PGP Email Encryption in Thunderbird (Native OpenPGP)
If you have basic questions about PGP encryption, see here for more information.
Mozilla Thunderbird supports PGP/OpenPGP encryption natively since version 78. You no longer need Enigmail.
Step 1: Enable OpenPGP in Thunderbird
- Open Thunderbird and go to Menu → Account Settings.
- Select your email account (mail.ch) on the left.
- Click End-to-End Encryption.
- Check “Enable OpenPGP support for this account".
Step 2: Generate a Key Pair
- Click “Add Key" → “Create a new OpenPGP key for this account".
- Enter your name and mail.ch email address.
- Set a strong passphrase (needed to encrypt/decrypt emails).
- Click Generate Key. Thunderbird will now create your public/private key pair.
Step 3: Export Your Public Key (Optional but recommended)
- Go to Account Settings → End-to-End Encryption.
- Click Manage Keys → select your key → Export Public Key.
- Save the public key to share with contacts or upload to a public key server if desired.
Step 4: Sending Encrypted Emails
- Compose a new email.
- In the toolbar of the compose window, click the padlock icon to encrypt the email.
- Click the pen icon to sign the email.
- Thunderbird will prompt you for your passphrase when sending if required.
- The recipient must have your public key to decrypt the message.
Step 5: Receiving Encrypted Emails
- If someone sends you an encrypted email, Thunderbird will detect it automatically.
- Enter your passphrase to decrypt the message.
- If you do not have the sender’s public key, you cannot verify or decrypt the message.
Important notes:
- Always back up your private key and passphrase in a secure location (USB stick, external drive).
- You can also import public keys of your contacts via Tools → OpenPGP Key Manager → Import Keys.
- Thunderbird’s native OpenPGP ensures compatibility with other modern email clients supporting OpenPGP.
