Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

Цей вебсайт матиме обмежену функціональність, доки ми проводимо його обслуговування для поліпшення роботи. Якщо прочитана стаття не розв'язала вашу проблему і ви хочете поставити питання, наша спільнота підтримки з радістю допоможе вам на @FirefoxSupport у Twitter та /r/firefox на Reddit.

Шукати в статтях підтримки

Остерігайтеся нападів зловмисників. Mozilla ніколи не просить вас зателефонувати, надіслати номер телефону у повідомленні або поділитися з кимось особистими даними. Будь ласка, повідомте про підозрілі дії за допомогою меню “Повідомити про зловживання”

Докладніше

Ця тема перенесена в архів. Якщо вам потрібна допомога, запитайте.

Emails encryption in 78 vs Enigmail - does TB 78 decrypt and store the encrypted emails as plain text?

  • 6 відповідей
  • 1 має цю проблему
  • 11 переглядів
  • Остання відповідь від christ1

more options

Hi,

I have been a long time user of the Enigmail and I really like how it works: - when you receive an encrypted email it prompts you for your private key password. The password is cached for 5 mins or so. - when want to read older encrypted emails I had to enter the password again - which was fine with me - drafts were encrypted - if someone copies my profile at least they don't have access to my encrypted emails

All in all it's all about privacy & protection.

Now, I upgraded to 78. I use a master password. When I open TB, it prompts me to enter the master password, but I can choose to cancel. And I can still see all my emails including the encrypted emails!!!

If someone gets my profile they can see my encrypted emails as well.

Thunderbird seems to use my private keys without prompting me for password!

Who designed this behaviour?

Hi, I have been a long time user of the Enigmail and I really like how it works: - when you receive an encrypted email it prompts you for your private key password. The password is cached for 5 mins or so. - when want to read older encrypted emails I had to enter the password again - which was fine with me - drafts were encrypted - if someone copies my profile at least they don't have access to my encrypted emails All in all it's all about privacy & protection. Now, I upgraded to 78. I use a master password. When I open TB, it prompts me to enter the master password, but I can choose to cancel. And I can still see all my emails including the encrypted emails!!! If someone gets my profile they can see my encrypted emails as well. Thunderbird seems to use my private keys without prompting me for password! Who designed this behaviour?

Усі відповіді (6)

more options

I just checked more emails that I know I sent encrypted and TB decrypts them automatically even though I did not enter the master password!!!

At this point, if you are a user that uses email encryption I do not advise you to upgrade from 68.

more options

Also, note that you can't simply use version 68 against a profile used with 78. It doesn't work. Make sure you have a backup of your 68 profile. Fortunately I do have a backup and I am going to restore my profile from the backup and then install back 68.

more options

err as enigmail does not work at all either the addon or the built components in V78, how are you doing that? Last I heard there were no scheduled updates of earlier versions until V78.2 when it was expected that the enigmail/ PGP encryption would be implemented as an inbuilt process.

I have in recent weeks seen folks using third party "updater" applications getting new versions, as I have seen a few from Linux distributions that obviously only have automated updaters. But Thunderbird will not have prompted you to update to V78 on it's own as updates are turned off.

more options

I am using a mac, I downloaded the 78.1.1 dmg file and I installed it (it replaced version 68). Then I imported the private keys using Tools Migrate Enigmail Settings. I have 2 keys. It prompted me for password 4 times, the last two times it give me an error each time, but eventually it imported them successfully.

Now they keys are used to decrypt the emails even when I don't enter the master password which imo is very bad.

I don't know where the imported keys are stored exactly (do they encrypt the private key?) and whether the emails themselves are decrypted on the fly or their plain text version is stored locally once decrypted.

The enigmail model made a lot of sense to me, and I just don't get why we go backwards.

Anyway, I am going to downgrade tonight back to 68.

Змінено bogc

more options

IIRC I remember reading about a password issue. It will be resolved by an update of 78 and the Enigmail migrator.

more options

Could be this bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1656287

If so, follow the instructions in comment #20 to fix the problem.