Howto: Create GPG keys and import into Thunderbird

If you want to create a new pair of a private and public key for signing and encrypting messages with Thunderbird using GPG (and not using the Thunderbird included way), follow these steps:

1. generate the new keypair with gpg. You’ll now get asked some questions. In most cases, the defaults are fine.
   I use a RSA key length of 4096 bits, and let it expire after 5 years.
   Also I give my key a strong password.

gpg --full-generate-key

2. verify, that the keypair has been correct created in your gpg keychain:

gpg --list-keys 

3. now we need to export the public and private key temporarily:

# export public key

gpg --output ~/mysecburg_pub.key --armor --export your@emailaddress.com

# export private key

gpg --output ~/mysecburg_private.key --armor --export-secret-keys your@emailaddress.com

4. import the generated keys into Thunderbird:

• click on your account
• select “End-to-end encyption”
• click “add key”
• choose “import existing OpenPGP key”
• select your exported private key-file from above
• now we also need to import the exported public key using the “OpenPGP Key Manager”.
  Use “File” -> “Import Public Key from file”, select the public key-file, click on “Accepted (unverified)” then “Import”. On the next screen, click on “View Details and manage key acceptance” to change the verification to “Yes, I’ve verified in person this key has the correct fingerprint”.

5. now choose, which identity in Thunderbird you want to use the new key on:

• right click on your account -> settings
• click on “more identities”, select your identity, and click “edit”
• click on the tab “End-to-end encyption” and select the imported key

6. don’t forget to delete the exported private key-file!

rm ~/mysecburg_private.key

7. now you can publish your public GPG key and start encrypting your mails. :-)

I’ve got some inspirations from this blogpost.

• Howto
• Thunderbird
• Gpg