Setting up autocrypt

software, security, pgp

Today I decided to try to setup Autocrypt for my email address. I use both Thunderbird and K9 email as clients, both support Autocrypt. The marketing of Autocrypt sounds great: automatic PGP encryption with any contacts that support it. This post documents my effort of setting up the clients so far. Neither client offers something like a ‘setup autocrypt’ button, I reckon setting up PGP first will unlock some options regarding Autocrypt.

Thunderbird Enigmail

As I can’t seem to continue, I aborted the attempt. I use Thunderbird 60, the latest versions Gnu Privacy Guard and Enigmail available as of today.


Setting up on K9 was not hasslefree either.


You can feel where this is going: a resounding downvote for the entire process. Although I’d like to believe I’m not clueless, I did not manage to setup PGP email encryption, and I do blame the software for being obtuse. I suppose it is entirely geared towards people working in organizations (formal or not) already intimately familiar with PGP. I also suppose I must have hit a bug in Thunderbird. The fact that the setup procedure has bugs in both pieces of software does not leave the impression of solidity however, and it feels a lot like the early Linux-days, where having the time and skill to troubleshoot was essential and seen as a rite of passage. Today I expect something different, and I now know why PGP has next to no adoption: only those who really care (for either personal safety or authentication reasons) can manage. I am proud to have converted my closest family to Signal, and I chose Autocrypt so that I might have a chance with them too, without forcing them to switch to third party providers (Tutanota, Protonmail, etc.). That is not going to happen however, because this is a process that even I cannot tolerate.

What’s next

Since the third parties mentioned are all siloed and/or require that you trust them because they hold your private keys, I don’t see any good way forward. Custom domains, which I think is an important component to being independently secure, cost money with all of them, and good amounts too. Only Tutanota has a reasonable price of 1 EUR/month where I could hook up my domain and send non-Tutanota contacts links to my encrypted message, which is fine on occasion but untenable as a matter of course.

So, I think I’ll check in on Enigmail with a new release to see if things were fixed. Until then I’ll continue to do what I’ve done so far: