Hello, Synaptic just prompted me to receive some updates, but it also told me it was going to remove Enigmail. Anybody understand why? I love Enigmail and see no reason to remove it. Is it getting replaced with something better?
This:
should explain it. (Thunderbird 78 has changed some underlying Mozilla framwork which causes enigmail to not work any longer, but has implemented gpg support which doesn’t use enigmail - you don’t need enigmail any longer).
Thanks, have you, or anybody else, made the transition? Did your old keys still work and how does the community at large feel about RNP over GnuPG? IIRC GnuPG has been maintained by like one guy forever and was broke, despite providing security for the whole world, or something like that. Who made RNP? Is it trustworthy? GnuPG has a long track record of excellence. This seems like a serious leap to me. Anywho, thanks again!
Sorry, I am not using Thunderbird myself, so someone else have to fill in the details.
Don’t tell me I have to drag out my ol’ STU-III ?
I have done it. For me, the biggest failing is that there is no equivalent to the ‘per-recipient’ rules. You either select encrypt to all or not. I need to always remember to whom I am sending and do extra work to encrypt. It also always seems to send the certificate. I have not found a way to turn that off when just signing; it annoys people.
The transition can be easy, but be careful. After you upgrade, before doing anything else, go to Tools->Enigmail Migration from the top toolbar. That will get all the keys and set things up. Because I do not use that toolbar and have it disabled, I did not do this on my first system, and it was painful. Also, backup your TB profile before upgrading. Otherwise, you cannot go back to 68!
Here is a link to a discussion. Here is a FAQ.
Read the FAQ. TB stores the secret keys, and the FAQ seems to suggest using a Master Password. I have not done this yet, because I do not need yet another step to send notes. I am transitioning away from this, so it may not matter to me in the long run.
I have to say, I prefer Enigmail immensely. I find the new implementation wanting to say the least.
Good luck.
2 Likes
I just made the transition and wrote up this PureOS wiki entry on how to move them into Thunderbird 78 (https://tracker.pureos.net/w/troubleshooting/tb78gpgkey/). Will have to use it to provide any usage feedback.
If you have your PGP/GPG keys on your Librem Key or something similar, then there is more work to be done. See: https://wiki.mozilla.org/Thunderbird:OpenPGP:Smartcards
1 Like
… and unless it has been fixed in recent versions, TB’s master password mechanism is relatively weak and obsolete, cryptowise. It is however still better than storing secrets in plaintext.
Would you mind saying what you are using? What email client these days looks the nicest and supports encryption?
I am using proton mail’s bridge with Mailspring, and while Mailspring doesn’t do encryption itself, it works with Bridge and so I can read and send encrypted mails that way.
@2disbetter - I use Claws-Mail (https://www.claws-mail.org/) - It does gpg encryption/signing just fine, but people might find it to have an dated look. (It hasn’t done a GTK2->3 migration yet unfortunately, but it seems to be in progress).
1 Like
Sorry, you’ve told me that before. Thanks again!
If the engine under claws is good, and it sounds like it is, then I hope it gets a paint job. Good software many times doesn’t look nice, and this unfairly stunts its adoption.
No worries!
I use a GPG smartcard (Librem Key) to decrypt emails, I had to do some steps to get it working with this new Thunderbird implementation, but got it to work.
Bellow is a list of the steps I took. This should work with other GPG smartcards as well.
NOTE: These steps where done in PureOS and I have the Menu Bar in Thunderbird enabled. So these steps might be a little different in other setups.
With this setup Thunderbird will use GPG and the smartcard to decrypt emails, but encrypting an email you send to someone else is still done via the new implementation that Thunderbird uses, so you still need import your Public Keys from GPG to Thunderbird as @Richard described above.
Make sure you have GPG and GPGME installed. If you already used a smartcard you should already have them setup up. If this is the first time you are setting this up them please make sure those two applications are installed.
To enable Email decryption with a GPG Smartcard:
- First we enable GPG in Thunderbird again
- Then tell Thunderbird with Key should be used to decrypt emails.
1. Enable GPG again
Go to the preferences page by selecting: Edit > Preferences
- At the bottom of the preferences page select:
Config Editor
- Press the
I accept the riskbutton
In the next page:
- Paste the following line in the search tool:
mail.openpgp.allow_external_gnupg - Then double click on the search result to change the setting from:
falsetotrue - After that close the window
And with this setting Thunderbird will now use GPG (and the Smartcard if you have one) to decrypt emails.
2. Select GPG key to be used to decrypt emails
To do this:
- Go to,
Edit>Account Settings
- Select the email account in question and then the option;
End-To-End-Encryption - Select the option to use an External GPG Key
- In the Text input field paste the Fingerprint of the GPG key you use in your smartcard.
- Press:
Save Key ID
Then it should look like this:
And after that you should be able to use your GPG smartcard (Libremkey, Nitrokey, etc.) again to decrypt emails in Thunderbird.
3 Likes