Secure Thunderbird with a LUKS Encrypted File Container

This tutorial will cover how to setup a LUKS encrypted container, moving Thunderbird’s profile to that container and then most importantly, mounting that container upon login so Thunderbird doesn’t freak out.

First, to setup a LUKS container, follow these steps laid out here:

Close Thunderbird and move your ~/.thunderbird folder to the LUKS mounted folder. Create a symlink to the mount point. Mine is:

ln -s /mnt/tbird/.thunderbird ~/.thunderbird

Once you have a functioning LUKS container (should be at least 2GB), we’ll need to create two scripts: a wrapper script to initiate elevated privileges and the mount script.

Wrapper Script

    1. Create a file called and chmod +x it.
    2. Open the file in your favorite text editor and put:
      echo "Please Enter Your Account Password: "
      su -c /home/username/Startup/ root


Mount Script

  1. Create another file (use the path in the above script or modify the script)
  2. Paste the following into it:
    read -s -p "Enter LUKS Container Password: " pwd
    echo $pwd | cryptsetup luksOpen /home/username/tbird volume1
    if [ $? == 0 ]
        mount /dev/mapper/volume1 /mnt/tbird
       echo "Bad Password!"
    exit 0
  3. In the above /home/username/tbird is the path to my encrypted LUKS container and volume1 is the dev mapper name I give it.

Now, for the fun stuff, getting Ubuntu to run this on login:

  1. Navigate to Startup Applications, and add a new one.
  2. Name it whatever you please
  3. In the command box:
     gnome-terminal -e /home/username/Startup/
  4. Save and restart

If all goes well, upon logging in, a terminal will open prompting you for your account password to run the script as root. Then it will ask you for the LUKS password.

Make sure you go into Thunderbird and set a Master Password.

Leave a Reply

Your email address will not be published. Required fields are marked *