All of the encrypted keys are then sent with the message. This is because no public or private keys have been involved at that point, making the encryption on the message person-agnostic.įor each recipient, the random key is encrypted using that person’s public key. The most efficient way to distribute a message to several people is to encrypt the message using the random key. Why not just use the recipient’s public key to encrypt the message? This would work for messages sent to a single recipient, but it would be too cumbersome for those sent to multiple people. The random key can then be used to decrypt the encoded message. The recipient’s email program uses the recipient’s private key to decrypt the random key. The random key is then encrypted with the recipient’s public key, and the encrypted message and key are then sent to the recipient. The sender’s email client generates a random key which is used to encrypt the message. Private keys can also be used to decrypt messages encoded with the matching public key. Public keys are shared with anyone to whom you want to send encrypted messages, whereas private keys are never shared with anyone else. To use OpenPGP, you must have a public and private key pair. OpenPGP uses the principle of pairs of public and private (or “secret”) encryption keys. It also lets you digitally sign a message so your recipient can be confident the message hasn’t been altered in transit. Then, only the people you want to read your message will be able to do so. Thunderbird’s OpenPGP integration allows you to encrypt a message. Based on the freeware versions of Phil Zimmerman’s Pretty Good Privacy (PGP), it’s now very much its own thing. Thunderbird uses OpenPGP for encryption, which is a free, nonproprietary protocol. This integration means you no longer need add-ons like Enigmail. Version 78.2.1 of the Thunderbird email client has support for end-to-end encryption (e2ee) built right in.