This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

PGP - On-demand unlocking your secret keys

more options

Hello everyone,

I wonder how the secret key will be generated within the new native pgp integration. Cause I never had to set a passphrase, when I was once set up my mail encryption in the new thunderbird. When I tried to find information, how excactly Thunderbird would generate the secret keys, I could only find: "Thunderbird doesn't use on-demand unlocking (key passwords) of your secret keys," but nothing more in detail.

Can anyone please lighten me up? Why do I haven't use a passphrase anymore? And how my secret key will be protected then?

Thanks in advance, B.

Hello everyone, I wonder how the secret key will be generated within the new native pgp integration. Cause I never had to set a passphrase, when I was once set up my mail encryption in the new thunderbird. When I tried to find information, how excactly Thunderbird would generate the secret keys, I could only find: "Thunderbird doesn't use on-demand unlocking (key passwords) of your secret keys," but nothing more in detail. Can anyone please lighten me up? Why do I haven't use a passphrase anymore? And how my secret key will be protected then? Thanks in advance, B.

Chosen solution

In order to transfer your data to another computer, simply copy over the entire Thunderbird profile - job done. http://kb.mozillazine.org/Move_to_a_new_PC

Alternatively you can export your private key. You'll be prompted for a new passphrase when exporting the key.

Read this answer in context 👍 1

All Replies (6)

more options

Thunderbird uses a randomly generated passphrase which itself is protected by the master password (now called primary password). So for your private keys to be protected in the first place you'll have to set a master password. To verify the private keys are indeed protected, check the error console (Ctrl-Shift-J) and look for something like

Found 52 public keys and 4 secret keys (4 protected, 0 unprotected)
more options

Hey Christ1, thanks for the quick response!

This means my certificate is linked only to the thunderbird programm which I use on a single machine. Is there a way to use the old Enigmail Setup, in which I could define a personal passphrase, instead to install the older tb version?

And what if I want to use my certificate on another machine? As far as I understood, do I have to verify EVERY Mailadress to this new machine. If my infrastructure contains more than a few mailadresses, this makes no sense for me to do it this way at all, maybe somebody can explain the benefits of this routine. I want my old Enigmail back! :D

Seriously, I understand that it is more easy to use for users not to deal with a lots of passphrases, but I find it a little restrictive?

Thanks, B.

more options
Is there a way to use the old Enigmail Setup, in which I could define a personal passphrase, instead to install the older tb version?

Yes, there is. See https://wiki.mozilla.org/Thunderbird:OpenPGP:Smartcards

And what if I want to use my certificate on another machine? As far as I understood, do I have to verify EVERY Mailadress to this new machine.

I don't think I understand what you're trying to achieve. In any case, the easiest way to transfer your Thunderbird data to a new machine is to copy the entire profile.

more options
And what if I want to use my certificate on another machine? As far as I understood, do I have to verify EVERY Mailadress to this new machine.

I don't think I understand what you're trying to achieve. [...]

As far as I understand, when the keys would be randomly generated by i.g. included data linked to the machine I use and if I never know nor linked a passphrase to my personal key by myself, I could never use it on another machine, right? Now I got 20 Recipients with which I would like to commicate via e2ee. And have to verificate every adress to the Thunderbird PGP. If I'd like to use a different thunderbird on my 2nd laptop, I have to verify every key from my recipients again, right? Took a lot of time, if I'm assuming right.

Thanks, B.

more options

Chosen Solution

In order to transfer your data to another computer, simply copy over the entire Thunderbird profile - job done. http://kb.mozillazine.org/Move_to_a_new_PC

Alternatively you can export your private key. You'll be prompted for a new passphrase when exporting the key.

more options

cool, thank you! And sorry for the late answer! B.