Prerequisite for sending an encrypted email message

<!-- This article is used as context-help, opened when clicking a learn-more link from inside Thunderbird's OpenPGP Key Assistant. Please keep the primary focus of the article. See also https://bugzilla.mozilla.org/show_bug.cgi?id=1773720 --> If you attempt to send an email with enabled End-To-End Encryption (e2ee), Thunderbird may report that it cannot encrypt the message. Typical reasons are: * you haven't yet configured your account or identity for e2ee * the OpenPGP personal key that you had configured has expired, or you have revoked or deleted it * the S/MIME personal certificate that you had configured has expired, or you have revoked or deleted it * for an OpenPGP email, you are missing the OpenPGP public key for at least one recipient, or you haven't yet accepted the public key for at least one recipient * for an S/MIME email, you are missing the S/MIME certificate for at least one recipient == Configure your account or identity for e2ee == Several steps are necessary for sending an encrypted email, some steps need to be done by yourself, and some steps need to be done by your correspondents. Each person who wants to participate in encrypted email conversations must ensure that they own proper cryptographic keys for themselves. This article assumes that you have already completed the steps to [https://support.mozilla.org/kb/thunderbird-help-setup-account-e2ee configure your own email account to use End-To-End Encryption]. Your correspondents also must complete those steps in Thunderbird, or equivalent steps if your correspondents use software other than Thunderbird. If you don't yet understand how email encryption technology works in general, you might want to read the article [https://support.mozilla.org/kb/introduction-to-e2e-encryption Introduction to End-to-end encryption in Thunderbird] Thunderbird stores all the secret keys that you have created or imported from your own backup, and it also stores all the public keys of other people that you have imported. You may review the list of keys using Thunderbird's OpenPGP Key Manager. == Obtaining public keys or certificates of your correspondents == To encrypt an email you send, you must have a copy of the OpenPGP public key or S/MIME certificate of each email recipient. In other words, if Alice doesn't have Bob's public key or certificate, then Alice cannot send an encrypted email to Bob. Note that Thunderbird cannot send email with mixed technology. If you send an encryption email with the OpenPGP technology, then you must have OpenPGP public keys for all recipients. If you send an encrypted email with the S/MIME technology, you must have S/MIME certificates for all recipients. === Obtaining OpenPGP public keys of correspondents === The following mechanisms can be used to obtain an OpenPGP public key: * Your correspondent sends an email to you, and they attach their public key to that email. When viewing such an email, if you click the OpenPGP label shown in the header area, Thunderbird will offer you to import the key. * Your correspondent sends an email to you, which includes an Autocrypt header containing their public key. When viewing such an email, if you click the OpenPGP label shown in the header area, Thunderbird will offer you to import the key. * Your correspondent has published their public key on a web server. Your correspondent may give you a link to their public key. Or you might use a web search and find the key yourself. In both causes you download the public key to a local file, and then use Thunderbird's OpenPGP Key Manager to import the file containing the public key. * Your correspondent has published their public key on a server that uses the WKD protocol. When attempting to send an encrypted email, but you don't have a public key for an email address yet, Thunderbird may offer you to perform an online discovery, which is able to find public keys published using the WKD protocol. * Your correspondent has published their public key on a keyserver that Thunderbird supports, such as the keys.openpgp.org server. When attempting to send an encrypted email, but you don't have a public key for an email address yet, Thunderbird may offer you to perform an online discovery, which is able to find public keys published on that keyserver. * Your correspondent has published their public key in a keyserver that Thunderbird isn't yet able to query automatically. If your correspondent tells you which keyserver contains their key, you might be able to use a web browser to visit that keyserver, search for their public key, download it to a file, and then import that file using Thunderbird's OpenPGP Key Manager. If you and Thunderbird cannot find the key automatically, it's usually easiest to send a simple email (without encryption) to your correspondent, and ask them to send an email to you that contains your public key. With Thunderbird versions 78 and 91, if you received an email with a correspondent's key, it was necessary to interact with that email to import the key, either by using the right click menu on an attachment and asking to import it, or by clicking the OpenPGP label, which may report that the email contains a public key and may offer to import it. With Thunderbird versions 102 and newer, Thunderbird will automtically collect keys it sees in a cache for later use. When composing an email, and the correpondent's public key is not yet imported, then Thunderbird may be able to automatically offer you to use public keys that Thunderbird has collected from emails. === Obtaining S/MIME certificates of correspondents === The standard way of distributing a person's certificate is to send a digitally signed email. If you have received a signed email from your correspondent, click the email to view it. If Thunderbird considers the email's signature and the sender's certificate valid, it will be automatically imported, and it will be available when you attempt to encrypt an email to that correspondent using the S/MIME technology. If you don't have a signed email from your correspondent yet, you could ask them to send a digitally signed email to you. Note that certificates issued by CAs may have a short validity period. Certificates are no longer usable after the validity period has passed. Once that happens, you need to ask your correspondent to send you a fresh digitally signed email. Your correspondent might be required to obtain a new certificate, if they haven't yet, before they will be able to send you a new digitally signed email with a valid certificate. Organizations that operate an LDAP server may configure their server to store S/MIME certificates. If an LDAP server is configured, Thunderbird may automatically query the LDAP server if it needs to obtain an S/MIME certificate. == Technical Validity == Thunderbird only uses keys and certificates that it considers technically valid. Thunderbird requires that an OpenPGP key contains at least one valid primary or subordinate key usable for creating digital signatures, and at least one key usable for encryption. Thunderbird may refuse to use OpenPGP keys that are corrupted, or that are based on cryptographic algorithms that Thunderbird considers to be unsafe. An OpenPGP public key has an inner structure, it may contain several subordinate keys, and it also contains properties, such as the validity period and the related user names and email addresses. Such properties may be added, removed or updated. To ensure that properties were really modified by the legitimate owner of the key, the properties are digitally signed using the owner's secret key. Each digital signature uses a signature algorithm. Thunderbird may ignore properties that are based on unsafe signature algorithms. If you have obtained someone's public key, and Thunderbird refuses to import or use it, or after importing it the key appears to lack certain properties, or it has an unexpected validity period, the key might contain unsafe properties that Thunderbird decided to reject and ignore. == Matching email address == In order to use an OpenPGP public key or S/MIME certificate for sending an encrypted email to an email address, Thunderbird usually requires that the inner structure of the key or certificate lists the exactly matching email address. It allows Thunderbird to automatically decide if a public key or certificate can be used for an email address. In other words, if Alice wants to send encrypted email to bob@example.com, she needs an OpenPGP public key or S/MIME certificate that claims to be for that email address. A key or certificate claiming to be for bobby@example.com isn't used. If Alice really wanted to use the public key or certificate listing bobby@example.com for sending email to bob@example.com, then Alice would have to have additional knowledge about Bob's email addresses, which aren't obvious. Bob would have to ask Alice to use that key despite the email address mismatch. Alice would have to ask Thunderbird to use the public key or certificate despite the mismatch. This is considered an advanced scenario, which some users might be required to use, but which most users don't need. Thunderbird currently doesn't offer an interactive solution for this. However, because some expert users have requested support for using mismatching OpenPGP public keys, Thunderbird is offering an advanced configuration mechanism, which is documented in the article [https://support.mozilla.org/kb/thunderbird-help-openpgp-alias Thunderbird and OpenPGP Alias Keys]. == Accepting == If you have a obtained an OpenPGP public key, and the key claims to be in the name of your correspondent, and contains your correspondent's email address, there's still a risk that it isn't ''the right key''. The risk is described in detail in the article [https://support.mozilla.org/kb/thunderbird-help-openpgp-counterfeit-key OpenPGP keys might be authentic or counterfeit] Because of this risk, Thunderbird doesn't use OpenPGP public keys automatically. Rather, for each public key you'd like to use, you are required to confirm that the key is acceptable for you, as described in the above article. In other words, if Alice has obtained an OpenPGP public key that lists the email address bob@example.com, and Alice attempts to send an encrypted email to bob@example.com, Thunderbird might complain that there's no ''accepted'' key for Bob yet. Alice must follow the guidance offered on screen to review the key or keys that are available for bob@example.com, she should review it, she should ideally verify it, and she needs to mark the key as accepted. For S/MIME, technically valid certificates that are signed by a CA that has been included in Thunderbird according based on the [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ Mozilla Root Store Policy] will automatically be accepted by Thunderbird for sending encrypted email to the address listed in the certificate.

