Open Bug 1775298 Opened 3 years ago Updated 3 years ago

Can't import key-pair exported by Kleopatra, OpenPGP is blank

Categories

(MailNews Core :: Security: OpenPGP, defect)

Product:
MailNews Core
Component:
Security: OpenPGP
Version:
Thunderbird 91
Type:
defect

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: anomin, Unassigned)

Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.5 Safari/605.1.15

Steps to reproduce:

Setup Thunderbird with email server.
In Account Settings click End-to-End Encryption
Click Add Key for user's email address created by GPGKeys on a Mac
Import an existing OpenPGP Key (that is a key-pair already imported to Kleopatra)
Export the Kleopatra key-pair to an .asc file on Tails Desktop (OpenPGP is blank)
Select File to Import, try to Open file
Error! Failed to import file.

Actual results:

Import key-pair to Thunderbird for user's email address fails.

Expected results:

Be able to use end-to-end encryption without having to generate a new key-pair.
I use Tor browser via Tor circuits only on the affected system, but I am using Safari for this report. I am using Thunderbird 91.1 on Tails 5.1.

Adding (importing) an existing key-pair .asc (created by GPGKeys on a Mac) to OpenPGP directly also fails, so maybe this is an OpenPGP problem not specific to Thunderbird?

As a local user (not root) on Tails, gpg --import *.asc is able to import the exported GPGkeys as shown by gpg --list-secret-keys. These are also shown on Kleopatra. When root does gpg --import *.asc the files are imported to /root/,gnupg but not into OpenPGP and Thunderbird can still not import the file. The keys are able to encrypt with gpg -e -u email -r email file for both root and a local user.

(In reply to anomin from comment #0)

Setup Thunderbird with email server.
In Account Settings click End-to-End Encryption
Click Add Key for user's email address created by GPGKeys on a Mac
Import an existing OpenPGP Key (that is a key-pair already imported to Kleopatra)
Export the Kleopatra key-pair to an .asc file on Tails Desktop (OpenPGP is blank)
Select File to Import, try to Open file
Error! Failed to import file.

It's not completely clear what you're doing.
I'm trying to summarize what you said, please correct me if I'm wrong.

  • you created an OpenPGP key pair using GPGKeys on Mac. That's a tool of the GPG Suite product, correct?

How did you get the key pair from GPGKeys to Kleopatra?
Did you use GPGKeys to export/backup your key pair to a file, and then import it into Kleopatra?

  • or -
    Is Kleopatra able to directly access the key that you have created using GPGKeys?

It's confusing me, because on one hand side you said "a key-pair already imported to Kleopatra". Does that mean it was necessary to import the key into Kleopatra, before Kleopatra was able to show it?

But if you already had a file with your key pair, why was it necessary to export it from Kleopatra?

You said you exported from Kleopatra, and then OpenPGP is blank. What exactly is blank? Did Kleopatra create a blank file? Did you try to import a blank file into Thunderbird?

Flags: needinfo?(anomin)
  1. Before I began to configure Thunderbird, I imported 3 key-pairs that had been exported by GPGkeys on a Mac via gpg --import *.asc.
  2. These all appeared in Kleopatra but not OpenPGP (blank). Not having been keeping up on Thunderbird I assumed that Kleopatra was something added to Tails 5.1 to replace OpenPGP which I also assumed was a Linux version of GPGkeys that Thunderbird can tap into to get keys.
  3. When I went to configure Thunderbird end-to-end Encryption, the page has a link to "OpenPGP Key Manager". When I clicked that there were no keys listed (blank). Again I assumed Thunderbird needed to instead "Open Kleopatra Key Manager". Seeing no way to do this, but "OpenPGP Key Manager" did offer a link to import from a file, so I decided to export a .asc from Kleopatra and import that file into Thunderbird. No good. Maybe Kleopatra export has a bug?
  4. I do see that it is possible to import a GPGkey .asc file exported on a Mac directly into "OpenPGP Key Manager" inside Thunderbird while configuring my first email account, so thanks for that advice. Now having trouble getting first email account up and running.
Flags: needinfo?(anomin)

(In reply to anomin from comment #4)

  1. Before I began to configure Thunderbird, I imported 3 key-pairs that had been exported by GPGkeys on a Mac via gpg --import *.asc.

You say you exported from from GPGkeys. Then you used gpg --import to import those keys into GnuPG.

  1. These all appeared in Kleopatra but not OpenPGP (blank).

I understand Kleopatra shows the keys that you imported using GnuPG (the "gpg --import" command).

If you say "not OpenPGP (blank)", what do you mean? Do you refer to Thunderbird? Thunderbird is blank?

It is expected that Thunderbird doesn't show the keys you have imported into GnuPG.

Thunderbird uses its own storage for keys.

Not having been keeping up on Thunderbird I assumed that Kleopatra was something added to Tails 5.1 to replace OpenPGP
which I also assumed was a Linux version of GPGkeys that Thunderbird can tap into to get keys.

It's still confusing what you refer to, when you say "OpenPGP".

OpenPGP is a standard.

Thunderbird supports OpenPGP. Other software supports OpenPGP, too.

Thunderbird doesn't tap into other software. Thunderbird has its own keys. If you already have keys, and you want to import them into Thunderbird, you can use Thunderbird's OpenPGP key manager to import them.

  1. When I went to configure Thunderbird end-to-end Encryption, the page has a link to "OpenPGP Key Manager". When I clicked that there were no keys listed (blank).

Yes, because you did not yet import into Thunderbird.

Again I assumed Thunderbird needed to instead "Open Kleopatra Key Manager".

No.

Thunderbird doesn't use the same keys as Kleopatra.

Seeing no way to do this, but "OpenPGP Key Manager" did offer a link to import from a file, so I decided to export a .asc from Kleopatra and import that file into Thunderbird. No good. Maybe Kleopatra export has a bug?

You don't need to export from Kleopatra.

You said you already have files that you exported using GPGKeys on a mac.

It should be possible to import those files into Thunderbird.

In Thunderbird, use OpenPGP Key Manager, and select "Import secret key(s) from file", then select the file with your key pair that you got from GPGKeys.

  1. I do see that it is possible to import a GPGkey .asc file exported on a Mac directly into "OpenPGP Key Manager" inside Thunderbird while configuring my first email account, so thanks for that advice. Now having trouble getting first email account up and running.

An OpenPGP key can contain name and email address.

Thunderbird can use an OpenPGP key pair that contains the email address of the email account that you use in Thunderbird.

You cannot use an OpenPGP key pair in Thunderbird that doesn't contain a matching email address.

Component: Installer → Security: OpenPGP
Product: Thunderbird → MailNews Core
You need to log in before you can comment on or make changes to this bug.