Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > alt.comp.software.thunderbird > #16877 > unrolled thread

GPG integration

Back to article view | Back to alt.comp.software.thunderbird

Contents

  GPG integration Daniel Brandes <dbs@brandes.xyz> - 2025-06-07 19:50 +0200
    Re: GPG integration D <J@M> - 2025-06-08 00:35 +0200
      Re: GPG integration Daniel Brandes <dbs@brandes.xyz> - 2025-06-08 16:24 +0200
    Re: GPG integration VanguardLH <V@nguard.LH> - 2025-06-07 23:13 -0500
      Re: GPG integration Daniel Brandes <dbs@brandes.xyz> - 2025-06-08 17:52 +0200
    Re: GPG integration Bob Henson <bob.henson@outlook.com> - 2025-06-08 10:22 +0100
    Re: GPG integration D <J@M> - 2025-06-08 18:26 +0200
    Re: GPG integration D <noreply@dirge.harmsk.com> - 2025-06-08 23:16 -0400

#16877 — GPG integration

Dear Thunderbird community,

while I used to employ GnuPG's GPGtools implementation on OSX/macOS 
(which integrates with Mail.app), I recently switched to TB and would 
like to make use of it's internal key management. I don't find it too 
convenient – e.g. lack of key shortcuts – but manually importing would 
be way more of a hassle.

Unfortunately it doesn't seem to sync with the existing database, and 
retrieving new keys by --import solely writes to GnuPG.

Is there any workaround or tool to combine them? Not being an expert, 
I'm wondering whether interference between the two could even be 
relevant security wise.

Thanks a lot for any help!

Daniel

[toc] | [next] | [standalone]

#16885

On Sat, 7 Jun 2025 19:50:57 +0200, Daniel Brandes <dbs@brandes.xyz> wrote:
>Dear Thunderbird community,
>while I used to employ GnuPG's GPGtools implementation on OSX/macOS 
>(which integrates with Mail.app), I recently switched to TB and would 
>like to make use of it's internal key management. I don't find it too 
>convenient – e.g. lack of key shortcuts – but manually importing would 
>be way more of a hassle.
>Unfortunately it doesn't seem to sync with the existing database, and 
>retrieving new keys by --import solely writes to GnuPG.
>Is there any workaround or tool to combine them? Not being an expert, 
>I'm wondering whether interference between the two could even be 
>relevant security wise.

don't know, but private-key encryption could be serious enough to learn
more about how popular programs like t-bird could safely use gnupg, etc.
before entrusting its use <https://duckduckgo.com/?q=thunderbird+gnupg>

[toc] | [prev] | [next] | [standalone]

#16891

Am 08.06.25 um 00:35 schrieb D:
> don't know, but private-key encryption could be serious enough to learn
> more about how popular programs like t-bird could safely use gnupg, etc.
> before entrusting its use <https://duckduckgo.com/?q=thunderbird+gnupg>

Thanks for the input, but that's not a viable approach for me. The 
portion of people who depend on such a technology to work in a somewhat 
user friendly manner, e.g. activists, may even exceed the one of IT 
hobbyists. *This right here* is the maximum of research people like me 
can spare; up to you whether you decide to be helpful.

[toc] | [prev] | [next] | [standalone]

#16888

Daniel Brandes <dbs@brandes.xyz> wrote:

> while I used to employ GnuPG's GPGtools implementation on OSX/macOS 
> (which integrates with Mail.app), I recently switched to TB and would 
> like to make use of it's internal key management. I don't find it too 
> convenient - e.g. lack of key shortcuts - but manually importing would 
> be way more of a hassle.
> 
> Unfortunately it doesn't seem to sync with the existing database, and 
> retrieving new keys by --import solely writes to GnuPG.
> 
> Is there any workaround or tool to combine them? Not being an expert, 
> I'm wondering whether interference between the two could even be 
> relevant security wise.

Although I've played with encrypted e-mail in the past, it was just an
experiment.  In 30+ years of doing e-mail, I've yet to encounter a
recipient that can support encryption whether PGP or x.509/SMIME certs.
I could digitally sign my outbound e-mails to pass my public key to my
recipients, but none of them bothered using my public key to encrypt
their e-mails to me where I'd use the private key that only I have to
decrypt.  It was a waste of time to digitally sign my outbound e-mails,
an no one that received them would bother to look up my public key to
ensure the e-mail originated from me.  