If you attempt to send an email with enabled End-To-End Encryption (e2ee), Thunderbird may report that it cannot encrypt the message.

Typical reasons are:

• you haven't yet configured your account or identity for e2ee
• the OpenPGP personal key that you had configured has expired, or you have revoked or deleted it
• the S/MIME personal certificate that you had configured has expired, or you have revoked or deleted it
• for an OpenPGP email, you are missing the OpenPGP public key for at least one recipient, or you haven't yet accepted the public key for at least one recipient
• for an S/MIME email, you are missing the S/MIME certificate for at least one recipient

Configure your account or identity for e2ee

Several steps are necessary for sending an encrypted email, some steps need to be done by yourself, and some steps need to be done by your correspondents.

Each person who wants to participate in encrypted email conversations must ensure that they own proper cryptographic keys for themselves.

This article assumes that you have already completed the steps to configure your own email account to use End-To-End Encryption.

Your correspondents also must complete those steps in Thunderbird, or equivalent steps if your correspondents use software other than Thunderbird.

If you don't yet understand how email encryption technology works in general, you might want to read the article Introduction to End-to-end encryption in Thunderbird

Thunderbird stores all the secret keys that you have created or imported from your own backup, and it also stores all the public keys of other people that you have imported. You may review the list of keys using Thunderbird's OpenPGP Key Manager.

Obtaining public keys or certificates of your correspondents

To encrypt an email you send, you must have a copy of the OpenPGP public key or S/MIME certificate of each email recipient.

In other words, if Alice doesn't have Bob's public key or certificate, then Alice cannot send an encrypted email to Bob.

Note that Thunderbird cannot send email with mixed technology. If you send an encryption email with the OpenPGP technology, then you must have OpenPGP public keys for all recipients. If you send an encrypted email with the S/MIME technology, you must have S/MIME certificates for all recipients.

Obtaining OpenPGP public keys of correspondents

The following mechanisms can be used to obtain an OpenPGP public key:

• Your correspondent sends an email to you, and they attach their public key to that email. When viewing such an email, if you click the OpenPGP label shown in the header area, Thunderbird will offer you to import the key.
• Your correspondent sends an email to you, which includes an Autocrypt header containing their public key. When viewing such an email, if you click the OpenPGP label shown in the header area, Thunderbird will offer you to import the key.
• Your correspondent has published their public key on a web server. Your correspondent may give you a link to their public key. Or you might use a web search and find the key yourself. In both causes you download the public key to a local file, and then use Thunderbird's OpenPGP Key Manager to import the file containing the public key.
• Your correspondent has published their public key on a server that uses the WKD protocol. When attempting to send an encrypted email, but you don't have a public key for an email address yet, Thunderbird may offer you to perform an online discovery, which is able to find public keys published using the WKD protocol.
• Your correspondent has published their public key on a keyserver that Thunderbird supports, such as the keys.openpgp.org server. When attempting to send an encrypted email, but you don't have a public key for an email address yet, Thunderbird may offer you to perform an online discovery, which is able to find public keys published on that keyserver.
• Your correspondent has published their public key in a keyserver that Thunderbird isn't yet able to query automatically. If your correspondent tells you which keyserver contains their key, you might be able to use a web browser to visit that keyserver, search for their public key, download it to a file, and then import that file using Thunderbird's OpenPGP Key Manager.

If you and Thunderbird cannot find the key automatically, it's usually easiest to send a simple email (without encryption) to your correspondent, and ask them to send an email to you that contains your public key.

With Thunderbird versions 78 and 91, if you received an email with a correspondent's key, it was necessary to interact with that email to import the key, either by using the right click menu on an attachment and asking to import it, or by clicking the OpenPGP label, which may report that the email contains a public key and may offer to import it.

