This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Support
Support
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Make it clear that personal GPG keys are unencrypted when Primary Password is unset

Tblue
New member
‎07-24-2023 06:10 AM
Status: New idea

When you import a personal GPG key into Thunderbird (as of version 115.0.1, likely since the removal of Enigmail in version 78), that personal key is decrypted, and then re-encrypted using a random password that is stored in Thunderbird's password manager.

If you don't set a Primary Password for Thunderbird's password manager, that "key encryption password" is stored unencrypted, and thus your personal GPG key is effectively also stored on disk unencrypted (source):

How is my personal key protected?

At the time you import your personal key into Thunderbird, we unlock it, and protect it with a different password, that is automatically (randomly) created. The same automatic password will be used for all OpenPGP secret keys managed by Thunderbird. You should use the Thunderbird feature to set a Primary Password. Without a Primary Password, your OpenPGP keys in your profile directory are unprotected.

(Emphasis mine.)

I find that behavior non-obvious and dangerous:

When I imported my GPG key into Thunderbird, I had to enter the key's password, and so thought I'd have to enter it again to use the key (just like with GPG), but imagine my surprise when my key could be used without any password. I did not expect that Thunderbird would do something as dangerous as just storing my key unencrypted, without even informing me.

I have since set a Primary Password for Thunderbird's password manager, but it would be great if the need for setting a Primary Password could be emphasized (or even enforced) when importing a personal GPG key.

See more ideas labeled with:
Comment
3 Comments
Status changed to: New idea
Jon
Community Manager
Community Manager
‎07-24-2023 07:15 AM
‎07-24-2023 07:15 AM

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

VanHelsing
New member
‎08-02-2023 04:02 AM
‎08-02-2023 04:02 AM

Hello,

I'm completely agree with topic starter. This occurs to be a surprise that my private key is stored openly to everyone if no Primary Password is set.

And there also no option to use GPG key only when you use encryption, as it was in Enigmail. I'd like to use it on demand, with entering GPG password each time without storing it permanently in Thunderbird. This could help users better control the storage and usage of their keys, providing more security.

Now I have to set Primary password to secure my GPG key, but I'd like not to store it decrypted even with Primary password, like it was in Enigmail. Please, add this option.

KR,

Van Helsing

Un_gnou
New member
‎08-11-2023 05:34 PM
‎08-11-2023 05:34 PM

+1

As I replied to a different post ("idea"), I stopped using Thunderbird since this awful integration of Enigmail into Thunderbird v78. I can't trust Thunderbird anymore, since my GPG password was changed (by Thunderbird) and stored in a not-so-secure way.

As long as this situation remains unchanged, I won't come back to Thunderbird. Which is rather sad - but beyond my control ¯\_(ツ)_/¯

Copyright © 2024 Khoros, LLC