Maybe info at the following web page might help you:

https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq

Not sure how you expect Tbird to use its internal key management without
importing your keys into Tbird.  Those who do e-mail encryption often
have only 1 key per e-mail address.  How many keys do you have where
importing would be a chore since you'd do it all only once?

There a plenty of online articles describing how to setup PGP in Tbird,
like:

https://support.startmail.com/hc/en-us/articles/360014775437-Thunderbird-PGP-Encryption
(scroll down to the "Setting up PGP encryption in Thunderbird" section)

https://www.linuxbabe.com/security/encrypt-emails-gpg-thunderbird

Apparently you can get Tbird to use an external key ring, as noted at:

https://superuser.com/questions/1758464/how-do-i-get-thunderbird-to-use-my-gpg-keyring
https://wiki.mozilla.org/Thunderbird:OpenPGP:Smartcards#Allow_the_use_of_external_GnuPG

[toc] | [prev] | [next] | [standalone]

#16892

Am 08.06.25 um 06:13 schrieb VanguardLH:
> Although I've played with encrypted e-mail in the past, it was just an
> experiment.  In 30+ years of doing e-mail, I've yet to encounter a
> recipient that can support encryption 

There actually are demographics – i.e. political activism – where it's 
deemed good practice to make use of PGP for internal stuff.

> Apparently you can get Tbird to use an external key ring, as noted at:
> 
> https://superuser.com/questions/1758464/how-do-i-get-thunderbird-to-use-my-gpg-keyring


That's exactly the thing – thank you so much!

[toc] | [prev] | [next] | [standalone]

#16890

On 7/6/25 6:50 pm, Daniel Brandes wrote:
> Dear Thunderbird community,
> 
> while I used to employ GnuPG's GPGtools implementation on OSX/macOS
> (which integrates with Mail.app), I recently switched to TB and would
> like to make use of it's internal key management. I don't find it too
> convenient – e.g. lack of key shortcuts – but manually importing would
> be way more of a hassle.
> 
> Unfortunately it doesn't seem to sync with the existing database, and
> retrieving new keys by --import solely writes to GnuPG.
> 
> Is there any workaround or tool to combine them? Not being an expert,
> I'm wondering whether interference between the two could even be
> relevant security wise.
> 
> Thanks a lot for any help!
> 
> Daniel
> 
> 

Sadly, when Thunderbird decided to include encryption within the program 
itself, it only added a very limited subset of what was previously 
available using the Enigmail extension. However, I too wonder how many 
key pairs you have that you cannot just import them into Thunderbird? If 
you have a huge number of public keys and want to keep them rather thank 
pick them up again and automatically as you correspond with those 
people, then why not export them to a file from your old set-up and 
import them to Thunderbird from that file. As far as I know (I haven't 
bothered with it much), you won't be able to get maximum benefit from 
cross-signings etc anyway as Thunderbird's implementation is too dumbed 
down.

Like Vanguard, after umpteen years of emailing, I've only ever had one 
correspondent that who used GnuPG, so I revoked all my keys ages back. 
When I returned to Thunderbird with new email addresses I did generate 
two new keys for old time's sake, but no-one has ever used them, so I 
have never needed to try importing groups of keys. It should be easy 
enough though.

-- 
Tetbury, Gloucestershirel, UK

The early bird may get the worm, but the second mouse gets the cheese.

[toc] | [prev] | [next] | [standalone]

#16893

On Sat, 7 Jun 2025 19:50:57 +0200, Daniel Brandes <dbs@brandes.xyz> wrote:
>while I used to employ GnuPG's GPGtools implementation on OSX/macOS 
>(which integrates with Mail.app), I recently switched to TB and would 
>like to make use of it's internal key management. I don't find it too 
>convenient – e.g. lack of key shortcuts – but manually importing would 
>be way more of a hassle.
>Unfortunately it doesn't seem to sync with the existing database, and 
>retrieving new keys by --import solely writes to GnuPG.
>Is there any workaround or tool to combine them? Not being an expert, 
>I'm wondering whether interference between the two could even be 
>relevant security wise.

