[conspire] using Thunderbird's new built-in Enigmail support with gnupg

Peter Knaggs peter.knaggs at gmail.com
Wed Feb 24 20:54:48 PST 2021


This was quite a puzzle to learn how to configure, it's explained a bit at
the following links, but the gist of it is that Thunderbird now expects you
to think of gpg as your "smart card" so that's how you get Thunderbird to
ask gnupg for the keys it needs:

https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq

https://wiki.mozilla.org/Thunderbird:OpenPGP:Smartcards

I think these packages need to be installed to get it working:

(on Debian) apt-get install libgpgme-dev
(on Fedora) yum install gpgme-devel

Then in Thunderbird, go into Edit -> Preferences
and type in "Config Editor" into the search box,
then once you're in the "Config Editor" search for
   mail.openpgp.allow_external_gnupg
and double-click it to change its value to TRUE.
The mind boggles as to why this isn't the default.

Then in Account Settings find:
  End-to-end Encryption
    press the [Add Key] button
      (.) Use your existing external key through GnuPG (e.g. from a
smartcard)
      Choose this even though you're not using a spartcard, it'll
      just contact the gnupg agent to obtain your private key.
    enter the key id exactly as shown by
    "gpg --list-keys username at example.com"
    It should give a long hex number (the ID of your public key),
   paste that into Thunderbird's key ID box.

Then exit entirely from Thunderbird, and restart it.
After that, it'll recognize any existing gpg-encrypted messages
and it'll pop up the gui to prompt you to unlock your gpg key to
decrypt the encrypted email message.

The documentation unfortunately steers unsuspecting
newcomers to import their public and private keys into
Thunderbird itself, but that approach seems to leave
them protected only by the "master password" (assuming
you've even set one) and doesn't seem to be a good idea.
So it seems that Thunderbird might be trying to lead the
unwary down the garden path of "insecure by default" ...

Cheers,
Peter.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/conspire/attachments/20210224/8ce17b3e/attachment.html>


More information about the conspire mailing list