Enigmail: Wrapping email in a digital security blanket

Enigmail: Wrapping email in a digital security blanket

Secure communication is one of the fundamental pillars of information security. We don't want someone listening in on our phone calls or reading our emails, which is why we encrypt sensitive messages. One way to make our own email more secure is with Enigmail,

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

an add-on to the Mozilla Thunderbird mail client that enables the sending and receiving of digitally signed and/or encrypted messages.

For more information:
Michael Cobb examines which email encryption products can be used outside of the United States.

Learn if the symmetric encryption algorithm for S/MIME messages be changed.
 
Mike Rothman discusses the pros and cons of using an email encryption gateway to prevent data leakage.
In order to use Enigmail, Thunderbird for email and an installation of an OpenPGP compliant key management software package is required, such as GNU Privacy Guard (GnuPG), which is an open source version of PGP for Windows or MacPGP for the OS X platform. Enigmail works as an extension within Thunderbird and does a good job of hiding the complexity normally associated with using digital certificates and encryption.

Once Enigmail is configured, email that has been digitally signed by another user can be verified as authentic. In the mail client, a bar above the subject line of an email message will turn green when a digitally signed email has a valid signature from a trusted sender. It also allows outgoing messages to be digitally signed, verifying to others that the email they received was signed with your private digital key, something no one else but you possesses.

Enigmail can also automatically encrypt and decrypt messages that have been encrypted using the OpenPGP standard. In transit, the encrypted emails are virtually unbreakable (and hence, unreadable to prying eyes), but upon entering the inbox, the messages can be automatically rendered into clear text. Enigmail handles the complexities of certificate lookups in the background, wrapping a simple-to-understand interface around what is typically a complex set of operations.

Using Enigmail and OpenPGP is a great way to gain email privacy without losing your mind.

-- Scott Sidel is an ISSO with Lockheed Martin

This was first published in February 2008

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

Back to top