Setting up email with PGP encryption (Android and laptop)
Introduction
This guide is there to help you configure secure, encrypted, private emails using multiple accounts, PGP and advanced spam filters while being synchronized between your phone and your computer.
For this we're going to use Keepass (see precedent guide), Thunderbird, K-9 and OpenKeyChain (which is necessary to use encryption on K-9)
This guide is meant to be done after the Keepass guide because we'll use it to synchronize the passwords and keys with the phone
-
More details about Thunderbird
Thunderbird is really an awesome mail client that provide support to:
- Multi-account
- Easy encryption using PGP
- Really powerful mail filter mechanism to exterminate spam
-
More details about K-9
K9 is a mail client for Android that also support multi-account and encryption but doesn't support mail filters.
Setting up Thunderbird
You can install thunderbird from their website.
Once it's installed you can setup a new email account, in the process open the "manual setup" menu because the automatic one never works.
Here you can insert your information for your email provider. Here's some info for Gmail, Office 365 and Disroot.
-
Gmail
Incoming server settings:
Key Value | Protocol | IMAP | | Hostname | imap.gmail.com | | Port | 993 | | Security | SSL/TLS | | Authentication | OAuth2 | | Username | Your email address |
Outgoing server settings:
Key Value | Hostname | smtp.gmail.com | | Port | 465 | | Security | SSL/TLS | | Authentication | OAuth2 | | Username | Your email address |
-
Office365
Incoming server settings:
Key Value | Protocol | IMAP | | Hostname | outlook.office365.com | | Port | 993 | | Security | SSL/TLS | | Authentication | OAuth2 | | Username | Your email address |
Outgoing server settings:
Key Value | Hostname | smtp.office365.com | | Port | 587 | | Security | STARTTLS | | Authentication | OAuth2 | | Username | Your email address |
-
Disroot
Incoming server settings:
Key Value | Protocol | IMAP | | Hostname | disroot.org | | Port | 993 | | Security | SSL/TLS | | Authentication | Normal password | | Username | Your email address |
Outgoing server settings:
Key Value | Hostname | disroot.org | | Port | 587 | | Security | STARTTLS | | Authentication | Normal password | | Username | Your email address |
Setting up encryption in Thunderbird
Once your accounts are configured you can click on each of them, then go in their End-to-End encryption settings.
There you can click on Add Key and create a new one unless you already have one to import. You can set "does not expire" and change the keytype to ECC.
Once your key is ready you can click on it to publish it to a keyserver, that way other people who want to contact you will be able to encrypt their messages without you having to send them your key.
Finally, you can click on the "More" menu to Backup secret key to file. There you can choose a password (generate one using Keepass) and store it on the device.
Finally in your keepass entry, add that file into the attachement then remove it from your disk.
Using the Thunderbird key elsewhere
To use the PGP key for other purposes than emails, you can import the file in GPG using the following command:
gpg --import <path to .asc file>
If you wish to do this graphically you could also use the Kleopatra software.
Setting up K-9 mail
You can install K-9 and OpenKeyChain (necessary for encryption) from F-Droid and Play Store.
The setup on K-9 mail is very similar to the one on Thunderbird here.
You can then open Keepass on your phone and download the secret key(s) from earlier.
Then you can open OpenKeyChain and import that file in it. Once you did that, open the End-to-End encryption settings of the K-9 account and select the key you imported in OpenKeyChain.
Congrats, everything is done!
To use encryption, you'll need to search for the recipient's keys or import them in OpenKeyChain first.
Cleaning up your mailbox from spam
This is a process to create some filters in order to radically clean your inbox. From my experience it made me go from over 6000 emails to only 300 archived emails and 2 emails remaining in inbox. This should also decrease the amount of spam on the long term since all the usual spammers will get blocked automatically.
- Create a filter for Junk mail (you can leave it empty for now) and tick the box "any of the following". Configure the result of the filter to move the email in Spam or delete it
- Sort mails by correspondant and add every spammer into your address
book
- If a spammer uses several emails from one domain, you can add a rule such as "From contains facebook.com" to your filter
- If it's a multi-domain spam you can also create a filter (i.e "From contains noreply")
- Once you're done, create a new address book "Junk" and move all your new entries in it.
- Add a new condition "From is in address book Junk" to your filter. Then execute the filter.
- Now do the opposite add every friend to your addressbook
- Create a new addressbook "Friends" and move all your new entries in it
- Create a new filter such as "if From is in addressbook Friends then move email to archive" and execute it
- Archive the last emails you want to keep and delete the rest
- Create a new filter to auto-archive emails if their age is over 50 days
- Delete the Friends filter
- Your inbox should now be clean. If new undesired emails come in, either modify the junk filter or add it to the Spammer's list.