- Launch Thunderbird and connect to Damocles.
- Click on a message and configure Enigmail with the default options.
Form teams of two people, A and B. Steps for A:
- Open Kgpg and double-click on your key; take note of the fingerprint.
- Send an e-mail message to B including your public key
(Enigmail/Insert Public Key in the mail compose window).
- Wait until B asks you to check the fingerprint of your key.
- Send him a message signed by you.
Steps for B:
- Get the new mail from A.
- Look at the fingerprint of the received key and ask B if it is OK.
- If it is, add A's key to your keyring.
- Wait for the message from A and check that the message has a correct
signature.
Now I will send a forged email from my personal account. Is it signed? Can
you trust it, then?
Now I will tamper with a signed e-mail to see if I can alter its contents.
Does Thunderbird notice?