Cannot enable OpenPGP
Categories
(MailNews Core :: Security: OpenPGP, defect)
Tracking
(Not tracked)
People
(Reporter: adeuring, Unassigned)
References
Details
(Whiteboard: [support])
Attachments
(5 files)
Top part of the encrypttion setting page.
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0
Steps to reproduce:
During a regular package update of Ubuntu 20.04 Thunderbird 78.7.1 was installed, where Enigmail is disabled but offered a kind of "migration path" to the OpenPGP support by Thunderbird itself. I imported public keys of other persons from a GnuPG key ring and I imported my personal key pair to Thunderbird.
Actual results:
When I click the "reply" button for an OpenPGP encrypted mail I received, S/MIME encryption is enabled. But sending the mail leads to an error since neither the recipient nor myself have any S/MIME keys or certificates. Enabling OpenPGP encryption is not possible.
When I try to send a new email to the same recipient with a click on the "Write" button, the message window shows that S/MIME encryption is not enabled. And I cannot enable S/MIME (which makes of course sense) nor OpenPGP.
When I view the encryption settings of the account, I can select my personal PGP key. But this selection is not saved. The S/MIME section of course does not show personal certificates.
Expected results:
The encryption should have allowed me to select my personal private/public PGP key pair; OpenPGP encryption to recipients having valid PGP keys should be possible.
|
||
Comment 1•4 years ago
|
||
Yes, I've read it. I can imagine that the bug report sounds really strange – if necessary, I can provide screenshots showing what I mean. Or I could even provide a screencast...
A bit of additional information:
-
The decryption of OpenPGP encrypted emails I received works. It is only the encryption of outgoing mails that does not work.
-
It seems to me that Thunderbird has its own PGP key ring. I had to import my private PGP key into Thunderbird from an unencrypted export from my regular private key ring.
-
The copy of the private key used by Thunderbird seems not to be encrypted: I did not have to enter a pass phrase to decrept new incoming emails. (Or is Thunderbird simply using the file with the key that was exported from my regular key ring?)
I have meanwhile also found a bug report for Ubuntu that is at least very similar: https://bugs.launchpad.net/ubuntu/+source/thunderbird/+bug/1916881
|
||
Comment 3•4 years ago
|
||
(In reply to adeuring from comment #2)
I can provide screenshots showing what I mean.
Might be a good idea.
Upper part of the encryption settings view. While I can select the key 0x7A40..., Thunderbird does not store this selection. (BTW: What do the different background colors of the two options indicate?)
Lower part of the encryption settings view. (Not very intersting, just to document the entire view.)
The main editor window for a reply to a received encrypted mail. Note that the bottom line of the window claims that S/MIME is enabled.
The same editor window showing the encryption options menu. OpenPGP as well as S/MIME are not enabled. Correct in my case for S/MIME, but OpenPGP should be enabled.
(In reply to adeuring from comment #7)
Created attachment 9210134 [details]
thunderbird-reply-editor-2.pngThe same editor window showing the encryption options menu. OpenPGP as well as S/MIME are not enabled. Correct in my case for S/MIME, but OpenPGP should be enabled.
Oops. S/MIME is of course enabled... What I meant: Both options cannot be selected by a mouse click
|
|
||
Comment 10•4 years ago
|
||
(In reply to adeuring from comment #4)
Created attachment 9210131 [details]
Top part of the encrypttion setting page.Upper part of the encryption settings view. While I can select the key 0x7A40..., Thunderbird does not store this selection.
What does 'not store this selection' mean?
S/MIME is of course enabled... What I meant: Both options cannot be selected by a mouse click
There is no S/MIME certificate selected for the account.
OpenPGP certainly works here. You may want to take this discussion to the e2ee mailing list.
https://thunderbird.topicbox.com/groups/e2ee
|
Reporter | |
Comment 11•4 years ago
|
||
(In reply to Christian Riechers from comment #10)
(In reply to adeuring from comment #4)
Created attachment 9210131 [details]
Top part of the encrypttion setting page.Upper part of the encryption settings view. While I can select the key 0x7A40..., Thunderbird does not store this selection.
What does 'not store this selection' mean?
A click on the radio button for the PGP key marks at first the key as enabled. But when I close the settings tab and open it again, the selected option is again "None"
S/MIME is of course enabled... What I meant: Both options cannot be selected by a mouse click
There is no S/MIME certificate selected for the account.
