(my example uses the Debian based Kali Linux, found at www.kali.org)

You will need the following: DO NOT FORGET TO ACCESS THROUGH TOR ONLY!!!


Enigmail: Will be installed client side.

GPG: Is installed by default in Kali Linux and most other Linux distros
(Link: https://gnupg.org/download/index.html just in case)

Thunderbird: https://www.mozilla.org/en-US/thunderbird/

Make sure you check that you downloaded the right packages for your system!

After installing Thunderbird, boot it up. I personally recommend deselecting all of the default client integration to keep your use of the system as low-key as possible.

You will then be asked if you would like a new email address. Click "Skip this and use my existing email"

Now we will add a new account. I personally recommend a throwaway Google Account.

Enter your preliminary account details. At this point, Thunderbird should open up a menu for more advanced options. Google can sometimes be a bit screwy, so make sure it looks like this.

   Incoming Mail (IMAP) Server - Requires SSL

       imap.gmail.com

       Port: 993

       Requires SSL: Yes

   

   Outgoing Mail (SMTP) Server - Requires TLS

       smtp.gmail.com

       Port: 465 or 587

       Requires SSL: Yes

       Requires authentication: Yes

       Use same settings as incoming mail server

    

Full Name or Display Name: [your name or pseudonym]

   

Account Name or User Name: your full Gmail address ([email protected]).

   

Email address: your full Gmail address ([email protected])

  

Password: your Gmail password

After all that mess is complete, hit "Done". At this point, Thunderbird should start downloading copies of your emails. (If you've listened and used a throwaway address, there won't be many.) Try sending an email to another junk address you have. If it goes through, Congratulations. If it doesn't check your settings and try again. It will sometimes take a minute to go through.

Enigmail is an add-on to Thunderbird. To install it, click the menu button (top-right for me) and go to the add-ons menu. You should be taken to the Add-ons Manager. Search for "Enigmail." It should be the first to show up. Click install. After installation is complete, Thunderbird will ask to restart. Click "Restart Now"

When Thunderbird restarts, a new window should pop up that will start the set-up process for enigmail. Select "Start setup now" I find the defaults Enigmail recommends to be adequate, but different security levels are possible. This guide assumes you select the standard configuration. Click "Next".

Now, Enigmail will ask you for a password to protect your private key. Please, please, please use a strong password. Enigmail will now generate you a new key pair (public and private). This task will take a while to complete and I recommend browsing around your OS, trying new tools and discovering new things. Not only is this a great way to become see some new tools but it also refreshes the Key Generation Pool, which will give you a much stronger PGP key.

After this is completed, a window will open asking you to create a revocation certificate. If you lose the key or get hacked, this is a simple way to say you no longer trust that key. It will also invalidate the key, so be careful with it. You will be asked to re-enter your earlier password, then click OK. A window will open to save it somewhere on your computer. I personally recommend keeping the revocation certificate on a USB drive in a safe place in case you have your laptop stolen or lose access to the computer with the keys. Pick a location and save it.

CONGRATS! You have now successfully configured Enigmail! Ok, so now what? Well, now you have to socialize a bit. All decent hackers will have a PGP key or a more secure method they prefer. (I prefer Ricochet, but more on that later) Most of the time, once you make a friend in the community, they are more than willing to share their key because it covers their ass and yours. Some people have their PGP keys in their signature, or at a URL. I will cover three ways to get keys.
1. Emailed to you. If a friend in the community gives you their email address, they can attach their key to it for you to get. (it should be noted that these communications will be public, and should be innocuous.) If they do this, Enigmail will tell and give you a yellow bar that says "Import Key." You will get a confirmation window, click Yes and you should get the keys.

2. If someone has their keys listed in their signature, it will most likely send you to download a .txt, .asc, .pgp or .gpg. Once you have the file, open the Key Manager. Found at the Menu (top right) > Configuration > Enigmail > Key Management. After it opens, click File > Import Keys from File. Then select the file and import it.

I personally recommend the latter method for sharing my key around.

Now the rest is pretty self explanatory, if both parties have the others key(s) it will auto encrypt based on your key. This can be seen with the golden padlock on the top of the email. Whenever you receive an encrypted email, you'll be prompted to enter the password you entered with the key creation. Do NOT enter your email password.

And, that should be it. If I'm unclear on anything, let me know or update it yourself. Feel free to put it where ever you want.