This page looks best with JavaScript enabled

Decrypt Thunderbird / pgp encrypted e-mail

 ·  ☕ 3 min read  ·  ✍️ T4r0

Summary

Since I’ve been working full time in IT sec I’ve been encountering really simple and small problems and challenges every day. These mainly have a 1-2 command solution, but since I have this blog, I’ve decided to post the solution process, maybe someone some day will find it useful. If not, it’s just great for me to have these somewhere on the internet so I can check it whenever I want.

The problem

When sending out pgp encrypted emails, one might have to decrypt these by hand. For me, this was the case since Thunderbird decided that it’ll not show one of my sent emails properly, and it was an email I had to check after sending it out, since it was super important. This is why I’ve decided to just decrypt the email by hand in a terminal.

Solution

First we need to somehow get the raw message data from the application, basically the one encrypted by us or our mail software, then stored locally. In Thunderbird, but also in most of the mail programs this can be done by viewing the message source.
Thunderbird view source
After opening this window, we need the part which starts with -----BEGIN PGP MESSAGE----- and ends with -----END PGP MESSAGE-----, we need all of these and everything in between, let’s save it to a file encrypted.txt.

Now we need to use the terminal and a package called pgpgpg, so install it if you haven’t already:

1

sudo apt install pgpgpg -y

Once this is done, we need to somehow get hold of our secret key which the message was encrypted with. This is quite simply extractable from Thunderbird by first pressing the Alt key in Thunderbird if you don’t have the menu bar at the top, then clicking Tools -> Open PGP Key Manager
Thunderbird view source
Once here, find your own e-mail address, click on it once, then go to File -> Backup Secret Key(s) To File. This action will ask for a password, use a strong enough password here because you are extracting your secret key part of your asymmetric key pair, and this password will be the only thing protecting this on your system. I’ve extracted this key as secret.asc and put it next to my encrypted.txt encrypted email message.

Almost done now, we jsut have to import the secret key to our pgp keyring by navigating to the folder where we saved everything in a terminal, then running

1

pgp -ka ./secret.asc

This should ask for your secret key password you just set recently.

The last step is decryption, run

1

pgp -d encrypted.txt

This should ask for a new filename where the decrypted message should be saved, I’ve set decrypted.txt.

All done! After this if you cat out decrypted.txt you should be able to see the message in its decrypted and human readable form!

Hope this helped!

Share on
Support the author with
T4r0
WRITTEN BY
T4r0
Penetration Tester