Open Bug 1654893 Opened 4 months ago Updated 1 month ago

Support configuration with an offline primary OpenPGP key

Categories

(MailNews Core :: Security: OpenPGP, enhancement)

enhancement

Tracking

(Not tracked)

People

(Reporter: KaiE, Assigned: KaiE)

References

Details

Expert users might want to use a configuration, which uses a primary key that is in secure offline storage. They would then use multiple subkeys, at least two, one for signing and one for encryption.

They would need to import all public keys, but would import only the secret keys of the subkeys into Thunderbird.

At this time we don't want to support creating these key pairs inside Thunderbird. Rather we require that the expert user uses separate software do create the keys.

However, importing these keys into Thunderbird should be possible.
Currently this isn't working.
As a first step, importing the keys with RNP is failing, this is tracked upstream here:
https://github.com/rnpgp/rnp/issues/1217

After we have RNP support, we'll need to implement Thunderbird application level support, to allow treating such a key as a personal key, even with the primary secret key missing.

Duplicate of this bug: 1663447
Duplicate of this bug: 1666124

Please note that bug 1666124 which should be classified as having severity S2 – "(Serious) Major Functionality/product severely impaired and a
satisfactory workaround doesn’t exist" – cannot be considered a duplicate of an "enhancement". This is not a "nice-to-have feature" but prevents users from using Thunderbird where the use of offline primary keys/"laptop keys" is mandatory, thereby breaking existing workflows, configurations.

The moment Thunderbird 68.x is not supported anymore (and 78.x does still not support this as the previous Enigmail add-on did), the application will have to be blacklisted/replaced by Mutt, Evolution, Outlook, or other alternatives that e.g. satisfy company policies prohibiting the use of online primary/master keys or needs of user groups which take matters related to privacy/security – namely, protection against identity theft – very serious.

In case fixing the above will require (much) more time for whatever reason, the only two options to prevent abandoning existing users are

  • the introduction of a compatibility layer which restores the old functionality ("EnigMail-compat"?); because existing users have everything installed/set up already, there are no license problems due to the need to ship additional third-party components
  • ensuring that 68.x /is/ supported until back-to-back tests show that there are no remaining (S2) regressions w.r.t. functionality

MZLA Technologies Corporation should have opted for one or both options in the first place and might well have underestimated that breaking existing functionality related to OpenPGP without providing (temporary) workarounds is not taken kindly, because it forces others to invest time and money to put alternatives in place. (Keep in mind that for a non-profit organization, shrinking/alienating their customers/user base has never been a good strategy.)

(Keep in mind that for a non-profit organization, shrinking/alienating their customers/user base has never been a good strategy.)
Correction: I meant "for-profit organization" here, of course.

(In reply to Markus Ueberall from comment #3)

The moment Thunderbird 68.x is not supported anymore (and 78.x does still not support this as the previous Enigmail add-on did), the
application will have to be blacklisted/replaced ...

For the time being you can treat offline keys like keys on Smartcards. You can't import them into Thunderbird, but you can use them via gpgme.
https://wiki.mozilla.org/Thunderbird:OpenPGP:Smartcards

(In reply to Christian Riechers from comment #5)

For the time being you can treat offline keys like keys on Smartcards. You can't import them into Thunderbird, but you can use them via gpgme.
https://wiki.mozilla.org/Thunderbird:OpenPGP:Smartcards

Wow. I can confirm that this really works—would not have found this without your pointer, though a considerable amount of time has been spent on this here. Many, many thanks!

Duplicate of this bug: 1673915
Duplicate of this bug: 1674551
You need to log in before you can comment on or make changes to this bug.