Digital Signing and Encrypting Mail Messages

Digitally signing a message helps ensure it has not been tampered with (providing integrity) while encrypting a message helps ensure that nobody, except the intended recipient(s), will be able to “see” the message while in transit on the network (provides confidentiality).

In order to use digital signatures or encryption for your mail messages, a personal certificate is needed. Such a certificate can be obtained from a trusted certificate authority or you can generate it yourself (generally good enough for “personal” use) by means of OpenPGP. Please see gpg(1) for key generation information.

Tip

GPG keys can also be generated within Mozilla by choosing Enigmail+Generate Key from the menu. Fill in the Passphrase and Passphrase (repeat) fields with a secret passphrase, the Comment field with any string to identify you, and click on the Generate Key button.

It is highly recommended that you publish your public key on specialized servers, for example KeyServer. This way your friends can get your key from there and you can enjoy digital signature and message encryption features.

Tip

You can use kgpg (under KDE) or seahorse (under GNOME) to publish and manage your GPG keys.

Mozilla supports PGP/GPG with the aid of the mozilla-enigmail package, so make sure you install it first, along with the gnupg package before trying to send encrypted messages.

The message-composition window now changes a bit as shown in Figure 8.10.

Figure 8.10. Enigmail Message-Compose Window

Enigmail Message-Compose Window

Table 8.3. Enigmail Toolbar Buttons

ButtonKeyboard ShortcutFunction
 

Encrypt and send the message immediately. By default the message will be encrypted only. If you also want it to be signed, you can change the defaults in Enigmail's preferences (Edit->Preferences) under the Privacy & Security section, Enigmail sub-section. Select Encrypt+sign if possible as the default encryption option. If you do not want to change the defaults, then select Enigmail->Encrypt+sign send.

 

Decrypts the selected message (if it is encrypted). Most of the time, you will be prompted for your passphrase in order to decrypt the message. There are two exceptions to this: when you are using an empty passphrase (strongly discouraged) or when the time set in the “remember password for X idle minutes” preference has not yet expired.