Closed Bug 1674551 Opened 4 years ago Closed 4 years ago

Thunderbird 78.4.0 does not import private GnuPG-keys & won't encrypt emails

Categories

(MailNews Core :: Security: OpenPGP, defect)

Product:
MailNews Core
Component:
Security: OpenPGP
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1654893

People

(Reporter: just.someone, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:82.0) Gecko/20100101 Firefox/82.0

Steps to reproduce:

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.4.0

With the upgrade of Thunderbird 68 to 78.4.0 I tried to migrate my keys and settings from enigmail / GnuPG to Thunderbird. It didn't import my private keys, so I tried manually:

Steps:

  1. Migration of Enigmail / GnuGP keys to Thunderbird

  2. Top Menu -> Tools -> OpenPGP Key Manager -> File -> Import Secret Key(s) from File -> Select File to Import

  3. Selected file with my secret keys exported from GnuPG (I've tried with and without option --armor)

  4. Checkbox "Treat this key as a Personal Key" checked

  5. Continue

  6. Enter password of my private key as prompted

The secret key I try to import looks like this:

sec# rsa4096 2017-10-02 [C] [verfällt: 2021-10-31] 9D5A9C2C8A6F3D8843BD83B7282EFFA450B534F5
uid [ ultimativ ] Peter Bartmann <pb-mail@posteo.de>
uid [ ultimativ ] Peter Bartmann <peter.bartmann@posteo.de>
uid [ ultimativ ] Peter Bartmann <pbartmann@posteo.de>
ssb rsa4096 2017-10-02 [S] [verfällt: 2021-10-31]
ssb rsa4096 2017-10-02 [E] [verfällt: 2021-10-31]
ssb rsa4096 2017-10-02 [A] [verfällt: 2021-10-31]

The main key is for certification only. There are 3 subkeys for authentication, encryption, signature each. The secret key of the main key ([C]) has been removed. (e.g. like described in https://blog.eleven-labs.com/en/openpgp-almost-perfect-key-pair-part-1/)

Actual results:

a)
With step 0), only the public keys have been imported, but not my private keys

In step 5) Thunderbird keeps asking me for the password of my private key. Every time I've entered the password of my private key correctly into the filed, the pop-up window closes and immediately shows up again with the empty password field to prompt me again to enter my password. That goes on for at least 15 times and does not seem to end. Only way to stop this is to cancel, however the private key won't be imported with the following error message:

"Import failed. The key you are trying to import might be corrupt or use unknown attributes. Would you like to attempt to import the parts that are correct? This might result in the import of incomplete and unusable keys."

b)
Additionally I'm not able to send any encrypted email anymore. Although the OpenPGP Key Manager shows a valid public key for the recipient, Thunderbird won't let me encrypt that email. Window "Write" -> Security -> View Security Info doesn't show a certificate (Status = "Not found" next to the email of the recipient), although the OpenPGP Manager seems to hold that certificate.

Don't know if a) and b) are related, so reporting those as one bug.

Expected results:

a) Thunderbird should correctly import my private key, either during step 0 or after the manual import

b) Thunderbird should enrypt email

Component: Untriaged → Security: OpenPGP
Product: Thunderbird → MailNews Core

duplicate of bug 1654893?

(In reply to Christian Riechers from comment #1)

duplicate of bug 1654893?

Yes, looks like it (the "sec#" part of the GPG output denotes an offline primary key).

closing as duplicate

Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.