This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Thunderbird encryption

  • 4 replies
  • 1 has this problem
  • 8 views
  • Last reply by buy

more options

I have installed latest version of Thunderbird and all works as it should but 2 things seem wrong and not sure if bug, incorrect setting or just not allowed:

1 When I send encrypted email to myself it is automatically unencrypted and readable. I would prefer that any encrypted email I receive forces me to enter my private password every time. Can I configure this? 2 I would like to set Tbird to automatically encrypt all emails to an address I have the public key for. however It looks as if I can only set 'encrypt all' or 'don't encrypt' which means I need to manually select for each email or have to set as 'encrypt all' and then get message for almost all recipients that they don't have public key etc.

Advice appreciated.

I have installed latest version of Thunderbird and all works as it should but 2 things seem wrong and not sure if bug, incorrect setting or just not allowed: 1 When I send encrypted email to myself it is automatically unencrypted and readable. I would prefer that any encrypted email I receive forces me to enter my private password every time. Can I configure this? 2 I would like to set Tbird to automatically encrypt all emails to an address I have the public key for. however It looks as if I can only set 'encrypt all' or 'don't encrypt' which means I need to manually select for each email or have to set as 'encrypt all' and then get message for almost all recipients that they don't have public key etc. Advice appreciated.

Chosen solution

Thanks for that. Seems a bit odd but definitely good to know!

Thought the encrypt suggestion for a recipient with keys would be a more proactive popup but again thanks for pointing that out.

Read this answer in context 👍 0

All Replies (4)

more options
When I send encrypted email to myself ...

S/MIME or OpenPGP encrypted?

I would prefer that any encrypted email I receive forces me to enter my private password every time.

What private password exactly?

Thunderbird does have a primary password. Did you set the primary password?

I would like to set Tbird to automatically encrypt all emails to an address I have the public key for.

If using OpenPGP Thunderbird will offer to turn on encryption for the message if a public key is found for each recipient. So this is semi-automatic. Due to a number of edge cases there is now fully automated mechanism to turn on encryption or not. In general the semi-automatic mechanism also exists for S/MIME, but is currently still disabled due to another problem.

Alternatively, if you want to always send OpenPGP encrypted messages to a fix group of recipients you can use the alias feature. https://wiki.mozilla.org/Thunderbird:OpenPGP:Aliases

more options

OpenPGP using keys I created when using GPG in Outlook. The private password to unencrypt the email. When I used Outlook it required me to enter my GPG password every time I wanted to view an encrypted email. while Tbird just seems to auto decrypt any email and so anyone who had access to my Tbird would be able to read my emails. Did not set primary password to Tbird. Only wanted that level of security for encrypted emails.

Just sent test email to user for whom OpenPGP manager shows their public key. It did not suggest encryption and email went direct unencrypted.

And could read email in sent items folder.

more options
The private password to unencrypt the email.

So I suppose you're talking about the passphrase protecting the private key when using gpg.

Tbird just seems to auto decrypt any email and so anyone who had access to my Tbird would be able to read my emails.

Since Thunderbird does not use gpg, private keys in Thunderbird are protected by the primary password. It is therefore highly recommended to set a primary password. Otherwise private keys are unprotected, and the behavior is as you stated. https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq#w_how-is-my-personal-key-protected

The difference to gpg is that you're prompted for the primary password only once upon Thunderbird startup. Note, the primary password also protects the account passwords. If you haven't set a primary password until now, your account passwords were unprotected all the time.

It did not suggest encryption and email went direct unencrypted.

TB automatically shows a message at the bottom of the Write window if there are public keys available for all recipients - see screenshot below.

Modified by christ1

more options

Chosen Solution

Thanks for that. Seems a bit odd but definitely good to know!

Thought the encrypt suggestion for a recipient with keys would be a more proactive popup but again thanks for pointing that out.