End-to-end Encryption for Email

Privacy is important to everyone. End-to-end encryption is a tool to protect our privacy, especially useful when you live in a country where the government wants to know everything about you and censor every word you say.


Thanks to the great open source world, we have Thunderbird with native support of end-to-end encryption. The latest Thunderbird has integrated OpenPGP to support end-to-end encryption.

First, I need to add my secret key to my account in Account Settings.

After creating the key with GPG, I can export the private key by:

$ gpg --armor --export-secret-keys KEY_ID > private.asc

By adding it to Thunderbird, I am able to decrypt messages sent to me.

Now send the public key to a key server:

$ gpg --send-keys KEY_ID

A friend should be able to find my public key and send us an encrypted email.

To send an encrypted email to a friend, I need to enable Encrypt in the Write window, and let Thunderbird find the public key. If any, the email will be encrypted and only me and the friend can access the content.

The amazing part is, the email is encrypted and decrypted in Thunderbird, so it doesn't depend on email providers at all. In other words, we can enjoy end-to-end encryption with any email provider as long as it supports IMAP/SMTP.

However, encryption prevents us from accessing the email content outside Thunderbird. So the webmail will no longer work. This is a tradeoff for privacy.

K-9 Mail

The encryption protect our privacy but also block normal apps from reading the emails. Fortunately, we have K-9 Mail for mobile.

Just follow its guide and import my secret key, then K-9 Mail will be able to show the encrypted emails.

How It Works

Basically, we encrypt an email with a public key and only who has the corresponding private key can decrypt it. The whole process is powered by clever mathematics.

I don't want to dive into the concepts much, so let's take an example.

Jet wants to send me an email. Now I have a pair of keys, a secret or private one which I will never share with others, and a public one that is published to key servers or my personal website.

So Jet can easily get my public key by searching on the key server or download from my website. Then he encrypts the email with my public key and sends it through an email provider.

Even if someone get this email, or the email provider who has this email on its server, cannot read the content because it is encrypted with my public key.

Anyone who has the secret key -- which is supposed to be only me -- can decrypt it. So I should never ever share my secret key with anyone. On the other hand, if I lost my private key, I will not be able to access this email, either.

If I want to send an email to Jet, I need to obtain Jet's public key too.

Why Privacy Is Important

In some countries where people get used to having no privacy, they start to think it is normal. Sometimes they defend the censor by "why do you need privacy if you are not going to do something bad". I'd say it's terrible.

As an individual we should be able to control what we have and what we are willing to share with others. Besides that, we can only feel safe if we have privacy and have the freedom to speak.

Find My Public Key

From the key server or with the command below:

curl -fsSL https://gera2ld.space/gerald.pub

© 2023