After following this guide, you should be able to encrypt, decrypt and sign emails within Thunderbird, even with a smartcard.
This guide assumes you already have a GPG keyring or know how to set it up.
Install GPG Suite
Download and install GPG Suite from [here].
Install MacPorts and gpgme
Download and install MacPorts from [here].
Afterwards, open a Terminal and run:
sudo port install gpgme
Confirm with a yes, and let it do its thing.
Configure GPG in Thunderbird
Go to the preferences, scroll all the way down and open the config editor.
mail.openpgp.allow_external_gnupg and set it to TRUE
mail.openpgp.alternative_gpg_path and set it to
Configure GPG identity in Thunderbird
Go to the account settings, go to the end-to-end encryption tab, choose “Add key” and then “Use your external key through GnuPG”.
Tip: For email aliases, instead go to the alias settings, and go to the end-to-end encryption tab there.
Paste the key ID (the last 16 characters of your fingerprint, no spaces, no 0x or anything) into the field and hit save.
In the top menu, go to Tools > OpenPGP key manager.
Then, with that manager window active, File > Import public key.
Import your own public key. When asked, set it to “accepted”.
Important: Now restart Thunderbird for the changes to fully apply
f it still can’t find your key, and you’re using a detached key (for example for smartcards), try specifying the key ID of the signing key instead.
I had gotten this info from the Mozilla wiki, turns out this info is wrong (probably outdated). Use the main key ID.
n my case, decrypting and signing works, but encrypting when sending fails. But this is a start.
Use the main key ID.
Thunderbird is still not great for PGP, ever since they moved from supporting GPG+Enigmail to rolling their own PGP.
I run this blog in my free time, if this guide helped you out, consider leaving a tip for a coffee? (:
That’s all there is to it!