p.s.   gnupg (https://gnupg.org/) does seem to be popular, and is widely recommended
by encryption experts . . . even the highly-regarded author of omnimix describes any
one skeptical about trusting gnupg "uninformed" ... https://www.danner-net.de/om.htm
>...
>Concerning electronic mail, the most obvious procedure would be to become firm in the
>usage of encryption software like GnuPG to convert your postal card into a letter, so
>that really no one apart from the sender and the intended recipient/s will be able to
>read data that are exchanged. 'Really no one' means, that tools like GnuPG, where the
>source code is freely available and can be reviewed by everyone, provide established
>mathematical algorithms unlikely to be broken in the forseeable future, regardless of
>all the rumors that are spread to discourage uninformed people and prevent them from
>realizing their civil rights concerning privacy....
[end quoted excerpt]

maybe so (i'm no expert, ergo uninformed), but the classic pgp 6.5.8ckt (2002-05-02)
installs and afaict runs fine in windows 11 24h2 in lieu of the "memory page locking
driver" warning that "sensitive data such as passphrases may end up being written to
the system paging file" (as with any encryption software or its usage, caveat emptor)

sample of archived links to this enduring legacy version of pgp for windows:
https://web.archive.org/web/*/http://www.panta-rhei.dyndns.org/downloads/PGP/
>https://web.archive.org/web/20041106013644/http://www.panta-rhei.dyndns.org/downloads/PGP/
>pgp658ckt08.zip    06-Jun-2003 13:44    6.1M  
(pgp658ckt08.zip / 6.06 MB), extracted . . .
(\pgp658ckt08 / 6.39 MB / 3 Files, 0 Folders), installed . . .
(changed default folder "C:\Program Files (x86)\Network Associates\PGP" to "C:\PGP658")
(C:\PGP658 / 4.71 MB / 27 Files, 3 Folders) . . . runs in system tray as "pgptray" with
the padlock icon . . . again, akaict, this program would _appear_ to work as advertised

direct link:
https://web.archive.org/web/*/http://www.panta-rhei.eu.org/downloads/PGP/pgp658ckt08.zip
https://web.archive.org/web/20060919030712/http://www.panta-rhei.eu.org/downloads/PGP/pgp658ckt08.zip
>pgp658ckt08.exe      6.33 MB
>pgp658ckt08.zip.sig  4.00 KB
>pgp658ckt08.txt      49.2 KB
>PGP 6.5.8ckt - Build08 - Read me file - 05/02/2002
>Imad R. Faiad
>Version: 6.5.8ckt http://www.ipgpp.com/
https://web.archive.org/web/20020215231038/http://www.ipgpp.com/

[toc] | [prev] | [next] | [standalone]

#16901

On Sat, 7 Jun 2025 19:50:57 +0200, Daniel Brandes <dbs@brandes.xyz> wrote:
>while I used to employ GnuPG's GPGtools implementation on OSX/macOS 
>(which integrates with Mail.app), I recently switched to TB and would 
>like to make use of it's internal key management. I don't find it too 
>convenient – e.g. lack of key shortcuts – but manually importing would 
>be way more of a hassle.
>Unfortunately it doesn't seem to sync with the existing database, and 
>retrieving new keys by --import solely writes to GnuPG.
>Is there any workaround or tool to combine them? Not being an expert, 
>I'm wondering whether interference between the two could even be 
>relevant security wise.

p.p.s.  (last one, but this reply seemed relevant and possibly of interest)

>In article <20250608.155132.4de515fe@dirge.harmsk.com> D wrote:
>> p.s.   gnupg (https://gnupg.org/) does seem to be popular, and is widely recommended
>> by encryption experts . . . even the highly-regarded author of omnimix describes any
>> one skeptical about trusting gnupg "uninformed" ... https://www.danner-net.de/om.htm
>
>This is absolutely not true. Quite the opposite. Encryption experts switched en masses
>to age a couple of years ago, due to it's ease of use. The age author has more followers
>on X than gnupg.org on X. Only a handful of hardcore GnuPG users are still on their list,
>while the vast majority of GnuPG users have left the mailing list.
>Remops like SEC3 and others are using age as well.
>https://github.com/FiloSottile/age
>The author of age was also a security lead at Google for the Go programming language
>and it's crypto libraries.
[end quote]

red flags aplenty but "a.g.e." does at least appear to be superseding gnupg
and is being marketed as having already replaced those antique technologies
(maybe it has, yet implicit trust is absent from their a.i. dominated world)

[toc] | [prev] | [standalone]

Back to top | Article view | alt.comp.software.thunderbird

csiph-web