Unsafe properties of OpenPGP keys might be ignored
Revision Information
- Revision id: 242717
- Created:
- Creator: thomas8
- Comment: Rework article structure and language.
- Reviewed: Yes
- Reviewed:
- Reviewed by: wsmwk
- Is approved? Yes
- Is current revision? No
- Ready for localization: Yes
- Readied for localization:
- Readied for localization by: wsmwk
Revision Source
Revision Content
When processing OpenPGP keys, Thunderbird ignores key properties that were created using unsafe mechanisms.
Signatures created with outdated OpenPGP software may be based on unsafe algorithms. From version 91.8.0 onwards, Thunderbird no longer accepts OpenPGP signatures involving unsafe algorithms like the SHA-1 hash algorithm and created after 2019-01-15. This applies to signatures of OpenPGP messages as well as signatures of modified OpenPGP keys.
For example, if a key owner has updated the expiration date property of an OpenPGP key, the modification involves a signature that is added to the OpenPGP key. Thunderbird will ignore unsafe key signatures and may report the OpenPGP key as expired, or not show some properties of the key.
To address this problem, the key owner should update to the latest version of their OpenPGP software, repeat the key modifications, and then share the updated public key. Some software may require an updated configuration to ensure that modern algorithms are used when modifying keys.