Mastodawn

When @Thunderbird: Free Your Inbox decided to drop Enigmail, I was not happy. The idea that I would have to import all my keys into Thunderbird (which runs on several machines), including my private keys, felt like a kick in the .... well, you know.

But I found a way to make Thunderbird use GnuPG after all. No private keys in Thunderbird anymore. If I sign or decrypt anything, my GPG-agent will kindly ask for the key. Unless of course it's already there because I signed some git commits earlier 😎

I wrote this about it:
#^https://codeberg.org/woefdram/Documentation/src/branch/main/thunderbird_gnupg.md

#PGP #Thunderbird #Enigmail #privacy

Documentation/thunderbird_gnupg.md at main

Documentation - Documentation of all kinds.

Codeberg.org

Gharbeia, Ⓐ Dec 12

@thunderbird should at least open a path to allow us to replace their OpenPGP implementation, RNP, with other implementations, like @sequoiapgp's Octopus.

Integrating #Enigmail was not seamless. Functionality was lost, including #GnuPG's keyring and trust model. (e.g.: https://bugzilla.mozilla.org/show_bug.cgi?id=1732074)

They may have their rationale on which they made these decisions, but the negative effect on the usability of Thunderbird+PGP for those who have them for many years is real.

1732074 - Allow the use of user's PGP keyring

RESOLVED (nobody) in MailNews Core - Security: OpenPGP. Last updated 2025-01-18.

Show thread

Martin Geisler Oct 19

@alrs @aria The #PGP private key is encrypted with your (hashed) password: https://proton.me/support/how-is-the-private-key-stored before being uploaded to Proton's server. This is how you bootstrap on a new machine!

You can export (https://proton.me/support/download-public-private-key) or import (https://proton.me/support/importing-openpgp-private-key) the keypair as you like.

#Proton is "just" doing what people have been doing for decades with things like #Enigmail. I used #Gnus for #Emacs some 20 years ago for the same thing 😄 The achievement of Proton is to make this seem easy!

How is the private key stored? | Proton

Proton Mail private key is stored encrypted on your browser using your mailbox password. Learn more about your private key.

Proton

Gemischtwahnladen Jul 12, 2025

Wollte grad (nach Jahren) mal wieder ne #PGP-Verschlüsselung für meine Mails einrichten. Nun hat #Thunderbird ja inzwischen #GNUPG und das sieht ja auch alles ganz toll aus, aber was mich als alter #Enigmail User irritiert, ist das Ding mit der (fehlenden) Passphrase. Also wie ich das verstehe wird die ja (für alle Mailaccounts!?) ersetzt durch das Thunderbird-Masterpasswort. So weit so naja... Aber würde die Mails auch weiterhin gern auffm Handy abrufen (#K9). Da gibts dann n Addon, soweit hab ich das schon gesehen, aber ist dann das Masterpasswort auch da meine Passphrase? Danke schonmal für Tipps...

Show thread

Kevin Karhan

May 7, 2025

@rakoo @delta @cy @thunderbird

It is a good tool because it allows for self-custody of keys.

Also by that notion manually setting up an eMail account is also complicated for anything that Thunderbird can't autoguess or doesn't have in it's database.

Shure that isn't an excuse for #Thunderbird to not deliver sane defaults and handhold users asking them at account creation/import if they want to create/import a keypair and/or wish to automatically activate it.

Same with pulic keys: #Enigmail used to have the nice feature to automagically attach the Pubkey to every eMail and to automatically sign and encrypt them. In fact I have this preconfigured to the point that any non-encrypted eMail requires me to manually confirm stuff.

I don't "belittle people for not knowing how to use gpg" but instead acknowledge the lack of #TechLiteracy as a matter of facts because most people got groomed into being consoomers and into ignorant users.

It's not their fault, it's decades of failed education and awareness that now demand compound interest like credit card debt.

rakoo (@[email protected])

@kkarhan I'm sorry but no, gpg in @thunderbird doesn't "just work". You need to manually create a key with the 16 clicks and technical chops that go with it, you need to understand the settings, y...

Show thread

Kevin Karhan

May 7, 2025

@rakoo @cy yeah, tho @thunderbird nowadays has #OpenPGP / #GPG - support built in ( #Enigmail ) and that just works.

But @delta / #deltaChat does make things way easier for "#TechIlliterate #Normies" and provides them with a familiar #UI & #UX from other #Messengers whilst also not requiring "yet another #server / #service" to be spun up, which is a major no-no in many organizations, espechally #businesses.
Whereas DeltaChat using #eMail as it's backbone infrastructure works fine, and that is an important point for it like #business use [i.e. #Germany] where all business communications have to be archived for at least 10 years for tax auditability reasons, and the whole #MailArchival issue has been "solved" by multiple providers and solutions so it makes sense to just do a +chat suffix, filter said messages and have them in the same #inbox as all other eMails.

I just wished #Thunderbird would also support displaying such chats similar to deltaChat to provide a #unified experience across platforms...

Kevin Karhan

Apr 4, 2025

@JessTheUnstill @bohwaz @punkfairie @ajsadauskas @tomiahonen @fuchsiii

Granted, @tails_live @tails / #Tails and @torproject / #TorBrowser are propably one of the best & most battle-tested options that are useable for #TechIlliterates...

OFC #OpenBSD + #LynxBrowser forced through #Tor would be more #secure (on paper) but we can all agree it's neither feasible nor practical to expect "#Normies" to work within a 80x25 TUI and learn #BSD.

THAT'S NOT GOING TO HAPPEN!

If not for being absurd then for the fact that people need to get things done!

And it's not as if I haven't taught people how to get started, ranging from having to crash-course someone remotely via chat to hand-on #CryptoParty sessions: If it's way more complex than an AKM chances are people won't stick with it!

So you can imagine how glad I was when @thunderbird merged #Enigmail into #Thunderbird so there's no more fiddling around getting #PGP/MIME to work!

Lord Of War - AK 47

YouTube

Zeroday Podcast (sven)Apr 2, 2025

Bin gerade durch einen Hörer drauf aufmerksam gworden, #Enigmail supported nicht mehr #Thunderbird, obwihl es dafür entwickelt wurde. Weiss jemand mehr dazu? https://enigmail.net/index.php/en/

Enigmail - A simple interface for OpenPGP email security

Delta Chat Feb 14, 2025

@sardon not that we know off. As far as we know thunderbirds current extension model does not allow even an #autocrypt compliant plugin let alone all the rest that delta offers. #enigmail used to offer full autocrypt support but when thunderbird changed the plugin model and integrated openpgp into thunderbird they went back to the old idea of "users have to consciously manage their encryption keys" ... An unfortunate old tradition. We aim for modern usable security like signal delivers.

Gharbeia, Ⓐ Jan 18, 2025

Did you know that #Thunderbird, after having integrated #OpenPGP functionality into the core, thus obsoleting #Enigmail, now imports your user's #PGP keyring into its own store, effectively forking it, leaving you with two separate keyrings to manage!

The developers say they won't change that:
https://bugzilla.mozilla.org/show_bug.cgi?id=1732074

1732074 - Allow the use of user's PGP keyring

RESOLVED (nobody) in MailNews Core - Security: OpenPGP. Last updated 2025-01-18.