Open Bug 1679278 Opened 6 months ago Updated 1 month ago

Thunderbird: Allow the optional use of user defined OpenPGP passphrases

Categories

(MailNews Core :: Security: OpenPGP, enhancement)

enhancement

Tracking

(Not tracked)

People

(Reporter: KaiE, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [wontifx?])

Currently, Thunderbird uses a randomly created passphrase to protect the OpenPGP key files managed by Thunderbird. The random passphrase is optionally protected using the master password.

Some users are concerned that the master password mechanism isn't sufficiently strong to protect the OpenPGP keys. (See also bug 973759.)

The suggestion is to implement a feature, that allows users to protect the OpenPGP secret keys using passphrases that are chosen by the user, and using the cryptographic code of the OpenPGP library.

Thunderbird could have a single pref, that could disable the use of the automatic passphrase mechanism. When importing keys, Thunderbird could keep the existing passphrase protection. When generating new keys, Thunderbird could ask the user to define the individual passphrase for the new key. Whenever using the secret key, Thunderbird could prompt the user to enter the individual passphrase for the respective key.

Note: You can get this feature as of today, using external gnupg to manage your secret key. See the thunderbird smartcard howto:
https://wiki.mozilla.org/Thunderbird:OpenPGP:Smartcards

This bug requests to implement optional individual passphrase protection directly inside TB, without having to depend on external GnuPG.

Duplicate of this bug: 1679330
Blocks: 1679455

I suggest wontfix.

Whiteboard: [wontifx?]
Duplicate of this bug: 1680033

I would like to know why thunderbird is not configured to use the gpg-agent on the system, letting gnupg make the signature/encryption, and hence letting him deal with the password expiration and management ?

@Kai: Thanks you mentioned how to use GnuPG instead (according to the Smartcard-howto). That looks promising for people who prefer to centrally use GnuPG on their system (possibly used by other applications as well) and not store keys separately in thunderbird.

My +1 to have separate password per key in the internal key-management of Thunderbird, like GnuPG uses it. And with a configurable cache-expiry for the entered password?

I came here from a blog post about how to set a master password for Thunderbird in order to avoid storing the private key password in clear text.

I guess more people will stumble across this bugreport. I’ve written a blog post about how to avoid setting a master password and use the builtin GnuPG keyring instead. Check it out here, I am happy for every feedback!
https://blog.nicohood.de/use-thunderbird-78-with-system-gnupg-keyring

You need to log in before you can comment on or make changes to this bug.