OpenPGP in Thunderbird for Android - How To

Thunderbird for Android Thunderbird for Android Voaforona: 1 day, 15 hours ago

Thunderbird for Android does not have built-in encryption capabilities. Instead, it uses an external Android application called OpenKeychain.

Install OpenKeychain and select it as a Crypto Provider

You will need to install OpenKeychain if you have not already and enable it in Thunderbird for Android.

  1. Install OpenKeychain from wherever you get your Android apps e.g. Google Play or F-Droid.
  2. Open Thunderbird for Android. Tap the application menu > Settings gear icon gear icon
  3. Tap the email account for encryption under Accounts e.g. tap jane@example.com to set up encrypted email for jane@example.com > tap End-end encryption.
  4. Slide Enable OpenPGP support to the right. You will see that Configure end-to-end key is now enabled.

Select an encryption key or create a new key

  1. Tap Configure end-to-end key.
  2. A screen from the OpenKeychain app will appear:
    tb-android8-pgp-openkeychain-popup
  3. Tap This is a new address to create a new key or Tap I already have a key if you already have created or imported a key.

See the OpenKeychain website for more information on creating and managing keys.

Sharing your key with others

Before you send someone an end-to-end encrypted email, you need their public key. They also need your public key.

Some ways to exchange public keys include:

  • meeting in-person (the OpenKeychain application has a convenient interface for mutual key exchange).
  • downloading from the recipient's personal website.
  • relying on the Web of Trust whereby you trust somebody else's word that a public key is valid.
  • downloading the key from a KeyServer (but note the warning on that page about needing to verify the authenticity of keys).
  • using Autocrypt, which includes your key in the header of every email that you send. This is not supported by all mail clients.

Share your key using Autocrypt

K-9 Mail supports the Autocrypt protocol, but it needs to be enabled in the End-to-end encryption settings page:

  1. Tap the application menu > Settings gear icon gear icon
  2. Tap the email account for encryption under Accounts e.g. tap jane@example.com to set up encrypted email for jane@example.com > tap End-end encryption.
  3. Tap Autocrypt mutual mode and tick the box in the popup > tap OK:
    tb-android8-autocrypt-mutual-mode-popup

How to send a signed and encrypted email

If OpenKeychain knows the PGP keys of the receipients, then you will be able to send an email that is signed and encrypted.

  • When composing e-mail after OpenKeychain has been set up, a new padlock icon appears in the top right of the composition screen:
    tb-android8-padlock-unlocked.png

(If the icon does not appear, it means that OpenKeychain does not know the PGP keys of any of the recipients).

  • Tap the padlock icon to enable encryption. Once you tap the padlock icon, it turns green:
    tb-android8-green-padlock-locked

Nanampy ve ity lahatsoratra ity?

Andraso azafady…

These fine people helped write this article:

Illustration of hands

Volunteer

Grow and share your expertise with others. Answer questions and improve our knowledge base.

Learn More