Secure Messages Transmission

Digitally signing a message helps ensure it has not been tampered with (providing integrity) while encrypting a message helps ensure that nobody, except the intended recipient(s), will be able to “see” the message while in transit on the network (provides confidentiality).

Mozilla supports PGP/GPG with the aid of the mozilla-enigmail package, so make sure you install it first, along with the gnupg package before trying to send secure messages.

Figure 10.12. GPG Key Generation Options

GPG Key Generation Options

GPG keys can also be generated within Mozilla by choosing Enigmail+Generate Key from the menu (Figure 10.12). Fill in the Passphrase and Passphrase (repeat) fields with a secret pass-phrase, the Comment field with any string to identify you, and click on the Generate Key button.

Tip

After clicking on the Generate Key button, try to make your system perform disk-intensive operations (like actively browsing the web) to increase the “randomness pool” and speed-up key generation.

It is highly recommended that you publish your public key on specialized servers, for example KeyServer. This way your friends can get your key from there and you can enjoy digital signature and message encryption features.

Tip

You can use kgpg (under KDE) or seahorse (under GNOME) to publish and manage your GPG keys.

The following table summarizes the new buttons Enigmail adds and a brief explanation of their functions.

Table 10.3. Enigmail Toolbar Buttons

ButtonFunction

Encrypt and send the message immediately. By default the message will be encrypted only. If you also want it to be signed, you can change the defaults in Enigmail's preferences (Edit->Preferences) under the Privacy & Security section, Enigmail sub-section. Select Encrypt+sign if possible as the default encryption option. If you do not want to change the defaults, then select Enigmail->Encrypt+sign send.

Decrypts the selected message (if it is encrypted). Most of the time, you will be prompted for your passphrase in order to decrypt the message. There are two exceptions to this: when you are using an empty passphrase (strongly discouraged) or when the time set in the “remember password for X idle minutes” preference has not yet expired.