Saturday, December 20, 2008

GMail + Thunderbird + GPG solution

After quite a hiatus (nothing exciting, techie, and cool has happened lately) I finally have something useful ( to contribute to the blag-o-hyper-sphere: my solution to establishing a reasonable personal GPG infrastructure even while using Gmail as my primary email. I've searched quite a bit on integrating Thunderbird with Gmail and never found anyone providing a walk-through to view specific Gmail labels in Thunderbird so here's mine:

Tools used: an exiting Gmail account, Thunderbird with working Enigmail (which requires gpg to be installed and working, and preferably an existing key, for help with any of that see the Enigmail site as a starting point).

The idea is to use a Gmail filter to siphon away all encrypted messages to a special label ("encrypted" works well) which is monitored by Thunderbird (setup to use Gmail as an IMAP server, not POP which is the Thunderbird default for Gmail accounts) where Enigmail does all the heavy lifting.

Setup Gmail

Create a new label in Gmail for encrypted messages... again, "encrypted" seems reasonable to me but any label will do.

Create a new filter to go with this label. The filter I chose only specifies the "Has the words" field and the magic words are "BEGIN PGP MESSAGE". The actions I specified are "Skip the Inbox (Archive it)", Star It, Apply the Label: encrypted, and Never send it to spam.

Setup Thunderbird

Create a new email Account in Thunderbird: Provide your "Real Name" and Gmail address. Specify IMAP as your protocol and imap.gmail.com as the IMAP server and finally provide your "Incoming User Name" (i.e. foo if your email address is foo@gmail.com), and give the new account a name in Thunderbird.

Now do some Thunderbird house-keeping: Right click on the newly created account and choose "Properties..."

  • Under Server Settings specify SSL in the Security Settings box.
  • Under "Copies & Folders" and the settings for Sent Mail make sure you select the "Other:" radio box and navigate to Gmail's existing Sent Mail folder or Thunderbird will create a new label in your Gmail account called "IMAP/sent". I do the same for drafts but cannot for Trash. If somone has a hack for making Thunderbird use Gmail's trash folder I'd be interested.
  • Lastly, under "OpenPGP Security" check the "Enable OpenPGP support (Enigmail) for this identity" box and choose your OpenPGP key id appropriately.
Now, right click on the account and select "Subscribe..." In my case I only use Thunderbird locally for encrypted mail so unselect all folders (Gmail's labels) except encrypted.

You're done! Test by sending yourself an encrypted message (maybe from Thunderbird so you can verify the correctness of your Enigmail configuration) and you should be able to view the message within Thunderbird as well and see it encrypted in Gmail's web interface. Now encrypted mail can be read in Thunderbird and essentially ignored in Gmail. Clearly this doesn't help you read encrypted messages in the browser but that's risky to start with and compromises the entire intent of using GPG.

Happy encrypting!
Posted by at 1 comment:
Labels: , , , ,
Subscribe to: Posts (Atom)
Powered By Blogger