Posted About 13 years ago. Visible to the public. Linked content.
Here is how to set up GPG encryption for emails in Thunderbird on Ubuntu.
Creating a key pair
Before starting, create a new entry in KeePass for your GPG key and create a new password. See the Security Guidelines for password policies.
Start generating a key by running the following command in your terminal
gpg --full-gen-key
Select the default key type (RSA/RSA)
Choose at least 4096 bits for key length.
Make your key valid for 5-10 years; do not choose an infinitely valid key.
Fill in the remaining info but don't confirm, yet.
Copy your password from KeePass to the clipboard, confirm in the Terminal and then paste your password into the popup dialog.
You may check which keys you will be exporting for your e-mail address (we use user@example.com here, change accordingly). If you have old/expired keys in there, delete them.
gpg --list-keys user@example.com
Export your public key to the current folder, in which the terminal is operating (remember to use your e-mail address as an argument for the --export switch):
gpg -a --output firstname.lastname.asc --export user@example.com
Distribute your public key part using a secure medium to prevent Man-in-the-middle attacks.
Importing foreign public keys
Use Gnome's integration (open the context menu on a key file)
Publish your key to at least keyserver.ubuntu.com.
In Thunderbird, you can use menu "Enigmail" → "Key Management". Right-click on your key and chose "Upload public keys to keyserver".
In a terminal, you can use gpg --keyserver keyserver.ubuntu.com --send-keys user@example.com (optionally repeat for other hosts)
You may download the public keys of your colleagues (if you don't, you can download missing keys later): Menu "Enigmail" → "Key Management" → Menu "Keyserver" → "Search for keys" → Search for "makandra.de" → Ok → Pick any fitting results and press "Ok"