Thoughts on British ICT, energy & environment, cloud computing and security from Memset's MD
This is an addendum to my article on how to encrypt email using PGP and Thunderbird.
I have many email addresses; my Memset one, my personal one (at craig-wood…), my Wood Tech one and others. All of these are tied into just one PGP identity which makes life much simpler both for me and also people wishing to communicate with me; if you only have your PGP identity tied to one email address then if they try to send you an encrypted message to a different address (which actually happens more often than you’d think) they need to select the right identity from a list each time – very tiresome!
You can do this via Thunderbird’s Keychain Access widget (top ment -> “OpenGPG” -> “Key Management”) via the options accessed from right-clicking your own identity and selecting “Manage User IDs”. Personally I find it simplest to manage your personal key details via the command line however. The instructions should work equally well either way. Open up a terminal window and enter:
gpg --edit-key firstname.lastname@example.org
You are now on the GPG command line. To add a mail identity simply type “adduid” and hit enter. You will then be prompted for the following:
Next check the details and if you’re happy hit “o” (okay) then <enter>.
For some reason it shows the new identity as untrusted. I don’t think this step is necessary, but I also typed “trust” and selected “ultimate” (press 5 and hit enter) just to be sure. You should only ever trust yourself ultimately by the way! Even my brother Nick only gets “full” trust from me for example.
You can also add other useful identifying information to your PGP identity such as a picture of yourself. Not many systems seem to use this, but I’ve done it on mine since after all we mainly identify people via their faces. If you have my key in your keychain (my public key is here) then you’ll be able to view the photo associated with my ID by opening Thunderbird’s Keychain Access widget (top ment -> “OpenGPG” -> “Key Management”), right-clicking on my identity (kate at craig-wood etc) the selecting “View Photo ID”
To add a photo to your identity; enter “addphoto” on the GPG command line, then enter the filename of the image you want to use (you’ll need to enter the full path).
In this case it may well be simpler to just use Thunderbird’s widget since you get a nice file browser selection tool. Just right-click your own identity in the list, select “Add Photo” and browser to your chosen pic. Generally one clearly showing your face is a good idea; think passport photo style.
To apply the changes you need to “Save and Quit” from the GPG command line. To do this simply type “save” and hit <enter>.
Note that if you have used GPG on the command line to edit your key then you’ll need to restart Thunderbird to see the changes.
Also note that you can access help at any time from the GPG command line by typing “help”+<enter>.
You’ll likely also want to re-upload your public keys to a keyserver. You can do this from the command line but personally I find it a lot easier to do via GPG Keychain Access, the graphical interface under MacOS, or Thunderbird’s keychain widget. In either case right-click on your own key and select “Upload Public Keys to Keyserver” (or equivalent).
After doing this I started getting errors from Thunderbird when sending messages saying my key was out of date. This was actually a bug in the way the GPG agent handles passwords. The fix was quite simple, though time-consuming to find; just install the latest GPG Suite from GPGtools.org.