OpenPGP in Thunderbird [LWN.net]

By Jake Edge
September 23, 2020

It is a pretty rare event to see a nearly 21-year-old bug be addressed—many projects are nowhere near that old for one thing—but that is just what has occurred for the Mozilla Thunderbird email application. An enhancement request filed at the end of 1999 asked for a plugin to support email encryption, but it has mostly languished since. The Enigmail plugin did come along to fill the gap by providing OpenPGP support using GNU Privacy Guard (GnuPG or GPG), but was never part of Thunderbird. As part of Thunderbird 78, though, OpenPGP is now fully supported within the mail user agent (MUA).

The enhancement request actually asked for Pretty Good Privacy (PGP) support; PGP is, of course, the progenitor of OpenPGP. The standards effort that resulted in OpenPGP started in 1997. Back in 1999, PGP was the only real choice for email encryption, though the initial version of GnuPG had been released a few months before the request.

Early on, the main concerns expressed in the bug tracker were about the legality of shipping cryptographic code. The US government's attempts to restrict the export of cryptographic systems, known as the "crypto wars", were still fresh in the minds of many. It was not entirely clear that adding "munitions-grade crypto" to a MUA like Thunderbird was legal or wise. Early in 2000, the US revised its export-control regulations, which removed that particular concern.

There was work done toward adding support for OpenPGP and Secure/Multipurpose Internet Mail Extensions (S/MIME), which is another email encryption standard, over 2000 and 2001, but the code never actually landed. Thunderbird (called "mailnews" in those days) was in fire-fighting mode; fixing bugs and getting basic functionality working took precedence over new features like encryption. There was also a need to design a reasonable plugin mechanism.

Eventually, Enigmail showed up, which took some of the pressure off the Mozilla developers. Enigmail could be used on all of the supported platforms for Thunderbird to encrypt and decrypt PGP-style email (either inline or PGP/MIME) using GnuPG. Its initial maintainer, Ramalingam Saravanan, updated the bug with new information about Enigmail several times.

In the bug, multiple people suggested that Enigmail be incorporated into Thunderbird and the Enigmail developers were not opposed. In 2003, Patrick Brunschwig, who was a new maintainer for the plugin, said that doing so would help in getting rid of some of the "hacks" that were done to make Enigmail work with Thunderbird. But nothing like that ever happened.

Thunderbird itself has had something of a checkered past with regard to its parent, Mozilla. On two separate occasions Thunderbird has been spun out from the Mozilla nest. In 2007, it left to allow Mozilla to focus on Firefox. That led to the creation of Mozilla Messaging as the new home for Thunderbird, which was reabsorbed in 2011. But in 2012, support for Thunderbird from Mozilla was reduced and in 2015 Thunderbird was given its walking papers again. Then, in 2017, it was determined that the right place for "Thunderbird’s legal, fiscal and cultural home" was the Mozilla Foundation.

All of that upheaval was likely not entirely conducive to focused development, but plenty of good work was done on the MUA over the intervening years, including adding S/MIME support along the way. However, integrating Enigmail or otherwise supporting OpenPGP never quite made the list. People would periodically pop up in the bug report to ask that it be resolved and occasionally Brunschwig would note that the decision was in the hands of the Thunderbird developers. That went on for many years, until an October 2019 blog post announcing the project's plans with respect to OpenPGP.

The announcement said that Thunderbird will be releasing a version in (northern hemisphere) summer 2020 with support for OpenPGP built right in. It will not be based on Enigmail, which will not be updated to the new Thunderbird plugin (or add-on) interface; Enigmail will effectively be in maintenance mode. It will be supported on the then-current Thunderbird 68 release, until that reaches end of life six months after 78 is released. But Brunschwig will be working on the OpenPGP support for Thunderbird and the plans were to help ensure that Enigmail keys and settings could make the transition.

In addition, the project plans to leave GnuPG behind, as explained by Kai Engert on the tb-planning mailing list. It comes down to licensing, at least in part. GnuPG is available under GPLv3, which means that shipping it as part of Thunderbird, which is under the Mozilla Public License 1.1, could be tricky to do right. But there is also a complexity factor:

When we talked with Patrick Brunschwig about this topic, he advised that based on his experience as the maintainer and developer of Enigmail, the interaction with the external GnuPG software was a constant source for support requests. Frequently, Enigmail didn't behave as intended, and often it was found that the cause of the issue was a nonworking interaction with the separate GnuPG software.

If Thunderbird decided to distribute GnuPG software, the situation might get even more complicated. If users already have a copy of GnuPG installed on their system, we'd have to be careful to avoid any potential conflicts that might occur by having two competing copies of GnuPG installed on a computer.

It may be possible, eventually, to use GnuPG for Thunderbird cryptographic operations, but that is not a priority—except to support OpenPGP smartcards. The RNP library for OpenPGP, which is what is being used for Thunderbird, does not support smartcards, at least yet. In the interim, using GnuPG for smartcards will be supported for Thunderbird.

