This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Èròjà atẹ̀lélànà yii ni a ti fi pamọ́ fọ́jọ́ pípẹ́. Jọ̀wọ́ béèrè ìbéèrè titun bí o bá nílò ìrànwọ́.

TB 102.2.2 generates pgp key pairs without passphrase

  • 3 àwọn èsì
  • 0 ní àwọn ìṣòro yìí
  • 6 views
  • Èsì tí ó kẹ́hìn lọ́wọ́ christ1

more options

When I generate a new pgp key pair in Thunderbird, that seems to work, but it never asks for a passphrase and just pretends I now had a working private and public key. I tried it with different email addresses - always the same.

Since I have just upgraded to Ubuntu 22.04 and everything freshly installed, I also imported all the public keys I had to Thunderbird, wich worked well. As I tried to send an encrypted test email with my new strange key pair, thunderbird didn't allow me to use encryption on the email - which I found a bit relieving, since I was having a private key that you don't even need a passphrase for... I have immediately revoked and deleted the new key pairs.

Is that a bug in Thunderbird or am I missing something? I have been using pgp for years, so now I am a bit confused...

When I generate a new pgp key pair in Thunderbird, that seems to work, but it never asks for a passphrase and just pretends I now had a working private and public key. I tried it with different email addresses - always the same. Since I have just upgraded to Ubuntu 22.04 and everything freshly installed, I also imported all the public keys I had to Thunderbird, wich worked well. As I tried to send an encrypted test email with my new strange key pair, thunderbird didn't allow me to use encryption on the email - which I found a bit relieving, since I was having a private key that you don't even need a passphrase for... I have immediately revoked and deleted the new key pairs. Is that a bug in Thunderbird or am I missing something? I have been using pgp for years, so now I am a bit confused...

All Replies (3)

more options
When I generate a new pgp key pair in Thunderbird, that seems to work, but it never asks for a passphrase and just pretends I now had a working private and public key.

That is the way it works. The private key is protected by the primary password, assuming you set one in the first place. If you didn't, it is highly recommended to do so. https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq#w_how-is-my-personal-key-protected

As I tried to send an encrypted test email with my new strange key pair, thunderbird didn't allow me to use encryption on the email

I don't understand what that means. You'd need to be more specific about that, what you did, and what happened. Also see https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq#w_what-is-needed-to-send-an-encrypted-message

I have immediately revoked and deleted the new key pairs.

I'm not sure what you were trying to achieve with this.

Ti ṣàtúnṣe nípa christ1

more options

Thanks for your reply!

<q>The private key is protected by the primary password, assuming you set one in the first place.</q>

That seems to be new though. In the last version of TB that I used, the primary password was "just" supposed to protect my mail-accounts' passwords, as the according Mozilla Support page is also still saying: https://support.mozilla.org/en-US/kb/protect-your-thunderbird-passwords-primary-password

Additionally, in that previous version, whenever I generated a new key pair, I had to set a passphrase for each specific key pair. And whenever I received an encrypted email, I had to enter that passphrase (not the 'primary password') to decrypt the email. So, as I understand, that specific pgp passphrase does not exist anymore in the current TB version?

The second thing I mentioned seems to be another topic (first I thought it was connected to this one), so I will leave it out of here for now.

more options
That seems to be new though.

Not really. Thunderbird OpenPGP has been introduced in v78. That was more than a year ago.

Additionally, in that previous version, whenever I generated a new key pair, I had to set a passphrase for each specific key pair.

If that 'previous version' was v68, then you're right. There was the Enigmail add-on providing a GUI for key management, and keys were stored in the gnupg keyring. Starting with TB78, things have changed. https://wiki.mozilla.org/Thunderbird:OpenPGP:Migration-From-Enigmail#GnuPG_vs._RNP_and_key_storage

as I understand, that specific pgp passphrase does not exist anymore in the current TB version?

Things are working different now. Please check the link to the FAQ (already posted above). https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq#w_how-is-my-personal-key-protected

There is a ton of information and documentation available for Thunderbird OpenPGP. The FAQ should be a good start.

Ti ṣàtúnṣe nípa christ1