GnuPG2 in thunderbird with Enigmail on Qubes 3.2

Let’s start generating some keys that do not expire. We can always revoke them, if neccessary instead. No need for expiration, if they are kept secure. All of this activity should be performed in ‘vault’, so the below is just for educational remembrance. Remember to create a revocation key that you put somewhere safe, just in case your machine get’s stolen or breached:

[user@untrusted ~]$ gpg2 –full-generate-key

Enter the passphrase for the keys, when done typing infomation.

The following is just for showing that we need to move the mouse, etc. to generate random data. It’s over, literally, in a second.

Get the fingerprint of the key:

[user@untrusted ~]$ gpg2 –fingerprint

So now we have a private and a public key stored in ~/.gnupg/

Be sure to ulpad to keyservers, if you are to use it to communicate with strangers.(searchable):

$ gpg2 –keyserver –send <keyid>

Also maybe send to and or whomever seems sensible.

Remember to generate the revoke certificate, just in case 🙂

$ gpg2 –output revoke.asc –gen-revoke  <keyname>

And if the stuff gets stolen, breached or whatever, you can revoke it locally with an import:

$ gpg2 –import revoke.asc

And remote revoke it by doing the following on all keyservers you submitted to

$ gpg2 –keyserver hkp:// –revoke <keyid>

We can use gpg2 to encrypt, sign and decrypt messages, but if we wan’t to use enigmail in thunderbird, we need to do the following:

Start thunderbird:

[user@untrusted ~]$ thunderbird

After setting up the mail account, configure the enigmail plugin, if we are comfortable using that:

Select the fast and easy setup…

It looks in the users .gnupg directory and asks if it’s ok, and I guess, yes.

Now, we can start signing and encryping messages 🙂