Closed Bug 1631198 Opened 1 year ago Closed 1 year ago

Allow manual import of autocrypt sender key

Categories

(MailNews Core :: Security: OpenPGP, enhancement)

Product:
MailNews Core
Component:
Security: OpenPGP
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
Thunderbird 77.0

People

(Reporter: KaiE, Assigned: KaiE)

References

(Blocks 1 open bug)

Details

Attachments

(3 files)

autocrypt-key-only.png
11.67 KB, image/png
Details
autocrypt-key-and-attachment.png
19.66 KB, image/png
Details
Bug 1631198 - Allow manual import of autocrypt sender key. r=PatrickBrunschwig
47 bytes, text/x-phabricator-request
Details | Review

Although we don't claim to fully support Autocrypt, some OpenPGP correspondents might use Autocrypt, and the key in the header might be the only way to obtain their public key.

If a received message contains a key, we should make it discoverable, and allow the user to manually import it - similar as with other key attachments (where the user has to right click the attachment).

I have an initial patch, which displays an additional line at the bottom of a message, only if an autocrypt key is contained in the message. The line says "Message contains sender's OpenPGP public key" with an import button.

Attached image autocrypt-key-only.png

This is how it looks, if there are no other attachments.
Will need some UI styling fix to make it look prettier.

If there are additional attachments, it looks like this.

The line is hidden if there's no such key in the email.

FYI, the change in rnp.jsm makes it possible to pass both ASCII and binary blocks to the RNP key import.

Alessandro, this is just my initial hack. It's fine to display this differently in the future.
FYI, this is about a sender public key that is transported in a regular message header, and thereby invisible in the attachment list. This is the reason why I'm treating it specially.

In general, I could imagine a smarter mechanism for dealing with an OpenPGP key that's attached as a regular attachment.

Although a regular key attachment could be anything, including the key of someone else, or a list of multiple keys - we could try to detect if a regular attachment is indeed a single key belonging to the sender's email. If yes, then we potentially could hide that attachment from the regular attachment list, and display it in this way, too. But that would require some more work, which we'd have to do at a later time. So initially, it would be easier if we can handle regular attachments, and these "autocrypt header" keys differently.

I don't really think this message belongs at the bottom of the message, but I guess we can figure out how to display it better later.

Pushed by kaie@kuix.de:
https://hg.mozilla.org/comm-central/rev/804e09a2b571
Allow manual import of autocrypt sender key. r=PatrickBrunschwig

Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
Target Milestone: --- → Thunderbird 77.0
Regressions: 1636558
Regressions: 1638142
You need to log in before you can comment on or make changes to this bug.