Creating GPG keys in Thunderbird

You are now ready to start encryption your mails with GPG. You can do this by using Enigmail within Thunderbird. Enigmail comes with a nice wizard to help you with the creation of a public/private key pair (see the chapter introducing GPG for an explanation). You can start the wizard at any time within Thunderbird by selecting OpenPGP > Setup Wizard from the menu on top.

Step 1. This is what the wizard looks like. Please read the text on every window carefully. It provides useful information and helps you setup GPG to your personal preferences. In the first screen, click on Next to start the configuration.

Step 2. The wizard asks you whether you want to sign all your outgoing mail messages. Signing all your messages is a good choice. If you choose not to, you can still manually decide to sign a message when you are composing it. Click on the 'Next' button after you have made a decision.

Step 3. On the following screen, the wizard asks you whether you want to encrypt all your outgoing mail messages by default. Unlike with signing of mails, encryption requires the recipient to have GPG software installed as well. Therefore you should probably answer 'no' to this question, so that you will send normal (unencrypted) mail by default. After you have made your decision, click on the 'Next' button.

Step 4: On the following screen the wizard asks if it should change some of your mail formatting settings to better work with PGP. It is a good choice to answer 'Yes' because it means that by default, your mail will be composed in plain text rather than HTML. Click on the 'Next' button after you have made your decision.

Step 5: In the following screen, select one of your mail accounts; the default is selected for you if you only have one. In the 'Passphrase' text box you must enter a password. This is a new password which is used to protect your private key. It is very important to remember this password, because you cannot read your own encrypted emails if you forget it. Make it a strong password, ideally 20 characters or longer. Please see the chapter on passwords for help on creating unique, long and easy to remember passwords. After you have selected your account and created a passphrase, click on the 'Next' button.

Step 6: In the following screen the wizard summarizes the actions it will take to enable PGP encryption for your account. If you are satisfied, click the 'Next' button.

Step 7: Your keys will be created by the wizard, which will take some time (you can speed it up by doing random stuff, like moving your mouse, browsing the web or something else). When completed, click on the 'Next' button.

Step 8: You now have your own GPG key-pair. The wizard will ask you if you also want to create a 'Revocation certificate'. This is a file which can be used to inform everyone if your private key is compromised, for example if your laptop is stolen. Think of it as a 'kill switch' for your GPG identity. You may also wish to revoke the key simply because you have generated a new one, and the old one is obsolete.

Step 9: If you decided to generate a revocation certificate, the wizard will ask you where the file should be saved. The dialog will look different depending on which operating system you use. It is a good idea to rename the file to something sensible like 'my_revocation_certificate'. Click on 'Save' when you you have decided on a location.

Step 10: If you decided to generate a revocation certificate, the wizard informs you it has been successfully stored. You may want to print it out or burn it to a CD and keep it in a safe place.

Step 11: The wizard will inform you it has completed the setup.

Congratulations, you now have a fully PGP-configured mail client. In the next chapter we will explain how to manage your keys, sign messages and do encryption. Thunderbird can help you do a lot of these things automatically.

encs/cph/creating-your-gpg-keys.txt · Poslední úprava: 2013/02/25 20:47 (upraveno mimo DokuWiki)
Kromě míst, kde je explicitně uvedeno jinak, je obsah této wiki licencován pod následující licencí: CC Attribution-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki