Join the Mozilla’s Test Days event from Dec 2–8 to test the new Firefox address bar on Firefox Beta 134 and get a chance to win Mozilla swag vouchers! 🎁

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Integrated OpenPGP in TB 78.2+ much less functionality than Enigmail?

  • 1 reply
  • 1 has this problem
  • 5 views
  • Last reply by christ1

more options

Where can I find a roadmap for OpenPGP integration?

I've been using Enigmail for years, and find the current OpenPGP integration lacks significant features that made Enigmail useful.

  • Unable to prompt for passphrase at each use. This is a major security issue if anyone gains access to your system with TB already running. It is unacceptable that your PGP keychain is wide open as long as TB is running.
  • Internal keyring. I used to be able to share a single keyring between Windows, Cygwin and TB. Now that TB has moved to keeping its own keyring I have to worry about moving keys back and forth as needed.
  • Fails to validate alternate identities. A keypair can have multiple associated email addresses. If you receive a signed/encrypted message "From" an alternate identity, TB fails to see the signature as valid.

Are there any plans to mitigate these problems?

Where can I find a roadmap for OpenPGP integration? I've been using Enigmail for years, and find the current OpenPGP integration lacks significant features that made Enigmail useful. * Unable to prompt for passphrase at each use. This is a major security issue if anyone gains access to your system with TB already running. It is unacceptable that your PGP keychain is wide open as long as TB is running. * Internal keyring. I used to be able to share a single keyring between Windows, Cygwin and TB. Now that TB has moved to keeping its own keyring I have to worry about moving keys back and forth as needed. * Fails to validate alternate identities. A keypair can have multiple associated email addresses. If you receive a signed/encrypted message "From" an alternate identity, TB fails to see the signature as valid. Are there any plans to mitigate these problems?

All Replies (1)

more options
I've been using Enigmail for years, and find the current OpenPGP integration lacks significant features that made Enigmail useful.

That is correct. In terms of features, the current Thunderbird OpenPGP implementation isn't on par with Enigmail (yet). That will improve over time.

Unable to prompt for passphrase at each use.

That feature has already been requested. When this will be implemented, I don't know. See https://bugzilla.mozilla.org/show_bug.cgi?id=1679455

Internal keyring. I used to be able to share a single keyring between Windows, Cygwin and TB.

Thunderbird uses it's own model for deciding which key may be used for encryption, the user interface is adjusted to that model - which is different from how GnuPG makes decisions about trusting public keys. Encryption will never use the external gnupg setup. You can use the external gnupg keyring for signing and decrypting though. See https://wiki.mozilla.org/Thunderbird:OpenPGP:Smartcards

Fails to validate alternate identities.

You'd need to set up each identity for encryption.