The OpenPGP wiki page lays out the overall vision for the feature. As planned, OpenPGP support was released as part of Thunderbird 78 in early September. It comes with a migration tool to help Enigmail users make the switch. In addition, the Mozilla Open Source Support program provided a grant to security audit both RNP and the related Thunderbird code. "We are happy to report that no critical or major security issues were found, all identified issues had a medium or low severity rating, and we will publish the results in the future."

There is an extensive HOWTO and FAQ document, a wiki status page, and a discussion forum for the "end-to-end encryption" (e2ee) feature in Thunderbird. The e2ee feature covers both OpenPGP and S/MIME in Thunderbird, though a support document for the feature only covers OpenPGP at the time of this writing.

The main difference, from a user perspective, between OpenPGP and S/MIME is the matter of keys. As with everything in the cryptography world, it seems, key management for email is a difficult problem. S/MIME takes a certificate approach to keys, like with TLS keys for HTTPS; keys are signed by certificate authorities, which can be done in-house or by third parties. OpenPGP depends on the decentralized web of trust, where keys are verified and signed by other users' keys. A key that is signed by a trusted key may also be trusted and those trust relationships can extended in a transitive fashion if desired.

Existing users of Enigmail will encounter some changes. For example, Enigmail "junior mode", which was added by the p≡p foundation, is not supported. Also, OpenPGP in Thunderbird does not support the web of trust directly:

In other words, with Enigmail and OpenPGP some keys of your correspondents might have been automatically accepted for use, if there was a path of trust from your keys, along a path of keys that you had signed, eventually pointing to the key you'd like to use. This indirect trust isn't offered in Thunderbird. Instead, you are currently required to manually accept each recipient key that you'd like to use.

It has been a long time coming, but it seems that OpenPGP has made its way into Thunderbird proper. It would be nice to believe that it will help broaden the adoption of email encryption, but that is probably a forlorn hope. Adding the feature will serve to highlight encryption, however, which may eventually pay dividends. But the key-management problem, in particular, is difficult and is likely the largest barrier to widespread adoption of email encryption.

to post comments

OpenPGP in Thunderbird

Posted Sep 24, 2020 8:05 UTC (Thu) by MKesper (subscriber, #38539) [Link] (4 responses)

TOFU (https://en.wikipedia.org/wiki/Trust_on_first_use) is the only sane way of acting with trust in gpg keys, imho.

OpenPGP in Thunderbird

Posted Sep 24, 2020 11:30 UTC (Thu) by neal (subscriber, #7439) [Link]

TOFU is good, as I describe in the TOFU for OpenPGP paper (https://gnupg.org/ftp/people/neal/tofu.pdf), but it is by far not the only reasonable trust model. For instance, using OpenPGP CA (https://openpgp-ca.gitlab.io/openpgp-ca/, src: https://gitlab.com/openpgp-ca/openpgp-ca), it is possible to create an organization-specific CA using OpenPGP's standard web of trust mechanisms. This is much better than using a third-party CA like Symantec whose primary interest is creating money for their share holders. And, is great for users, because it largely moves the time consuming and complicated responsibility of authenticating keys from individual users to an admin in the organization, whose interests are much more closely aligned with the organization's, and who can compromise the organization anyways, because they probably determine what software their users are running.

That doesn't mean that what OpenPGP CA does is for everyone. But, it could help a lot of users.

OpenPGP in Thunderbird

Posted Sep 24, 2020 13:13 UTC (Thu) by emorrp1 (guest, #99512) [Link] (1 responses)

In the context of email Autocrypt seems to be the way forward, which is basically TOFU with header-based key management: https://autocrypt.org/dev-status.html

For gpg, you can configure "trust-model tofu+pgp" which works well with auto-key-retrieval and WKD.

OpenPGP in Thunderbird

Posted Sep 25, 2020 10:03 UTC (Fri) by neal (subscriber, #7439) [Link]

Autocrypt is actually a bit weaker than TOFU. With TOFU, you trust the first key that you see for a given identifier. Later keys with the same identifier are either ignored or cause a conflict (like in GnuPG's TOFU trust model, and ssh). In Autocrypt, new keys are silently accepted.

OpenPGP in Thunderbird

Posted Sep 26, 2020 16:02 UTC (Sat) by wodny (subscriber, #73045) [Link]

For me https://keybase.io/ is sometimes helpful to decide if TOFU is good enough. The site still seems to lack many developers critical to major projects, though.

OpenPGP in Thunderbird

Posted Sep 24, 2020 11:02 UTC (Thu) by LtWorf (subscriber, #124958) [Link] (3 responses)

Can it at least use the same keyring as pgp or it will try to use a separate one that needs to be kept in sync?

OpenPGP in Thunderbird

Posted Sep 24, 2020 11:19 UTC (Thu) by neal (subscriber, #7439) [Link] (2 responses)

Thunderbird uses its own keyring. GnuPG has made clear that the contents of $GNUPGHOME ($HOME/.gnupg) are private, so Thunderbird is right to not use files stored there directly. But, even if Thunderbird could use those files, it is unclear that it would be a good idea: not only does changing the format become more difficult, but you need to worry a lot more about synchronization, which is very hard to get right.