With Thunderbird versions 102 and newer, Thunderbird will automtically collect keys it sees in a cache for later use. When composing an email, and the correpondent's public key is not yet imported, then Thunderbird may be able to automatically offer you to use public keys that Thunderbird has collected from emails.

Obtaining S/MIME certificates of correspondents

The standard way of distributing a person's certificate is to send a digitally signed email. If you have received a signed email from your correspondent, click the email to view it. If Thunderbird considers the email's signature and the sender's certificate valid, it will be automatically imported, and it will be available when you attempt to encrypt an email to that correspondent using the S/MIME technology. If you don't have a signed email from your correspondent yet, you could ask them to send a digitally signed email to you.

Note that certificates issued by CAs may have a short validity period. Certificates are no longer usable after the validity period has passed. Once that happens, you need to ask your correspondent to send you a fresh digitally signed email. Your correspondent might be required to obtain a new certificate, if they haven't yet, before they will be able to send you a new digitally signed email with a valid certificate.

Organizations that operate an LDAP server may configure their server to store S/MIME certificates. If an LDAP server is configured, Thunderbird may automatically query the LDAP server if it needs to obtain an S/MIME certificate.

Technical Validity

Thunderbird only uses keys and certificates that it considers technically valid.

Thunderbird requires that an OpenPGP key contains at least one valid primary or subordinate key usable for creating digital signatures, and at least one key usable for encryption.

Thunderbird may refuse to use OpenPGP keys that are corrupted, or that are based on cryptographic algorithms that Thunderbird considers to be unsafe.

An OpenPGP public key has an inner structure, it may contain several subordinate keys, and it also contains properties, such as the validity period and the related user names and email addresses. Such properties may be added, removed or updated. To ensure that properties were really modified by the legitimate owner of the key, the properties are digitally signed using the owner's secret key. Each digital signature uses a signature algorithm. Thunderbird may ignore properties that are based on unsafe signature algorithms.

If you have obtained someone's public key, and Thunderbird refuses to import or use it, or after importing it the key appears to lack certain properties, or it has an unexpected validity period, the key might contain unsafe properties that Thunderbird decided to reject and ignore.

Matching email address

In order to use an OpenPGP public key or S/MIME certificate for sending an encrypted email to an email address, Thunderbird usually requires that the inner structure of the key or certificate lists the exactly matching email address. It allows Thunderbird to automatically decide if a public key or certificate can be used for an email address.

In other words, if Alice wants to send encrypted email to bob@example.com, she needs an OpenPGP public key or S/MIME certificate that claims to be for that email address. A key or certificate claiming to be for bobby@example.com isn't used.

If Alice really wanted to use the public key or certificate listing bobby@example.com for sending email to bob@example.com, then Alice would have to have additional knowledge about Bob's email addresses, which aren't obvious. Bob would have to ask Alice to use that key despite the email address mismatch. Alice would have to ask Thunderbird to use the public key or certificate despite the mismatch.

This is considered an advanced scenario, which some users might be required to use, but which most users don't need. Thunderbird currently doesn't offer an interactive solution for this.

However, because some expert users have requested support for using mismatching OpenPGP public keys, Thunderbird is offering an advanced configuration mechanism, which is documented in the article Thunderbird and OpenPGP Alias Keys.

Accepting

If you have a obtained an OpenPGP public key, and the key claims to be in the name of your correspondent, and contains your correspondent's email address, there's still a risk that it isn't the right key. The risk is described in detail in the article OpenPGP keys might be authentic or counterfeit

Because of this risk, Thunderbird doesn't use OpenPGP public keys automatically. Rather, for each public key you'd like to use, you are required to confirm that the key is acceptable for you, as described in the above article.

In other words, if Alice has obtained an OpenPGP public key that lists the email address bob@example.com, and Alice attempts to send an encrypted email to bob@example.com, Thunderbird might complain that there's no accepted key for Bob yet. Alice must follow the guidance offered on screen to review the key or keys that are available for bob@example.com, she should review it, she should ideally verify it, and she needs to mark the key as accepted.

For S/MIME, technically valid certificates that are signed by a CA that has been included in Thunderbird according based on the Mozilla Root Store Policy will automatically be accepted by Thunderbird for sending encrypted email to the address listed in the certificate.