Re: Thunderbird / enigmail

["D. R. Evans" <doc.evans@gmail.com>]

Greg Marks wrote on 10/21/20 5:23 PM:
> > > I had no problems transitioning from Enigmail to Thunderbird 78.3.1,
> > > which has removed Enigmail.  With an existing GPG installation, it
> > > was necessary to run the command "gpg --export-secret-keys --armor >
> > > private_key.asc" for importation into Thunderbird.  Then in Thunderbird,
> > > clicking the main account header in the side panel brings up a link
> > > "End-to-end encryption."  This brings up "Account Settings," toward the
> > > bottom of which is an "End-To-End Encryption" header.  From here one can
> > > enable OpenPGP by importing the "private_key.asc" file created earlier.
> >
> > OK, but how do I create a sticky setting that tells TB to use encryption?
> >
> > If I go to "Account Settings | End-to-End Encryption" I can select and add a
> > key to an account. But there doesn't seem to be a "save" function, and as
> > soon as I leave the settings page, the setting reverts to "None - do not use
> > OpenPGP for this identity".
>
> The first step is not exactly adding a key to an account.  The first
> step is importing a private GPG key stored on your computer for use in
> Thunderbird; this key can then be used (or not) with any e-mail account
> you are accessing via Thunderbird.  (For example, you might access both
> a work e-mail account and a personal e-mail account in Thunderbird.)
>
> I'll try to elaborate on my previous message with more details.
> I'm assuming you have an existing GPG key stored in the subdirectory
> ~/.gnupg of your home directory and have run the command "gpg
> --export-secret-keys --armor > private_key.asc" already.
>
> 1. In Thunderbird, under Account Settings --> End-to-End Encryption,"
> under the "OpenPGP" section, initially it will say, "Thunderbird doesn't
> have a personal OpenPGP key for [your e-mail address]."  Next to that
> message is a button "Add Key."

Yep; that's what I did.

> 2. Clicking on that button opens a new window with the message, "If you
> have an existing personal key for this email address, you should import
> it.  Otherwise you will not have access to your archives of encrypted
> emails, nor be able to read incoming encrypted emails from people
> who are still using your existing key."  You will be able to select
> either "Create a new OpenPGP Key" or "Import an existing OpenPGP Key."
> Select "Import an existing OpenPGP Key" and click "Continue."

Yep; that's what I did.

> 3. In the next window that opens, click "Select File to Import" and
> select the file "private_key.asc" created earlier.

Yep; that's what I did.

> 4. A new window will open that should have a message at the top saying
> (in my case) "Thunderbird found 2 keys that can be imported"; each will
> be listed with its ID, e-mail address, and a box you can check saying
> "Treat this key as a Personal Key."  (In my case, I selected my most
> recent key, the earlier one having been revoked.)  Click "Continue."
> You'll be asked to enter the passphrase used to decrypt access to
> your private key on your machine.  Then a window should open with a
> green highlighted message saying "OpenPGP Keys successfully imported!"
> Each key will be listed with a button "Key Properties."

Yep; that's what I did.

> 5. At the bottom of the window there will be a message, "To start using
> your imported OpenPGP key for email encryption, close this dialog and
> access your Account Settings to select it."  Click Continue.  Then,
> on the Account Settings --> End-to-End Encryption screen, deselect
> "None" and select the ID of the OpenPGP key.

Yep; that's what I did. That's the thing that I don't know how to make sticky. 
Merely selecting the ID doesn't seem to do anything except that the marked 
radio button switches from "None" to the key ID. If I leave that screen and 
return to it, the "None" radio button is marked again.

> 6. At the bottom of the page you can select default settings for sending
> messages: whether to encrypt by default, whether to digitally sign
> be default.  If you are using Thunderbird to access multiple accounts,
> you will set these options on the "Account Settings --> End-to-End
> Encryption" page for each account.

Nope; they remain greyed out, even after step 5.

> 7. Quit Thunderbird and restart it.  (This step is probably unnecessary
> but couldn't hurt.)

I'm afraid that that doesn't help. I still can't use encryption, and when I go 
back to the e2ee screen under the account settings, "None" is selected, not 
the key I previously selected.

> So far as I can tell, account settings in Thunderbird are sticky
> by default.  If I go to Account Settings (accessible under the "Edit"
> drop-down menu of Thunderbird), change an option, and then simply close
> the "Account Settings" tab, the option stays as I set it until I change
> it again by reopening Account Settings.  

They seems to be sticky here, except for the choice of key. Or, to be more 
precise, the choice of key never seems actually to enable any functionality, 
so I suspect that TB is somehow thinking that I still haven't selected a key, 
even though the radio button is definitely consistent with having done so.

> Once you've imported your GPG
> private keys, they should be usable in any account you're accessing in
> Thunderbird.  This can be checked under "Tools --> OpenPGP Key Manager,"
> which will open a window showing the private keys you've imported.
> Highlighting one of them and clicking "View --> Key Properties" will
> show information about the key (fingerprint, etc.); under "Type" it
> should read "key pair (secret key and public key)."

Yep; I confirm all that.

  Doc

--
Web:  http://enginehousebooks.com/drevans