Hello Eli, > There is an advanced option for Thunderbird to delegate to an external > GnuPG installation to perform secret key operations Is there a detailed description with some screenshots how we can use and configure this behavior well?
Best regards, Bernhard Am 07.09.2020 um 22:04 schrieb Eli Schwartz: > On 9/7/20 3:57 PM, li...@datenritter.de wrote: >> Hi all, >> >> So, Thunderbird will finally implement OpenPGP. Great! \o/ >> >> Unfortunately, Mozilla as usual have their own way... /o\ >> >> TB will store PGP-Keys without encryption - unless you use a master >> password. Which... must be entered on every start anyway. >> >> One password for everything might seem comfortable, but doesn't that >> mean our keys will be kept in memory without any protection? Sounds like >> a terrible idea to keep sensitive information like this in a complex and >> most probably still buggy application like TB. >> >> Enigmail asks for pasphrases on demand and comes with a timeout option. >> Keys are protected by gpg, which also handles decryption, so it would >> never spit out any key data unless there's a bug in the pgp binary. With >> enigmail and gpg a memory leak in TB would not compromise your keys. Am >> I right? (Or is gpg executed in TB's address space?) >> >> Looks like a certain loss of security to me. >> >> Also, in the future we have to maintain two separate key storages, >> because TB has to have it's Extrawurst*. >> >> The web of trust is basically dead - but keysigning by all means is not. >> TB will replace enigmail before WoT functionality has been implemented. >> If ever. >> >> ATM, this is the scariest change to deal with in the FOSS world. >> Please tell me I got it all wrong. > There is an advanced option for Thunderbird to delegate to an external > GnuPG installation to perform secret key operations, which is needed to > handle smartcards but also permits storing your own private key in gpg. > > You'll still need to maintain public keys in Thunderbird's private > keystore, but the thing that gets protected with a password will be in > gpg and use the standard gpg unlock dialog. > > > _______________________________________________ > enigmail-users mailing list > enigmail-users@enigmail.net > To unsubscribe or make changes to your subscription click here: > https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
_______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net