As convenient as email is, many people don’t understand that emails typically are in “clear text,” meaning that your messages could be intercepted as they move from server to server on their way to your intended recipient. In this age of identity theft, this can be very risky. For example, if you’re emailing sensitive information like financial statements, a bad person could steal your information. Once in the wrong hands, they could create a real headache for you.

Fortunately, it is not difficult to protect yourself from this scenario. You can encrypt your email, that is, encode your messages (and attachments) to protect them from being intercepted, using a combination of a Gmail account and GnuPG, plus some additional software. GnuPG makes the process work through the use of public and private key pairs. Basically, you create your own public/private key pair, then exchange public keys with anyone you’d like to communicate with securely (more on that below). As the name suggests, the key pairs work together: you encrypt a message using a recipient’s public key, then the recipient decrypts the message using their private key. More specifically, you decrypt messages using a passphrase that you specify during the key pair creation.
We’ll look at two ways to accomplish this. In either case, you will need to install GnuPG (or, as Irongeek suggests, GP4Win).

Option 1: Browser-based (Gmail + Gpg4Win + Firefox + FireGPG plug-in)
Irongeek produced an excellent tutorial which demonstrates exactly how to set this up. One downside is that it’s a little less convenient to use this browser-based solution because you’ll need to click a few more times to accomplish what you can do more easily with option 2.
Option 2: Email-client based (Gmail + GnuPG + Thunderbird + EnigMail plug-in)
This option requires only a couple of more steps to setup than Option 1, but one reason to consider this is if you prefer the look and feel of an email client over Gmail’s web browser interface. Let’s go over how to set this up.

Gmail POP Forwarding: POP Download must be turned on for Thunderbird to properly communicate with your Gmail account. To make this one-time change,

  • Log into your Gmail account through a browser
  • Click on “Settings” in the upper-right of your screen
  • Click the “Forwarding and POP/IMAP” tab
  • In the “POP Download” section, choose either option under “1. Status…”.
  • Optionally, you may change the “2. When messages are accessed with POP” setting to delete or archive messages for that account. By leaving this setting at the default “Keep Gmail’s copy in the Inbox,” this acts as a backup for received mail.
  • Click “Save Changes”.

    • GnuPG: Download the command-line version (scroll down to the “Binaries” section and choose the link next to “GnuPG 1.4.9 compiled for Microsoft Windows.” Install it, and you’re done with this step. (Once the EnigMail plug-in is installed, you’ll create your keys.)
    Thunderbird – Download and install this. Configure your Gmail account.

    EnigMail – Download it here, then install it as a Thunderbird plug-in per these instructions.

    1. Launch Thunderbird, and follow EnigMail’s instructions to create your public/private key pair.
    2. Publish your public key.
    3. Obtain your friends’ public keys. If they’ve published them to a key server (as you did in the previous step), you can obtain them there. They can also attach their public key to an email to your Gmail account, which you can then import (by right-clicking on the attachment) into your “keyring.”
    4. Encrypt (and optionally, sign) your emails, following these instructions.
    5. And of course, decrypt your emails using your passphrase.

    Backing up your keys

    You’ll want to back up the keyfiles that GnuPG creates so you’ll have them for either 1) when you’re hard drive crashes or 2) you want to migrate your encrypted mail setup to another computer. The files you’ll want to have backed up are: secring.gpg (your key pair), pubring.gpg (others’ public keys), and trustdb.gpg (your trust database). Follow these instructions to locate these files. For Windows users, these files are typically located in your profile folder in the AppData folder. For example, Windows XP would store these keyfiles here: C:\Documents and Settings\(User)\Application Data\GnuPG.

    Takeaway: Encrypted mail can help keep your email communications private and secure. Using one or both of these options (both of which use GnuPG to handle encryption/decryption) can help you accomplish this. Consider the options and try encryption for yourself today!