Closed Bug 1664635 Opened 2 years ago Closed 2 years ago

Installing Thunderbird 78 should prompt Enigmail migration

Categories

(MailNews Core :: Security: OpenPGP, defect)

defect

Tracking

(Not tracked)

RESOLVED WORKSFORME

People

(Reporter: nicholas_j, Unassigned)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0

Steps to reproduce:

Installed Thunderbird 78.2.2 over a Thunderbird 68 version that had Enigmail.

Actual results:

There was no prompt to start Engimail migration.

Expected results:

There should be. For, either a bug prevented that from happening or else for some strange reason you think that there is no need to prompt for such migration.

I am tempted to mark this as a security problem.

Also: when one starts the migration manually, one is prompted for the same passphrase over and over, in such a way as to give one the - false -impression that one has misentered it. That is dire UI/UX - and though it may owe to Enigmail, you could at least warn the user.

After the import, I cannot work out how to actually encrypt an email. For, there is toolbar button in the compose window and, within the drop-downs, 'encrypt' is greyed-out. I will reinstall the older version of Thunderbird. This new version is unusable, I'm sad to say.

This image pertains to my comment about uninstalling the new version of Thunderbird.

Oh great: see attached.

And the 'all releases' tab - which is next to the 'release notes' tab - on https://www.thunderbird.net/en-US/thunderbird/all/ actually gives one . . release notes. So I can't even easily download the version of Thunderbird that I need in order to fix things.

You can use --allow-downgrade to override the downgrade check.

In comment 0, did you install 78.2.2 into the exact program directory location as the previous install?

Blocks: tb78found

Did you see any relevant errors in the Error Console?

Component: Untriaged → Security: OpenPGP
Product: Thunderbird → MailNews Core

(In reply to nicholas_j from comment #0)

There was no prompt to start Engimail migration.

Enigmail should have updated to version 2.2.x and prompted you.

Also: when one starts the migration manually,

I think you say that Enigmail has updated to version 2.2.x and you found the migration command in the tools menu.

one is prompted for the same passphrase over and over, in such a way as to give one the - false -impression that one has misentered it.

Do you use a secret key that contains different passphrases for individual sub keys? Bug 1663323
Or an offline primary key? Bug 1654893
These scenarios are known to not work.

My version of Thunderbird 68 was unceremoniously "upgraded" to version 78 two days ago, breaking my use of encrypted email. Yesterday, I manually imported all my keys. Today (two days later, and several restarts of Thunderbird 78), Thunderbird opened the tab to migrate enigmail!

Several problems here:

(1) An non-reversible upgrade that breaks basic functionality should not be done without warning
(2) If you are going to foist this onto unsuspecting users, don't wait 2 days (and an hour or so of struggles) to start the migration process.

(In reply to Erik Blake from comment #9)

My version of Thunderbird 68 was unceremoniously "upgraded" to version 78 two days ago, breaking my use of encrypted email. Yesterday, I manually imported all my keys. Today (two days later, and several restarts of Thunderbird 78), Thunderbird opened the tab to migrate enigmail!

Several problems here:

(1) An non-reversible upgrade that breaks basic functionality should not be done without warning
(2) If you are going to foist this onto unsuspecting users, don't wait 2 days (and an hour or so of struggles) to start the migration process.

On two diffend computers (Windows 8.1, Windows 10) Thunderbird 68 has installed the upgrade to 78.2.2 without problem - and the Tab for migrating the PGP-Keys using Enigmails migration process was the viewable active tab. But it could be that an Enigmail-Tab from old TB Version was the last tab I had oppened before TB was closed (I don't remember).

But indeed it was a surprice for me to see a TB update was running, while I knowing that on Web page there was written, that there will be no automatical upgrade vom 68 to 72. (Just now I see, that webpage has new information. )

  • Sending a crypted mail to BCC didn't work. [Why ?]
  • Attached signature as the name "OpenPGP_signature". [Why there is no file nameending "OpenPGP_signature.asc" ? Some Mail-Server-Pipelines replaces attachements without filename endings or create a default filename ending therefor TB claims "OpenPGP technical error: manipulated email"]

(In reply to nicholas_j from comment #0)

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0

Steps to reproduce:

Installed Thunderbird 78.2.2 over a Thunderbird 68 version that had Enigmail.

Does that mean, that you had downloade the installation executable and than choose to install the new version into the folder of the old version
or do you mean the upgrade procedure via Help->About ?

In both cases I would like a prompt for a pgp-migration, with a small list of what functions are not available, and a possibility to cancel the install or upgrade.

(In reply to nicholas_j from comment #2)

After the import, I cannot work out how to actually encrypt an email. For, there is toolbar button in the compose window and, within the drop-downs, 'encrypt' is greyed-out. I will reinstall the older version of Thunderbird. This new version is unusable, I'm sad to say.

In account settings you could proove if your key is listed and than you could choose the usage. Afer that the drop-down entries for 'enrcypt' is not greyed-out any more.

Further to my(In reply to nicholas_j from comment #2)

After the import, I cannot work out how to actually encrypt an email. For, there is toolbar button in the compose window and, within the drop-downs, 'encrypt' is greyed-out. I will reinstall the older version of Thunderbird. This new version is unusable, I'm sad to say.

You have to right-click on the email account, select Manage Identities, then "End-to-end Encryption", and select your private key. In my experience, the enigmail migration process actually sets this selection to "None", which disables the ability to encrypt email.

Further to my(In reply to Erik Blake from comment #9)

My version of Thunderbird 68 was unceremoniously "upgraded" to version 78 two days ago, breaking my use of encrypted email. Yesterday, I manually imported all my keys. Today (two days later, and several restarts of Thunderbird 78), Thunderbird opened the tab to migrate enigmail!

Several problems here:

(1) An non-reversible upgrade that breaks basic functionality should not be done without warning
(2) If you are going to foist this onto unsuspecting users, don't wait 2 days (and an hour or so of struggles) to start the migration process.

Further to this, the enigmail migration process actively de-selected my chosen private key (right-click on email account, select "Manage Identities", then "End-to-end encryption"). In other words, I had managed to get encryption working again by manually importing public/private keys, and selecting the private key I wished to use - then I ran the migration process and it broke encryption because it cleared my private key selection!!!!

(In reply to Erik Blake from comment #14)

Further to my(In reply to Erik Blake from comment #9)

My version of Thunderbird 68 was unceremoniously "upgraded" to version 78 two days ago, breaking my use of encrypted email. Yesterday, I manually imported all my keys. Today (two days later, and several restarts of Thunderbird 78), Thunderbird opened the tab to migrate enigmail!

Several problems here:

(1) An non-reversible upgrade that breaks basic functionality should not be done without warning
(2) If you are going to foist this onto unsuspecting users, don't wait 2 days (and an hour or so of struggles) to start the migration process.

Further to this, the enigmail migration process actively de-selected my chosen private key (right-click on email account, select "Manage Identities", then "End-to-end encryption"). In other words, I had managed to get encryption working again by manually importing public/private keys, and selecting the private key I wished to use - then I ran the migration process and it broke encryption because it cleared my private key selection!!!!

Just as pointer to read:
https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq#w_the-enigmail-migration-has-completed-successfully-but-im-still-unable-to-use-openpgp

I don't think there's anything actionable from the Thunderbird side in this bug. To degree it's still a problem it would be a problem in the migrator add-on.

Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.