Here is how to set up GPG encryption for emails in Thunderbird on Ubuntu.
Before starting, create a new entry in KeePass for your GPG key and create a new password. See the Security Guidelines for password policies.
Start generating a key by running the following command in your terminal
gpg --full-gen-key
You may check which keys you will be exporting for your e-mail address (we use user@example.com
here, change accordingly). If you have old/expired keys in there, delete them.
gpg --list-keys user@example.com
Export your public key to the current folder, in which the terminal is operating (remember to use your e-mail address as an argument for the --export
switch):
gpg -a --output firstname.lastname.asc --export user@example.com
Distribute your public key part using a secure medium to prevent Man-in-the-middle attacks.
gpg --import someone.asc
sudo apt-get install enigmail
on Ubuntu.keyserver.ubuntu.com
.
gpg --keyserver keyserver.ubuntu.com --send-keys user@example.com
(optionally repeat for other hosts)Eventually, your key will expire. In that case, you can extend your key's expiry and push an update to the key servers.
We have a separate card on how to do this.
If you use a notebook in addition to your desktop PC, you will want to transfer your key pair.
We have a card for that as well.