Thunderbird for Android does not have built-in encryption capabilities. Instead, it uses an external Android application called OpenKeychain.
Table of Contents
Install OpenKeychain and select it as a Crypto Provider
You will need to install OpenKeychain if you have not already and enable it in Thunderbird for Android.
- Install OpenKeychain from wherever you get your Android apps e.g. Google Play or F-Droid.
- Open Thunderbird for Android. Tap the application menu > Settings gear icon
- Tap the email account for encryption under Accounts e.g. tap to set up encrypted email for jane@example.com > tap .
- Slide Enable OpenPGP support to the right. You will see that is now enabled.
Select an encryption key or create a new key
- Tap .
- A screen from the OpenKeychain app will appear:
- Tap to create a new key or Tap if you already have created or imported a key.
See the OpenKeychain website for more information on creating and managing keys.
Sharing your key with others
Before you send someone an end-to-end encrypted email, you need their public key. They also need your public key.
Some ways to exchange public keys include:
- meeting in-person (the OpenKeychain application has a convenient interface for mutual key exchange).
- downloading from the recipient's personal website.
- relying on the Web of Trust whereby you trust somebody else's word that a public key is valid.
- downloading the key from a KeyServer (but note the warning on that page about needing to verify the authenticity of keys).
- using Autocrypt, which includes your key in the header of every email that you send. This is not supported by all mail clients.
Share your key using Autocrypt
K-9 Mail supports the Autocrypt protocol, but it needs to be enabled in the End-to-end encryption settings page:
- Tap the application menu > Settings gear icon
- Tap the email account for encryption under Accounts e.g. tap to set up encrypted email for jane@example.com > tap .
- Tap
How to send a signed and encrypted email
If OpenKeychain knows the PGP keys of the receipients, then you will be able to send an email that is signed and encrypted.
- When composing e-mail after OpenKeychain has been set up, a new padlock icon appears in the top right of the composition screen:
(If the icon does not appear, it means that OpenKeychain does not know the PGP keys of any of the recipients).
- Tap the padlock icon to enable encryption. Once you tap the padlock icon, it turns green:
How to send a signed and unencrypted email
Thunderbird for Android normally sends mails that are both encrypted and signed. You can also sign the message, which proves it was sent by you, but without encrypting it. This is sometimes useful ; e.g. in public mailing lists.
First, disable "Hide unencrypted signatures" for the account
- Tap the application menu > Settings gear icon
- Tap the email account for encryption under Accounts e.g. tap for jane@example.com > tap .
- Slide
Second, enable signed and unencrypted mode when composing email
When composing email, tap the vertical ellipsis icon
> tap option.The lock will add another icon to confirm you are only signing the message:
Tapping the icon lets you change back to normal end-to-end encryption mode.
Receiving signed emails in Thunderbird for Android
Receiving encrypted, signed emails in Thunderbird for Android
Thunderbird for Android will automatically use OpenKeychain to try to decrypt encrypted, signed emails with your key and check the signature. It will look like this:
Tap on the green lock icon to display information about the sender and recipient of the email.
Receiving non encrypted, signed emails in Thunderbird for Android
Non encrypted (i.e. plaintext), signed emails are in plaintext (and therefore world-readable). There is a checkmark icon and the email looks like this:
Tap on the checkmark icon to confirm that the message is signed, in plaintext (i.e. it's not encrypted) and display information about the sender and recipient of the email.