Thunderbird 78.x and enabling OpenPGP by default

Ben Bucksch ben.bucksch at beonex.com
Tue Jun 9 22:25:32 UTC 2020


On 03.06.20 11:04, Kai Engert wrote:
> On 29.05.20 12:33, TT Mooney wrote:
>> What about the use case of people saving GPG encrypted attachments 
>> (or email archives) out of Thunderbird? They won’t be able to decrypt 
>> them externally, I take it.
>
> You will have the ability to import your existing secret key into 
> Thunderbird (export from GnuPG with --armor).
>
> And also, if a user has initially created the secret key inside 
> Thunderbird, you will have the ability to backup/export your secret 
> key, and import it into GnuPG.
>
> Would that work for your scenario?


Hello Kai,

While a commandline would work for me, I don't think it would work for 
the majority of users. Most users never use the commandline. Any 
features available there simply don't exist for them. This applies to 
many of the Enigmail users. There are journalists, Amnesty 
International, and many others who need encryption, but are not deep 
into computers.

I think an import/export feature would be important. It doesn't have to 
be complicated technically. You could just invoke gpg on the 
commandline, run the export --armor command that you think the user 
should do, catch the output on stdout, and process it to import the keys 
into our / OpenPGP key store. And probably vise versa.

That would allow users to have a seamless and interruption free mail 
experience would be important. If not, the user might find herself in a 
situation where she cannot decrypt her own mail. Either because she uses 
K9 Mail on Android, or because she wants to decrypt old mail. Also, you 
are surely aware that the PGP world is particularly dependent on key 
continuity, and creating new keys for our users is about the worst thing 
we can do for the PGP ecosystem. So, key import and export are crucially 
important for the health of the system, from day 1. Once the user has 2 
separate keys, the mess is there, and it's difficult to undo. Alice has 
to eternally deal with 2 decryption keys, and the trust is shaken.

I think a GPG import/export feature is actually more important than a 
key management UI for OpenPGP. As long as you can only import the GPG 
keys and decrypt/verify and encrypt/sign mail this way, the user can 
already be productive, and mail exchange is not disturbed. If you create 
new keys, mail exchange is disturbed massively, and the user might still 
get mail that she cannot decrypt.

Instead of asking the user to make some simply commandline commands, I 
think it's a good time investment to implement that in software. 
Enigmail already has the path to the gpg executable, so you just need to 
invoke a shell command from JS and redirect stdout.




More information about the tb-planning mailing list