Certified OpenPGP-encryption after release of Thunderbird 78

halfdog me at halfdog.net
Mon Jun 1 14:34:00 CEST 2020


Patrick Brunschwig writes:
> Andreas Boehlk Computer-Service wrote on 31.05.2020 11:09:
> ...
>>>> Also what if you need your public keys outside of TB such
>>>> as encrypting a file?
>>>
>>> That's not supported by Thunderbird. The idea of OpenPGP
>>> in Thunderbird is that you use it for email.
>>>
>> That is correct, but nevertheless it is mandatory to have
>> and use a single key-store.
>
> For which use-case precisely? If you only use OpenPGP for emails
> (and given the users I know who had support cases in the past,
> this is true for the majority of the Enigmail users), then
> this is irrelevant.
>
> To be quite clear: Thunderbird will not support GnuPG for scenarios
> other than handling secret keys. And that's only because the
> OpenPGP library they use can't handle smartcards yet. Once
> the library will support smartcards, I expect that GnuPG support
> will be removed entirely.

Just out of curiosity, but knowing that this is not relevant
to standard users.

As encrypted mails cannot easily be malware scanned and even
if they were might contain really hard-to-detect social engineering
attacks, therefore systems running mail software are at a higher.
Hence to avoid full system compromise, running mail software
in virtual machines. With Enigmail I used some simple tool [0]
to act instead of gnupg, intercept all calls to forward them
over network and then filter all requests via whitelists before
passing the real requests to gnupg. Thus no private keys were
available on the risky desktop system (same as with smartcards), the
desktop system had never full access to the private key (each
whitelisted sign/encrypt operation had also to be reviewed and
confirmed outside the virtual machine) and thus even full system
compromise on root level would not compromise the keys the same
way as a directly attached smart-card could be (pin stolen on
desktop system or card used by Mallory while being unlocked).

With smartcard support fully built into TB, which method for
external filtering would you deem most appropriate? Have a custom
virtual-smartcard library, that forwards the requests over network?
Have a virtual-smartcard reader device attached to the virtual
machine, that intercepts requests and forwards them to a real
smartcard reader?

hd

[0] https://www.halfdog.net/Projects/CryptoTools/RemoteGnupg/ (outdated!)




More information about the Gnupg-users mailing list