Oops, yes you are right. My bad: I intended to write "not enabled".
|
|
||
Comment 12•4 years ago
|
||
If you're using the Thunderbird version provided by your distribution, try the vanilla version from https://www.thunderbird.net/ instead.
|
|
Reporter | |
Comment 13•4 years ago
|
||
OK, I downloaded https://download.mozilla.org/?product=thunderbird-78.9.0-SSL&os=linux64&lang=de,unpacked and started this version of Thunderbird. I then selected the profile that is the default of the Ubuntu version of Thunderbird. (Reason I did not want to configure again a mail account, ask somebody else to send me an encrypted message, setup the PGP keys again and whatnot else.) Finally, I enabled the config option "mail.openpgp.allow_external_gnupg". (Reason: As described above, an earlier attempt to import my existing private PGP key resulted in an unencrypted private keyring, which I did not like. Hence I simply copied my existing key ring files from ~/.gnupg to the Thunderbird profile. That allowed me to decrypt emails encrypted by other people.)
The version of Thunderbird I downloaded from download.mozilla.org behaves exactly as the version from the Ubuntu repositories:
- I can decrypt incoming encrypted emails. Which means the my private PGP key 0x7a404... is obviously "good enough" for decryption.
- The encryption page of the account settings shows me the option to select my key 0x7A404... But this selection is obviously not saved/accepted/stored/whatever. But I did not notice any related error message.
- When I reply to an OpenPGP encrypted mail I received from somebody else, Thunderbird selects S/MIME encryption although neither I nor the other person has any keys/certificates for S/MIME. (See screenshot above)
- Attempts to send this reply fail with the obvious error message that no certificates are available. (See screenshot.)
- I cannot select OpenPGP encryption for the reply. (makes somewhat sense since Thunderbird refuses to accept my key 0x7a... for the account (see (2)).
- When I click the "write" button to create an email for a recipient with an PGP key, I cannt enable any encryption option. (Again, consistent with (2), but the behaviour is slightly different from a reply to an encrypted maiL)
|
|
Reporter | |
Comment 14•4 years ago
|
||
I started to tinker with the PGP related stuff under "about:config". Seems that setting my key ID 0x7a404... under mail.identity.default.openpgp_key_id (which was empty before) allows PGP encryption. I still need a confirmation from the recipient of a test mail but things look definitely better.
But there is a new issue: When I view the mail I just sent, Thunderbird tells me that the signature is invalid...
|
|
Reporter | |
Comment 15•4 years ago
•
|
||
The broken signatures are also seen by the recipients of PGP encrypted mail I'm sending via Thunderbird.
I noticed meanwhile that I am not the only one having this problem: bug 1694855 . I added a comment there that has more details about the broken signatures. Summarized: At least signatures created viy GnuPG are simply incomplete.
|
|
||
Updated•4 years ago
|
|
||
Comment 16•3 years ago
|
||
WFM based on comment 14.
|
|
Reporter | |
Comment 17•3 years ago
|
||
Well... Some issues are indeed resolved meanwhile (tried version 91.7.0). The selection of my own PGP key in the preferences persists now. And the encryption options for messages I am writing look more sane. But sending encrypted messages is still buggy: The message is encrypted but not signed. Thunderbird simply did not ask me for the password to unlock my private PGP key...
Looking at a test message I sent via Thunderbird in Evolution, I see the error message
Fehler beim Überprüfen der Signatur: Ausgabe von gpg2:
gpg: Keine gültigen OpenPGP-Daten gefunden.
gpg: Die Signatur konnte nicht überprüft werden.
Denken Sie daran, daß die Datei mit der Signatur (.sig oder .asc)
als erste in der Kommandozeile stehen sollte.
(Sorry for the German text... Rough translation:
Error during signature check, gpg2 output:
gpg: No valid OpenPGP data found.
gpg: The signature could not be checked.
gpg: Remember to specify the signature file (.sig or .asc) first on the command line.)
Anyway, if developers are interested in the problems I still have with Thunderbird and OpenPGP, let me know. I'm willing to help but for daily usage I switched to Evolution some weeks ago. Reason: Evolution "works for me", to cite the resolution reason of this bug, while the handling of received encrypted messages in GPA as a workaround for all the Thunderbird issues became too cumbersome for me.
Description
•