the key of the person to whom you are sending a message (and/or attachment). If you do not have their public key, then you cannot use it to encrypt a message intended only for them.

So, can you confirm that you have both keys in your keychain?

If you are not sure, do this:

gpg --list-keys

Also, you should go to Enigmail > Preferences > Sending

and activate Manual Encryption settings

I suggest these settings: Automatically sond encrypted = If possible

To send encrypted, accept = All valid keys I have

Confirm before sendind = If unencrypted

Click OK.

Then go to Edit > Account Settings:

In the left column, click on the OpenPGP Security category. Enable both Encrypt messages by default and Sign messages by default

As long as you DO have the key of the intended recipient, then Enigmail should, with the settings above, automatically encrypt the message. But for all messages destined to someone whose key you do NOT have, Enigmail ignores encryption and permits the message to be sent as is.

Klaatu von Schlacker

Posted 2015-02-06T00:14:34.667

Reputation: 150

I edited my answer to include proper enigmail pref settings. can you confirm that those are set correctly? – Klaatu von Schlacker – 2015-02-06T02:45:57.953

Is it possible to disable the server-side pgp, at least temporarily? I would think that you would not want your MTA to do the decryption anyway; it seems more secure to allow your client computer's Thunderbird to do the decryption. – Klaatu von Schlacker – 2015-02-06T03:05:35.513

I have an MS Outlook version of this question. Are you willing to help me with it also? Here is the link: http://superuser.com/questions/881716/gpg-public-key-created-with-gnupg-is-rejected-by-ms-outlook-2010-why

– CodeMed – 2015-02-24T06:01:08.613

Sorry, I have newer used MS Outlook. – Klaatu von Schlacker – 2015-02-26T21:09:56.333

Asked: 2015-02-06T00:14:34.667

Viewed: 1 373 times

Active: 2019-10-20T20:15:40.213