OpenPGP in Thunderbird

Posted Sep 24, 2020 11:46 UTC (Thu) by LtWorf (subscriber, #124958) [Link] (1 responses)

But so in the end, they are dropping enigmail for this alternative which has no key management and can't use the keyring of a key manager…

This all seems like a terrible idea to me.

OpenPGP in Thunderbird

Posted Sep 24, 2020 12:28 UTC (Thu) by jmclnx (guest, #72456) [Link]

Evolution, which is what I need to use at work, is able to use data in ~/.gnupg. I like Thunderbird much better, but if I read and understand the responses, seems ~/.gnupg is off limits to Thunderbird.

I would rather not use multiple encryption methods, so will I see how this plays out once my home distro packages the new Thunderbird and will decide what to do then.

OpenPGP in Thunderbird

Posted Sep 24, 2020 15:17 UTC (Thu) by tlamp (subscriber, #108540) [Link] (4 responses)

The Thunderbird OpenPGP support has a few drawbacks, it forces one to maintain yet another keyring and doesn't allow the use of smart cards.

The first one is a nuisance, the second one makes it unusable for me personally.
I work with a few devices and want a safe way to use the same GPG key on all, a smart card is the only reasonable solution for that.

It is a lousy replacement for Enigmail.

OpenPGP in Thunderbird

Posted Sep 24, 2020 17:05 UTC (Thu) by gnoutchd (guest, #121472) [Link] (2 responses)

TBird 78.x can delegate secret key operations (decryption, signing) to GnuPG. This was added specifically to support smartcards. I don't have a smartcard (yet), but I did want to keep my secret key in GnuPG, and this worked for me. See <https://wiki.mozilla.org/Thunderbird:OpenPGP:Smartcards>. Does it not work for you?

OpenPGP in Thunderbird

Posted Sep 24, 2020 17:44 UTC (Thu) by kucharczyk (guest, #139572) [Link]

This does not work for me. I have an e-mail I am able to decrypt but not from withing Thunderbird. Maybe an issue with the e-mail itself? Another, unrelated, issue is something called nested signatures. I can't read some mailing list e-mails because Thunderbird won't decrypt them. It says "openpgp: unsupported feature: nested signatures".

OpenPGP in Thunderbird

Posted Sep 25, 2020 8:16 UTC (Fri) by tlamp (subscriber, #108540) [Link]

That actually works here, thank you for pointing me to it.

Weird, I did quite some searching for Thunderbird and smartcard support, but didn't find that article.

OpenPGP in Thunderbird

Posted Sep 26, 2020 13:08 UTC (Sat) by dd9jn (✭ supporter ✭, #4459) [Link]

I am not a TB user but I felt that I should known how the new OpenPGP integration works. I installed it yesterday on a Windows VM to get the experience of the majority of users. Despite all my critics given in personal discussions, I was positively surprised. The integration into the UI is nice and straightforward and easy to explain. There is none of the usual geeky gadgets and things are explained in a way many non-hackers can actually grasp.

Sure this is just a first step and there are lot of things which need to be addressed. The RNP library does all the complicated parts and I am confident that this library gets things right (we did some interop testing in the last years). From my brief test I see these missing things: 1. Allow import of offline keys (GnuPG extension but widely promoted), 2. Actually locally sign the keys instead of putting the trust information into some TB specific database, 3. Handle application/pgp-keys.

(FWIW, the first OpenPGP integration was written along with the then new mail code of Mozilla more than 20 years ago - unfortunately rejected by the Mozilla management because they didn't wanted any OpenPGP in their MUA.)

OpenPGP in Thunderbird

Posted Sep 25, 2020 8:17 UTC (Fri) by kaie (subscriber, #127493) [Link]

HOWTO and FAQ:
https://support.mozilla.org/en-US/kb/openpgp-thunderbird-...

OpenPGP in Thunderbird

Posted Dec 17, 2020 15:26 UTC (Thu) by Klavs (guest, #10563) [Link]

Hopefully everyone is moving to a world where private keys is stored on physical keys (like the yubikey) - instead of keys being stolen from developers laptops :)

Here's to hoping TB adds support for "opengpg smartcards" soon :)

OpenPGP in Thunderbird

Posted Feb 20, 2021 1:11 UTC (Sat) by KZB (guest, #144978) [Link]

I noticed something very strange these days.
A collegue send me a GPG Pubkey and I tried to import it as ASC in TB which itself works fine, but when the key was expired and got extended (before) the import may work but you can't send anything to it.
Even deleting the subs with gpg doesn't work, TB still refues to see the Pubkey.

Idk if other people these days having such issues too, but it sucks.

Also trying to work around by tweaking the time of the System (or TB itself) its just nonsense and doesn't work. Publishing it to a Public Key Repo doesn't solve the issues too.. even after like I already stated above, removing the sub key (the expired one)