Enigmail: Wrapping email in a digital security blanket

In this tip, contributor Scott Sidel examines Enigmail, a Mozilla Thunderbird add-on that makes email security esay for security pros.

Secure communication is one of the fundamental pillars of information security. We don't want someone listening

in on our phone calls or reading our emails, which is why we encrypt sensitive messages. One way to make our own email more secure is with Enigmail, an add-on to the Mozilla Thunderbird mail client that enables the sending and receiving of digitally signed and/or encrypted messages.

For more information:
Michael Cobb examines which email encryption products can be used outside of the United States.

Learn if the symmetric encryption algorithm for S/MIME messages be changed.
 
Mike Rothman discusses the pros and cons of using an email encryption gateway to prevent data leakage.
In order to use Enigmail, Thunderbird for email and an installation of an OpenPGP compliant key management software package is required, such as GNU Privacy Guard (GnuPG), which is an open source version of PGP for Windows or MacPGP for the OS X platform. Enigmail works as an extension within Thunderbird and does a good job of hiding the complexity normally associated with using digital certificates and encryption.

Once Enigmail is configured, email that has been digitally signed by another user can be verified as authentic. In the mail client, a bar above the subject line of an email message will turn green when a digitally signed email has a valid signature from a trusted sender. It also allows outgoing messages to be digitally signed, verifying to others that the email they received was signed with your private digital key, something no one else but you possesses.

Enigmail can also automatically encrypt and decrypt messages that have been encrypted using the OpenPGP standard. In transit, the encrypted emails are virtually unbreakable (and hence, unreadable to prying eyes), but upon entering the inbox, the messages can be automatically rendered into clear text. Enigmail handles the complexities of certificate lookups in the background, wrapping a simple-to-understand interface around what is typically a complex set of operations.

Using Enigmail and OpenPGP is a great way to gain email privacy without losing your mind.

-- Scott Sidel is an ISSO with Lockheed Martin

This was first published in February 2008

Dig deeper on Open Source Security Tools and Applications

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close