Integrated OpenPGP in TB 78.2+ much less functionality than Enigmail?
Where can I find a roadmap for OpenPGP integration?
I've been using Enigmail for years, and find the current OpenPGP integration lacks significant features that made Enigmail useful.
- Unable to prompt for passphrase at each use. This is a major security issue if anyone gains access to your system with TB already running. It is unacceptable that your PGP keychain is wide open as long as TB is running.
- Internal keyring. I used to be able to share a single keyring between Windows, Cygwin and TB. Now that TB has moved to keeping its own keyring I have to worry about moving keys back and forth as needed.
- Fails to validate alternate identities. A keypair can have multiple associated email addresses. If you receive a signed/encrypted message "From" an alternate identity, TB fails to see the signature as valid.
Are there any plans to mitigate these problems?
All Replies (1)
I've been using Enigmail for years, and find the current OpenPGP integration lacks significant features that made Enigmail useful.
That is correct. In terms of features, the current Thunderbird OpenPGP implementation isn't on par with Enigmail (yet). That will improve over time.
Unable to prompt for passphrase at each use.
That feature has already been requested. When this will be implemented, I don't know. See https://bugzilla.mozilla.org/show_bug.cgi?id=1679455
Internal keyring. I used to be able to share a single keyring between Windows, Cygwin and TB.
Thunderbird uses it's own model for deciding which key may be used for encryption, the user interface is adjusted to that model - which is different from how GnuPG makes decisions about trusting public keys. Encryption will never use the external gnupg setup. You can use the external gnupg keyring for signing and decrypting though. See https://wiki.mozilla.org/Thunderbird:OpenPGP:Smartcards
Fails to validate alternate identities.
You'd need to set up each identity for encryption.