Unsafe properties of OpenPGP keys might be ignored

When viewing the details of an OpenPGP key in Thunderbird, a warning might be shown that the key contains unsafe properties. This article explains the meaning of the warning. ==Background== OpenPGP uses private and public keys, which contain properties such as usernames, email addresses, additional sub keys, validity and expiration information, and more. These properties of a key use digital signatures, to proof that these properties were really added or changed by the owner of the key, and not by someone else. A digital signature uses cryptographic technology that combines multiple algorithms, in order to produce a proof that cannot be easily falsified. Because computers get more powerful over time, algorithms that were once consided secure in the past, may no longer be considered secure today. An example is the [https://en.wikipedia.org/wiki/SHA-1 SHA-1 hash algorithm]. Nowdays, it is recommended that it is no longer used, because certain attacks on the algorithm are possible. Despite this recommendation being several years old, some users might not be aware, and might still use old OpenPGP software, or might use a software configuration that causes the use SHA-1. For example, if a key owner has updated the expiration date property of an OpenPGP key, the modification involves a signature that is added to the OpenPGP key. == Thunderbird 91.8.0 == Thunderbird versions 91.8.0 and 91.8.1 contained a change to reject signatures that involve unsafe algorithms, depending on when a signature was made. Signatures that use SHA-1 were rejected if they were created after mid January 2019. After the release several users reported that they were no longer able to use affected OpenPGP keys, and the numbers of reports was was higher than the developers had anticipated. Based on our analysis, SHA-1 was involved in all reported scenarios. == Thunderbird 91.9.0 == To allow more time for the transition away from SHA-1, Thunderbird version 91.9.0 has been changed to be less strict than 91.8.0. In 91.9.0 SHA-1 signatures will work on properties of OpenPGP keys, and for signatures on key revocations. Therefore, affected users will be able to use their key with Thunderbird until SHA-1 is fully deprecated in a future version. However, other unsafe algorithms will continue be rejected, and SHA-1 will also continue to be rejected for signatures of email messages created after mid January 2019. == Future Thunderbird version == The Thunderbird developers still intend to fully reject the use of SHA-1 in OpenPGP keys in the future, but it has been decided that more time is required for the transition period, and that Thunderbird also should implement changes to assist users in the required transition. If you are managing your OpenPGP secret key with Thunderbird, then a future version of Thunderbird will help you to upgrade your key. == Other software == Other OpenPGP software might already reject a key based on these unsafe properties, or might do so in the future. If you see this warning for the public key of one of your correspondents, you should ask them to either upgrade their key to no longer use SHA-1, or to switch to a new key.

When viewing the details of an OpenPGP key in Thunderbird, a warning might be shown that the key contains unsafe properties. This article explains the meaning of the warning.

Background

OpenPGP uses private and public keys, which contain properties such as usernames, email addresses, additional sub keys, validity and expiration information, and more. These properties of a key use digital signatures, to proof that these properties were really added or changed by the owner of the key, and not by someone else.

A digital signature uses cryptographic technology that combines multiple algorithms, in order to produce a proof that cannot be easily falsified. Because computers get more powerful over time, algorithms that were once consided secure in the past, may no longer be considered secure today.

An example is the SHA-1 hash algorithm. Nowdays, it is recommended that it is no longer used, because certain attacks on the algorithm are possible.

Despite this recommendation being several years old, some users might not be aware, and might still use old OpenPGP software, or might use a software configuration that causes the use SHA-1.

For example, if a key owner has updated the expiration date property of an OpenPGP key, the modification involves a signature that is added to the OpenPGP key.

Thunderbird 91.8.0

Thunderbird versions 91.8.0 and 91.8.1 contained a change to reject signatures that involve unsafe algorithms, depending on when a signature was made. Signatures that use SHA-1 were rejected if they were created after mid January 2019.

After the release several users reported that they were no longer able to use affected OpenPGP keys, and the numbers of reports was was higher than the developers had anticipated. Based on our analysis, SHA-1 was involved in all reported scenarios.

Thunderbird 91.9.0

To allow more time for the transition away from SHA-1, Thunderbird version 91.9.0 has been changed to be less strict than 91.8.0. In 91.9.0 SHA-1 signatures will work on properties of OpenPGP keys, and for signatures on key revocations. Therefore, affected users will be able to use their key with Thunderbird until SHA-1 is fully deprecated in a future version.

However, other unsafe algorithms will continue be rejected, and SHA-1 will also continue to be rejected for signatures of email messages created after mid January 2019.

Future Thunderbird version

The Thunderbird developers still intend to fully reject the use of SHA-1 in OpenPGP keys in the future, but it has been decided that more time is required for the transition period, and that Thunderbird also should implement changes to assist users in the required transition.

If you are managing your OpenPGP secret key with Thunderbird, then a future version of Thunderbird will help you to upgrade your key.

Other software

Other OpenPGP software might already reject a key based on these unsafe properties, or might do so in the future.

If you see this warning for the public key of one of your correspondents, you should ask them to either upgrade their key to no longer use SHA-1, or to switch to a new key.