Emails encryption in 78 vs Enigmail - does TB 78 decrypt and store the encrypted emails as plain text?
Hi,
I have been a long time user of the Enigmail and I really like how it works: - when you receive an encrypted email it prompts you for your private key password. The password is cached for 5 mins or so. - when want to read older encrypted emails I had to enter the password again - which was fine with me - drafts were encrypted - if someone copies my profile at least they don't have access to my encrypted emails
All in all it's all about privacy & protection.
Now, I upgraded to 78. I use a master password. When I open TB, it prompts me to enter the master password, but I can choose to cancel. And I can still see all my emails including the encrypted emails!!!
If someone gets my profile they can see my encrypted emails as well.
Thunderbird seems to use my private keys without prompting me for password!
Who designed this behaviour?
All Replies (6)
I just checked more emails that I know I sent encrypted and TB decrypts them automatically even though I did not enter the master password!!!
At this point, if you are a user that uses email encryption I do not advise you to upgrade from 68.
Also, note that you can't simply use version 68 against a profile used with 78. It doesn't work. Make sure you have a backup of your 68 profile. Fortunately I do have a backup and I am going to restore my profile from the backup and then install back 68.
err as enigmail does not work at all either the addon or the built components in V78, how are you doing that? Last I heard there were no scheduled updates of earlier versions until V78.2 when it was expected that the enigmail/ PGP encryption would be implemented as an inbuilt process.
I have in recent weeks seen folks using third party "updater" applications getting new versions, as I have seen a few from Linux distributions that obviously only have automated updaters. But Thunderbird will not have prompted you to update to V78 on it's own as updates are turned off.
I am using a mac, I downloaded the 78.1.1 dmg file and I installed it (it replaced version 68). Then I imported the private keys using Tools Migrate Enigmail Settings. I have 2 keys. It prompted me for password 4 times, the last two times it give me an error each time, but eventually it imported them successfully.
Now they keys are used to decrypt the emails even when I don't enter the master password which imo is very bad.
I don't know where the imported keys are stored exactly (do they encrypt the private key?) and whether the emails themselves are decrypted on the fly or their plain text version is stored locally once decrypted.
The enigmail model made a lot of sense to me, and I just don't get why we go backwards.
Anyway, I am going to downgrade tonight back to 68.
Diubah
IIRC I remember reading about a password issue. It will be resolved by an update of 78 and the Enigmail migrator.
Could be this bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1656287
If so, follow the instructions in comment #20 to fix the problem.