Send encrypted email with disroot account via Thunderbird

Hi there

I did everything according to this - https://howto.disroot.org/email/email-clients/desktop/thunderbird

However, when I create a new email from Thunderbird and then hit Security/Encrypt I get a prompt saying ‘you need to setup one or more personal certificates …’ then I say Yes, and then under Security settings for my disroot account Digital Signing and Encryption. For both of those I hit Select but then a prompt says Certificate Manager can’t locate a valid certificate to digitally sign msgs from xxx@disroot.org.

I guess I just need to hit ‘Import’ under ‘Your Certificates tab’ in the ‘Certificate Manager’. Then I can browse to the certificate file and that gotta be it, I guess. But where do I download the needed certificate? And is there a hands-on how-to for all this for ppl with a little less experience?

Thanks in advance for your awesome guys and gals :slight_smile:

Hi there,

Writing a proper howto on email encryption is something hanging on our todo board for quite while now, and hopefully soon we’ll scrape some free time to complete it.

Basically in order to send encrypted emails you need to use GPG.

Below you have few links to howtos that might be helpful:

https://support.mozilla.org/en-US/kb/digitally-signing-and-encrypting-messages
https://riseup.net/en/security/message-security/openpgp/enigmail
https://enigmail.wiki/Quick_start

If you have questions or something isn’t clear, let us know, and we’ll try to guide you through, maybe in this way we’ll collect enough material to put a howto together :slight_smile:

1 Like

Thank you for the prompt reply! Appreciate your effort! I went through the links quickly.

Just 1 thing to ask - If I send an encrypted email from Thunderbird using my disroot account to a pal using Gmail for example (which offers no encryption whatsoever) will my email still appear as encrypted if someone (say Google) was to intercept it? This then begs the other question of what my pal on Gmail would be able to see from my email. I assume he/she will not be able to see anything past the encrypted text (which is just scrambled numbers and letters).

Might be noob stuff here, but I’m speaking off my little knowledge on e2ee using android apps, where in order to have e2ee msg exchange both parties had to exchange the encryption key.

Yes it will be encrypted.

In order for him to decrypt the email he too has to have gpg/pgp installed. In fact in order to encrypt an email to him, you first need to have his public key. So yeah you need to exchange your public keys if you want to send eachother encrypted mails.
Here is a simple video explaining how gpg works:

If he’s not using a mailclient such as thunderbird, and rather wants to use webmail, you need to install an browser extension such as https://www.mailvelope.com/en
Here’s a video explaining how to set it up:
https://www.youtube.com/watch?v=Ro3MSBS9w-A

2 Likes

Thanks! The guy from the video you posted in your first reply says this - https://youtu.be/hy3_duCVogY?t=151 (this is a direct link where he says it… Basically prefer POP instead of IMAP as POP does not store messages on server. So I went on and did this upon creating the account - https://imgur.com/a/Q1cRH and it seems to have worked. I guess that’s also sth to include in your tutorial (if ofc what the guy said still holds true).

Moreover, though he says POP does not store msgs he then says to go under Account - Server Settings - Server Settings - uncheck Leave msgs on server. That puzzled me but I guess it’s also gotta be a part of your howto. Doing that meant the following - if my Thunderbird client is off and I sent an email to myself and open that email in disroot’s web client then the email is there safely. Then, as soon as I launch Thunderbird, it syncs, and it too shows me that very same email. However, the email is no longer present in disroot’s web client. It only stays in my local Thunderbird client. Uncheck ‘Leave msgs on server’ must be the cause of that. This might be a desired behaviour but might also cause some nerves. Just something to lookout for :).

Indeed we’ve enabled POP after the initial howto was written therefor it’s missing. I’ve made a ticket on our issue board to remember about updating it.
Also if you, or anyone feels like contributing, feel free to do so and help us writing tutorials. We should soon have a basic howto on using git (what we use as a version control for howtos), but even now you could just send us email or post it here on the forum.

1 Like

Do you plan on making your own wiki?

We already have at https://howto.disroot.org It’s hooked to a git repository to which you can submit pull requests (need to make a simple howto on that).

1 Like

For Mobile Clients on Android I see you have a howto for K9 Mail here - https://howto.disroot.org/email/email-clients/mobile/androidk9

I use, and many others I believe, AquaMail. Is the k9 howto applicable for AquaMail as well and if not would you consider doing one for it as well?

Yes pretty much all mail clients setup is the same on all platforms. if you just follow the main settings
https://howto.disroot.org/email/email-clients

Though we do want to cover as much clients as possible just to make it easy for people. However we highly count on help from the community. We are just two people and covering all possible mail clients is not possible.

1 Like

Alright, well I setup my disroot email in AquaMail as POP3 following the guidelines in the last link you supplied. Also, on my desktop in Thunderbird I edited the ‘Server Settings’ for the disroot account and enabled ‘Leave msgs on server + Until I delete them’. Then I sent myself an email and I opened and viewed this email from 3 places - 1. the disroot webmail (https://cloud.disroot.org/index.php/apps/rainloop/), 2. ThunderBird on my Win7 desktop, 3. on my android AquaMail app. The problem is that If I delete the email from either place, then the email remains in the other 2 location. So somehow it doesn’t sync changes.

What did I do wrong or is this expected behaviour of POP3? Both in ThunderBird and on AquaMail I setup the disroot account as POP3. Thanks in advance! Appreciate your help!

When you delete email from the server it will remain on all mail clients you have previously opened (downloaded) the email to. POP3 does not sync your mailbox in they way that if you delete an email from the server it will reflect that state on all mail clients.

1 Like

Alright, so that’s the difference between IMAP and POP3 then. I get it, thank you! Sorry for the nooby stuff.

Pretty much

Dont ever be sorry for asking. :slight_smile: I like helping out, and thanks to this thread you also helped others who might have similar questions.

1 Like

Sorry i’m blind when it comes to navigating a website especially when it’s not obvious.

@mushmouth - but what’s not obvious? I asked some questions and muppeth couldn’t have answered them clearer.

No the link to the howto guide/wiki page

muppeth redirected you to https://howto.disroot.org/ … from there, as he said himself, pretty much all mail clients setup is the same on all platforms, just follow the main settings here
https://howto.disroot.org/email/email-clients. So you either go for the IMAP or POP setup, if your email provider even offers either of those, and then that would be your incoming server. The SMTP is the outgoing one. With those guidelines I setup my disroot account on Thunderbird firstly as POP and then as IMAP. Hope that helps you.