Certified OpenPGP-encryption after release of Thunderbird 78

Andreas Boehlk Computer-Service computer at boehlk.com
Sun May 31 11:09:58 CEST 2020


Hello Patrick,


Am 31.05.2020 um 10:01 schrieb Patrick Brunschwig:
> Mark wrote on 31.05.2020 01:28:
>> Doesn't TB also need your secret keys to decrypt messages?  
> 
> With smartcard support via GnuPG, all secret key operations are handled
> by GnuPG, and all public key operations are handled by TB (Note: the
> standard case, without smartcard support, will be that all keys are in
> Thunderbird).
> 
> The use-cases are clearly distinct:
> - encryption: you only need public keys
> - decryption: you only need secret keys
> - signing: you only need secret keys
> - verification: you only need public keys
> 
The standard user will not be able to work with that "solution".
Compared to the "enigmail-solution" this is the hell and bound to fail.

>> Also what if you need your public keys outside of TB such as encrypting
>> a file?
> 
> That's not supported by Thunderbird. The idea of OpenPGP in Thunderbird
> is that you use it for email.
> 
That is correct, but nevertheless it is mandatory to have and use a
single key-store.

>> The reason I'm asking is that awhile ago I posted about unknown files in
>> my GNUPG directory. PAPubring.gpg and PAsecring.gpg. I eventually found
>> out those are key rings used by a program I have called Power Archiver.
>> I'm not sure why it has it own set of keys, still awaiting an
>> explanation from support. If every app is not using the same pair of key
>> rings (and there is no synchronization between them) could that not lead
>> to problems?
> 
> The only "problem" might be that you have different keys on different
> key rings. But this is not necessarily a problem - you use different
> keys for different purposes and you can import and export the keys
> between the tools if needed.
> 
As I stated before: This is a real problem. Multiple keys-stores are not
manageable and this planned solution is much more complicated than the
current with enigmail. Therefore it is bound to be a non-starter.

> -Patrick
> 
>> On 5/30/2020 12:57 PM, Patrick Brunschwig wrote:
>>> Mark wrote on 30.05.2020 20:54:
>>>> So then do you have multiple pairs of key rings? One pair for TB78 and
>>>> its built in PGP and another pair as part of GNUPG?
>>> No exactly. You have your secret keys with GnuPG, and your public keys
>>> with Thunderbird. No synchronization required.
>>>
>>> -Patrick
>>>> If so how do you keep them synchronized?
>>>>
>>>> On 5/30/2020 9:17 AM, Patrick Brunschwig wrote:
>>>>> Robert J. Hansen wrote on 30.05.2020 01:07:
>>>>>>> If TB 78 is going to have native support of openGPG encryption, then the
>>>>>>> original person in the thread should be able to export all of the keys
>>>>>>> in their key rings, and import all of those keys into TB 78, or am I
>>>>>>> missing one of the gotchas with
>>>>>>> TV 78 and it's openGPG encryption support.
>>>>>> You're missing the gotcha of "as of -Beta3, the new Thunderbird *cannot
>>>>>> even import a key*."
>>>>> I'm sorry, but that is simply not true. There is a known bug in the
>>>>> library used by Thunderbird (RNP) that leads to crashes when importing
>>>>> _certain_ keys. But I succeeded in importing all of my keys without any
>>>>> problems (more than 1.000), except for 5 V3-keys. I can definitely say
>>>>> that it's not just broken, and it can import keys.
>>>>>
>>>>>> I'm not kidding.  It is so far from complete that Kai Englert, who leads
>>>>>> the TB78 OpenPGP effort, recently proposed postponing OpenPGP support in
>>>>>> TB until version 78.2, or about a three-month delay.
>>>>> Again, that's oversimplified. OpenPGP will not be enabled _by_ _default_
>>>>> but users may still enable it manually.
>>>>>
>>>>>> At present, as of -Beta3, TB78's OpenPGP support is badly broken.
>>>>> No, it's incomplete - work in progress. That's not quite the same.
>>>>>
>>>>> -Patrick
> 
> 
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20200531/4151bb3e/attachment.sig>


More information about the Gnupg-users mailing list