PGP - On-demand unlocking your secret keys
Hello everyone,
I wonder how the secret key will be generated within the new native pgp integration. Cause I never had to set a passphrase, when I was once set up my mail encryption in the new thunderbird. When I tried to find information, how excactly Thunderbird would generate the secret keys, I could only find: "Thunderbird doesn't use on-demand unlocking (key passwords) of your secret keys," but nothing more in detail.
Can anyone please lighten me up? Why do I haven't use a passphrase anymore? And how my secret key will be protected then?
Thanks in advance, B.
Chosen solution
In order to transfer your data to another computer, simply copy over the entire Thunderbird profile - job done. http://kb.mozillazine.org/Move_to_a_new_PC
Alternatively you can export your private key. You'll be prompted for a new passphrase when exporting the key.
Read this answer in context 👍 1All Replies (6)
Thunderbird uses a randomly generated passphrase which itself is protected by the master password (now called primary password). So for your private keys to be protected in the first place you'll have to set a master password. To verify the private keys are indeed protected, check the error console (Ctrl-Shift-J) and look for something like
Found 52 public keys and 4 secret keys (4 protected, 0 unprotected)
Hey Christ1, thanks for the quick response!
This means my certificate is linked only to the thunderbird programm which I use on a single machine. Is there a way to use the old Enigmail Setup, in which I could define a personal passphrase, instead to install the older tb version?
And what if I want to use my certificate on another machine? As far as I understood, do I have to verify EVERY Mailadress to this new machine. If my infrastructure contains more than a few mailadresses, this makes no sense for me to do it this way at all, maybe somebody can explain the benefits of this routine. I want my old Enigmail back! :D
Seriously, I understand that it is more easy to use for users not to deal with a lots of passphrases, but I find it a little restrictive?
Thanks, B.
Is there a way to use the old Enigmail Setup, in which I could define a personal passphrase, instead to install the older tb version?
Yes, there is. See https://wiki.mozilla.org/Thunderbird:OpenPGP:Smartcards
And what if I want to use my certificate on another machine? As far as I understood, do I have to verify EVERY Mailadress to this new machine.
I don't think I understand what you're trying to achieve. In any case, the easiest way to transfer your Thunderbird data to a new machine is to copy the entire profile.
And what if I want to use my certificate on another machine? As far as I understood, do I have to verify EVERY Mailadress to this new machine.I don't think I understand what you're trying to achieve. [...]
As far as I understand, when the keys would be randomly generated by i.g. included data linked to the machine I use and if I never know nor linked a passphrase to my personal key by myself, I could never use it on another machine, right? Now I got 20 Recipients with which I would like to commicate via e2ee. And have to verificate every adress to the Thunderbird PGP. If I'd like to use a different thunderbird on my 2nd laptop, I have to verify every key from my recipients again, right? Took a lot of time, if I'm assuming right.
Thanks, B.
Chosen Solution
In order to transfer your data to another computer, simply copy over the entire Thunderbird profile - job done. http://kb.mozillazine.org/Move_to_a_new_PC
Alternatively you can export your private key. You'll be prompted for a new passphrase when exporting the key.
cool, thank you! And sorry for the late answer! B.