Security

How to manage multiple GPG keys in Thunderbird

When you have multiple email accounts and each one has a different encryption key, find out how to assign the right key to the right address in Thunderbird.

keyshero.jpg
Image: Jack Wallen

If you're using Thunderbird, chances are you have more than one account associated with that open source email client. If so, and you're using the GPG plugin Enigmail, you might have come to the realization that each of those accounts are, mysteriously, using the same OpenPGP key—or worse, the wrong key.

This behavior is fine if you aren't particular about what key goes where, but anyone that has gone through the steps to add key signing to email tends to be particular about their security and wants to ensure the right key is signing the right address. So how do you manage this?

It's quite simple...once you know exactly where to look. I'll show how to set specific keys for specific addresses. I assume you've successfully imported your keys into Thunderbird and signing and encryption is working well. With that said, let's assign keys.

SEE: Encryption Policy (Tech Pro Research)

Location, location, location

Since you've added Enigmail to enable encryption for Thunderbird, you might assume the means to associate a specific key to an address would be in Menu | Enigmail | Preferences but that assumption would be incorrect. In order to assign a key to an address, you must go to Menu | Preferences | Account Settings | ACCOUNT | OpenPGP Security (ACCOUNT is the name of the account you want to configure).

In that window (Figure A), it is possible to configure how OpenPGP works with your account.

Figure A

Figure A

Thunderbird has probably already set a key, but it might not be to your liking.

You'll most likely see that Use Email Address Of This Identity To Identify OpenPGP Key is enabled. In some cases, this will correctly select the key for that address; however, I have found this isn't always accurate, especially when you have imported multiple keys. Instead, I always click the Select Key button and then, from the key selector (Figure B), enable the correct key.

Figure B

Figure B

Selecting the proper key for your email address.

At this point, you can enable different features for each email address. In this windows, you can, for example, set up one email address to always automatically sign but not encrypt outgoing email and set up another email address to sign and encrypt all outgoing email. If you click the Enigmail preferences, you can get even more granular with your per-account encryption settings and even back up and restore your encryption keys.

That's all there is to it

You've successfully associated a specific OpenPGP key to a particular email address. This isn't a challenging task, but it's one that will save you time and avoid too much hair pulling.

The security of your data is important, so why not take the time to protect the information you send out via email with a level of specificity warranted by your needs?

Also see

About Jack Wallen

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website jackwallen.com.

Editor's Picks

Free Newsletters, In your Inbox