TB 102.2.2 generates pgp key pairs without passphrase
When I generate a new pgp key pair in Thunderbird, that seems to work, but it never asks for a passphrase and just pretends I now had a working private and public key. I tried it with different email addresses - always the same.
Since I have just upgraded to Ubuntu 22.04 and everything freshly installed, I also imported all the public keys I had to Thunderbird, wich worked well. As I tried to send an encrypted test email with my new strange key pair, thunderbird didn't allow me to use encryption on the email - which I found a bit relieving, since I was having a private key that you don't even need a passphrase for... I have immediately revoked and deleted the new key pairs.
Is that a bug in Thunderbird or am I missing something? I have been using pgp for years, so now I am a bit confused...
All Replies (3)
When I generate a new pgp key pair in Thunderbird, that seems to work, but it never asks for a passphrase and just pretends I now had a working private and public key.
That is the way it works. The private key is protected by the primary password, assuming you set one in the first place. If you didn't, it is highly recommended to do so. https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq#w_how-is-my-personal-key-protected
As I tried to send an encrypted test email with my new strange key pair, thunderbird didn't allow me to use encryption on the email
I don't understand what that means. You'd need to be more specific about that, what you did, and what happened. Also see https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq#w_what-is-needed-to-send-an-encrypted-message
I have immediately revoked and deleted the new key pairs.
I'm not sure what you were trying to achieve with this.
Ti ṣàtúnṣe
Thanks for your reply!
<q>The private key is protected by the primary password, assuming you set one in the first place.</q>
That seems to be new though. In the last version of TB that I used, the primary password was "just" supposed to protect my mail-accounts' passwords, as the according Mozilla Support page is also still saying: https://support.mozilla.org/en-US/kb/protect-your-thunderbird-passwords-primary-password
Additionally, in that previous version, whenever I generated a new key pair, I had to set a passphrase for each specific key pair. And whenever I received an encrypted email, I had to enter that passphrase (not the 'primary password') to decrypt the email. So, as I understand, that specific pgp passphrase does not exist anymore in the current TB version?
The second thing I mentioned seems to be another topic (first I thought it was connected to this one), so I will leave it out of here for now.
That seems to be new though.
Not really. Thunderbird OpenPGP has been introduced in v78. That was more than a year ago.
Additionally, in that previous version, whenever I generated a new key pair, I had to set a passphrase for each specific key pair.
If that 'previous version' was v68, then you're right. There was the Enigmail add-on providing a GUI for key management, and keys were stored in the gnupg keyring. Starting with TB78, things have changed. https://wiki.mozilla.org/Thunderbird:OpenPGP:Migration-From-Enigmail#GnuPG_vs._RNP_and_key_storage
as I understand, that specific pgp passphrase does not exist anymore in the current TB version?
Things are working different now. Please check the link to the FAQ (already posted above). https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq#w_how-is-my-personal-key-protected
There is a ton of information and documentation available for Thunderbird OpenPGP. The FAQ should be a good start.
Ti ṣàtúnṣe