Pretty Good Procedures for Protecting Your Email
UPDATE: Enigmail and GPG Tools have been patched for EFAIL. For more up-to-date information, please see EFF's Surveillance Self-Defense guides.
A group of researchers recently released a paper that describes a new class of serious vulnerabilities in the popular encryption standard PGP (including GPG) as implemented in email clients. Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email. See EFF’s analysis and FAQ for more detail.
Our current recommendation is to disable PGP integration in email clients. This is the number one thing you can do to protect your past messages, and prevent future messages that you receive from being read by an attacker. You should also encourage your contacts to do the same.
- Disabling PGP integration for Thunderbird
- Disabling PGP integration for Apple Mail
- Disabling PGP integration for Outlook
If you have old emails you need to access, the next thing you can do is save old emails to be decrypted on the command line.
- Exporting PGP-encrypted email from Thunderbird
- Exporting PGP-encrypted email from Apple Mail
- Exporting PGP-encrypted email from Outlook
Methods for reading encrypted email on the command line vary between operating systems, so separate instructions are needed. The instructions linked above for disabling the plugin from your mail client leave your PGP keyring in place, so you will use the same passphrase when prompted.