Encrypting Emails with PGP and Keybase

This post guides you through the process of setting up PGP on OS X and registering a Keybase account.

Configure Thunderbird and create a verified Keybase profile that allows you to send and receive encrypted email messages with other Keybase members.

The entry was written for the CryptoParty get-togethers in Northern Ireland. Hello, Belfast chapter!

Pre-requirements

You’ll need the following:

Depending on your operating system:

Instructions

Installing Thunderbird

The first step is setting up your mailer. Follow the slideshow below to install Mozilla Thunderbird. We also configure it to access your mailbox via IMAP and SMTP protocols.

Check out the CryptoParty Wiki for the installation instructions on Windows and Linux if necessary.

Installing GPG Suite

Good job! Now download the GPG Suite installer from the official page and follow the screenshots.

Windows users should refer to the CryptoParty Wiki. Linux users should read these instructions instead.

Generating Public and Private Keys

The next step is creating a PGP key pair using GPG Suite. Launch the GPG Keychain app from Applications and follow the instructions below.

Linux users should skip to the Enigmail configuration, Windows users please click here.

Setting up Enigmail

Once the key pair is generated, we can move on to the Thunderbird integration. Enigmail is an extension that integrates Thunderbird and GPG Suite (or GnuPG/Gpg4win) together.

Exporting the PGP Key Pair

In the following section, we export your key pair into your Keybase profile. Open the GPG Keychain again and follow the instructions below. Your key will tentatively be saved into a text file on your computer.

Setting up a Keybase Account

Once we have the PGP keys exported, we can now sign-up for Keybase on https://keybase.io. We also will upload your public and private key onto your profile.

Please note you will need an invitation code for registering an account, so just ask me for an invite.

Verifying your Keybase Identity

The following screenshots show you the process of verifying your Keybase identity through Twitter. The purpose of the verification is to provide assurance that the public key really belongs to you.

Importing Someone’s Public Key

Once the Keybase profile is ready, we are almost ready to send our first encrypted email.

Before doing that, we need to import your recipient’s public key from Keybase first. Locate a friend on Keybase and download his or her public key as below. Alternatively, download my public key from https://keybase.io/gszathmari and send me a message.

Sending the First Encrypted Email

Once the public key is on your keyring, open Thunderbird and start writing a message as usual. Notice the padlock icon on the toolbar, however. Make sure the padlock is on to send your first encrypted email to your buddy.

Sending your first encrypted email

Further Reading

Check out the following links and other materials for more information.

Slides

PGP and Keybase (CryptoParty Belfast)

PGP public key exchanging process is susceptible to MitM. Although built-in features exist to verify the authenticity of keys, but usability of PGP has always …

 

Links

Check out the CyrptoParty Handbook on the Wiki for other useful guides

EFF’s Surveillance Self-defense portal collects guides on using PGP, OTR messaging, Tor and similar technologies

Mailvelope is a browser extension that enables the exchange of encrypted emails using webmail services (e.g. Gmail, Yahoo! Mail, Outlook)

Cover image courtesy of Kraftwerk

Gabor

Gabor Szathmari is a cybersecurity expert and digital privacy enthusiast. In his professional life, Gabor helps businesses, including many small and mid-size legal practices, with their cybersecurity challenges at Iron Bastion.