Enigmail is a plugin for Mozilla, with which "GnuPG" is easily integrated.
Homepage: http://enigmail.mozdev.org/
Features
E-Mails:
- Automatic decryption of incoming emails (optional).
- Verification of signatures of incoming emails.
- Signing/Encrypting of outgoing emails.
Keys:
- One can easily attach one's public key in outgoing email.
- One can easily add others' public keys that arrive in attachments.
Installation
Tested Versions:
- Mozilla 1.1 English from mozilla.org
- Enigmail, version 0.65.2
- Enigmime, version 0.65.2
It is best to get an original version from mozilla.org (with modifications / other builds such as Debian's can have problems that keep the plugin from working) - I simply installed mine in my home directory in ~/mozilla, which keeps me from having conflicts with the Debian Packages.
Then, with this build of mozilla, go to the Enigmail homepage - there it is simple to install the plugin - the Browser-Version is automatically detected and the right plugin sent. After installation, completely quit the browser and mail applications, and reopen them.
"Enigmail" should now appear in the overhead menus. If this is not the case, there was either a problem with the installation or the versions of Mozilla and Enigmail don't work together (for example, the installation of Enigmail with the de-AT version of Mozilla 1.1 did not work).
The next step is to generate your own key pairs (if you don't already have them). Enigmail hat hierzu einen Menüpunkt und fragt die notwendigen Daten ab und ruft dann GnuPG auf ( ![/!\](/moin_static19/modernized/img/alert.png "/!\"){kind=small}
this didn't work for me, but one can simply call the command gpg --gen-key from a commandline, which will take you through the process and ask the necessary questions).
The private key should be protected by a non-trivial passphrase (= for example, a whole sentence for a passphrase), to prevent anyone from gaining access to your private key.
It is useful to submit your public key to http://www.keyserver.net, publish it on your own Homepage, and send it to your friends in email attachments. Enigmail has a function for that, with which one can retrieve public keys from email.
If one receives an email which is "signed", one needs to verify that the puublic key of the sender is legitemate. One should either check the Homepage of the sender or keyserver.net - one should, to be sure, check that the "GPG Fingerprint" is the same. This minimizes the danger that one has received a forged key.
Enigmail tries to automatically check keys against the public server ( this didn't work for me - one can either use the command line to check the key, then use Enigmail's function of extracting the key from the email and putting it in the keyring).
One must be careful when sending encrypted attachments - not every email program does this right. ( there also seemed to be problems here: I could produce attachments with Enigmail that I couldn't open).
Conclusion: Nice thing, from time to time. For normal emails without attachments it works very well.