Certified OpenPGP-encryption after release of Thunderbird 78

Patrick Brunschwig patrick at enigmail.net
Sun May 31 12:35:00 CEST 2020

Andreas Boehlk Computer-Service wrote on 31.05.2020 11:09:
> Hello Patrick,
> Am 31.05.2020 um 10:01 schrieb Patrick Brunschwig:
>> Mark wrote on 31.05.2020 01:28:
>>> Doesn't TB also need your secret keys to decrypt messages?  
>> With smartcard support via GnuPG, all secret key operations are handled
>> by GnuPG, and all public key operations are handled by TB (Note: the
>> standard case, without smartcard support, will be that all keys are in
>> Thunderbird).
>> The use-cases are clearly distinct:
>> - encryption: you only need public keys
>> - decryption: you only need secret keys
>> - signing: you only need secret keys
>> - verification: you only need public keys
> The standard user will not be able to work with that "solution".
> Compared to the "enigmail-solution" this is the hell and bound to fail.

Let's first define Standard users. The majority of users who use
smartcards that *I* know are expert or power users. They can handle this.

The "Standard users" I have in mind don't use GnuPG for anything else
than encrypting mails, and they don't use smartcards either. They won't
have this issue in any way.

>>> Also what if you need your public keys outside of TB such as encrypting
>>> a file?
>> That's not supported by Thunderbird. The idea of OpenPGP in Thunderbird
>> is that you use it for email.
> That is correct, but nevertheless it is mandatory to have and use a
> single key-store.

For which use-case precisely? If you only use OpenPGP for emails (and
given the users I know who had support cases in the past, this is true
for the majority of the Enigmail users), then this is irrelevant.

To be quite clear: Thunderbird will not support GnuPG for scenarios
other than handling secret keys. And that's only because the OpenPGP
library they use can't handle smartcards yet. Once the library will
support smartcards, I expect that GnuPG support will be removed entirely.

Note: I'm not a Thunderbird developer and I don't drive Thunderbird
decisions -- this is simply my expectation of what will happen.


More information about the Gnupg-users mailing list