Sparks had an interesting post about Thunderbird email security. This reminded me of another technique I like which is to run Thunderbird and Firefox from an encrypted directory.  In addition to encrypting the data, Thunderbird and Firefox won’t start without the encrypted directory mounted.

Here is how to set it up on Fedora 12 and beyond (also works on RHEL with EPEL):

1) Install encfs

$ su -c 'yum install encfs'

 
2) Create an encrypted directory–all files copied here will be encrypted as long as you’ve run encfs and mounted the directory.  I’ve made the mistake before copying a bunch of data to what I thought was the encrypted directory only to find out later it was an empty mountpoint.  As a result the files were not encrypted and encfs complained the next time I tried to mount the encrypted directory.

$ encfs ~/.cryptdir/ ~/cryptdir/

 
Answer the questions and accept the defaults. This same command mounts the encrypted directory in the future.

3) Make sure the encrypted directory is mounted

$ mount | grep encfs
encfs on /home/bozo/cryptdir type fuse.encfs (rw,nosuid,nodev,default_permissions,user=bozo)

 
4) Make sure Thunderbird and Firefox are closed and not running.  Close them or kill the processes if they are.

$ ps -ef | grep -E 'thunderbird|firefox'

 
5) Move Thunderbird and Firefox files to the encrypted directory

$ mv ~/.thunderbird  ~/cryptdir/thunderbird
$ mv ~/.mozilla ~/cryptdir/mozilla

 
6) Create symlinks (shortcuts to the directory in the encrypted folder)

$ ln -s ~/cryptdir/thunderbird ~/.thunderbird
$ ln -s ~/cryptdir/mozilla ~/.mozilla

 
7) Start up Thunderbird or Firefox and make sure they work

To manually un-mount the encrypted directory

$ fusermount -u ~/cryptdir

 
You may also want to consider putting other important files in the ~/cryptdir as well.