Secure Message Transmission

Digitally signing a message helps to ensure it has not been tampered with (providing integrity) and that the sender is who he claims to be (providing non-repudiability), while encrypting a message helps ensure that nobody, except the intended recipient(s), will be able to “see” the message while in transit on the network (providing confidentiality).

Mozilla supports PGP/GPG with the aid of the mozilla-enigmail package, so make sure you install it first, along with the gnupg package and all their needed dependencies, before trying to send secure messages.

The first step consists in creating a GPG key pair. This can be generated within Mozilla through the Enigmail+Generate Key menu (Figure 9.12, “GPG Key Generation Options”). When you do this for the first time, a dialog asks if you wish to configure enigmail. Confirm, and in the next dialog that appears you can safely ignore all options and just click the OK.

Figure 9.12. GPG Key Generation Options

GPG Key Generation Options

Fill in the Passphrase and Passphrase (repeat) fields with a secret passphrase, the Comment field with any string to identify you, and click on the Generate Key button.

[Tip]Tip

After clicking on the Generate Key button, try to make your system perform disk-intensive operations (like actively browsing the web) to increase the “randomness pool” and to speed up key generation.

It is highly recommended that you publish your public key on specialized servers, for example KeyServer. This way your friends can get your key from there and you can enjoy digital signature and message encryption features.

[Tip]Tip

You can use kgpg to publish and manage your GPG keys.

In the following table we summarize the new buttons Enigmail adds and briefly explain their functions.

Table 9.3. Enigmail Toolbar Buttons

ButtonFunction

Clicking on this button will pop up a window where you can check the Sign Message box to digitally sign your message and the Encrypt Message box to crypt it. Check the Use PGP/MIME box to make your message compatible with mailers supporting PGP/MIME. You can also use the little pencil (keyboard shortcut: Ctrl-Shift-S) and key (keyboard shortcut: Ctrl-Shift-P) buttons at the bottom right of the mail composition window to sign and crypt your message. The buttons will be green when active, gray otherwise.

Decrypts the selected message. Most of the time, you will be prompted for your passphrase in order to decrypt the message. There are two exceptions to this: when you are using an empty passphrase (strongly discouraged) or when the time set in the “remember password for X idle minutes” preference has not yet expired.