Closed Bug 1651707 Opened 4 years ago Closed 4 years ago

OpenPGP key manager, implement revocation and backup of secret keys

Categories

(MailNews Core :: Security: OpenPGP, enhancement)

Product:
MailNews Core
Component:
Security: OpenPGP
Type:
enhancement

Tracking

(thunderbird_esr78 fixed, thunderbird79 fixed)

Status:
RESOLVED FIXED
Milestone:
Thunderbird 80.0
Tracking Flags:
Tracking Status
thunderbird_esr78 --- fixed
thunderbird79 --- fixed

People

(Reporter: KaiE, Assigned: KaiE)

References

Details

Attachments

(1 file)

Bug 1651707 - OpenPGP key manager, implement revocation and backup of secret keys. r=PatrickBrunschwig
47 bytes, text/x-phabricator-request
wsmwk
: approval-comm-beta+
wsmwk
: approval-comm-esr78+
Details | Review

We need to implement revocation for secret keys, and backup for secret keys. I have a patch ready.

The backup dialog must prompt for the password that will protect the backup of the secret key(s). Instead of starting from scratch, I reused an existing dialog from Mozilla/Firefox code: setp12password.xhtml and .js, and have adjusted the strings.

Instead of having a single action for export/backup, there are now two different actions in the menu. This avoids the complex dialog that asks "include secret". The workflow will be clearer now.

Revocation is a simple approach with two prompts, one before, one after. It follows the strings that Enigmail had used, but tweaked for the new reality of our new implementation.

Removed the command "send email to selected keys". This no longer makes sense for our implementation, because no longer support encrypting to specific keys. Our workflow is based on email addresses. Because a selection of keys doesn't give a exact list of email addresses (a key can contain multiple), I think it's best to remove this command for now.

The backup menu command is enabled, if all selected keys are secret keys.

Renamed the menu command to consistently use "key(s)" whenever it works with multiple selected items.

In addition, the patch will do some refactoring:

  • .js files that include chrome://openpgp/content/ui/enigmailCommon.js
    don't need their own l10n declaration, they can use the one from common
  • simplify several l10n statements to use formatSync, not await

Note the attached patch is on top of several other pending patches, my current queue is bug 1634561, bug 1650446, bug 1650591, bug 1650738, bug 1637179, bug 1648954

Blocks: 1651712

Pushed by kaie@kuix.de:
https://hg.mozilla.org/comm-central/rev/10fb5837e1c4
OpenPGP key manager, implement revocation and backup of secret keys. r=PatrickBrunschwig

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED

Comment on attachment 9162504 [details]
Bug 1651707 - OpenPGP key manager, implement revocation and backup of secret keys. r=PatrickBrunschwig

Important new OpenPGP feature for 78.x

Attachment #9162504 - Flags: approval-comm-esr78?

Comment on attachment 9162504 [details]
Bug 1651707 - OpenPGP key manager, implement revocation and backup of secret keys. r=PatrickBrunschwig

OpenPGP - uplift request for consistency of comm-esr78, beta79 and c-c80

Attachment #9162504 - Flags: approval-comm-beta?
Target Milestone: --- → Thunderbird 80.0

Comment on attachment 9162504 [details]
Bug 1651707 - OpenPGP key manager, implement revocation and backup of secret keys. r=PatrickBrunschwig

Approved for beta
Approved for esr78

Attachment #9162504 - Flags: approval-comm-esr78?
Attachment #9162504 - Flags: approval-comm-esr78+
Attachment #9162504 - Flags: approval-comm-beta?
Attachment #9162504 - Flags: approval-comm-beta+

The patch of OpenPGP private keys is not working properly! (TH 78.0.1)
The password requested for the backup is useless, the key is saved in clear text...

It suits me, I prefer a backup without a password.
It would be useful to ask users if they want to save their private keys with a password.

Flags: needinfo?(kaie)

(In reply to Alex from comment #8)

The patch of OpenPGP private keys is not working properly! (TH 78.0.1)
The password requested for the backup is useless, the key is saved in clear text...

I cannot reproduce your report.
If I backup a secret key to a file, and then try to import that file with GnuPG, I get a prompt to enter the password. If I cancel import, or if I enter the incorrect password, then GnuPG does not import a secret key (only a public key).

Can you please explain why you think it is backed up without a password?

The secret key is saved to a backup file that uses ASCII ARMOR encoding, that means it can be viewed with a text editor, and appears to be clear text.

Flags: needinfo?(kaie)

(In reply to Kai Engert (:KaiE:) from comment #9)

I did what you did!
If I import my key with GnuPG it goes through without a problem.
The key is in the clear!

Look the file :
-----BEGIN PGP PRIVATE KEY BLOCK-----

xcaGBFejS/QBEAC5CveI5FSlp8EeFxNpJTj4DfkpKiV8LQgH396ACspZjhSmVmcqdL6DPW91Na0z
20EnodSFwKHMgv3za1xJsd7fY3CpmjdopcOTr64m5XqJ2m9Mu/Rt0hNPZ793gysz8OwuduyBqCeU
.....................

(In reply to Alex from comment #10)

-----BEGIN PGP PRIVATE KEY BLOCK-----

xcaGBFejS/QBEAC5CveI5FSlp8EeFxNpJTj4DfkpKiV8LQgH396ACspZjhSmVmcqdL6DPW91Na0z
20EnodSFwKHMgv3za1xJsd7fY3CpmjdopcOTr64m5XqJ2m9Mu/Rt0hNPZ793gysz8OwuduyBqCeU
.....................

This doesn't mean anything.
An encrypted private key file looks similar.

Okay, I didn't know.
But imports don't require a password...

Mystery was solved in bug 1654703

See Also: → 1632087
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: