Thunderbird and OpenPGP Alias Keys
Revision Information
- Revision id: 246211
- Created:
- Creator: Kai Engert
- Comment: initial version, will shortly be improved further
- Reviewed: Yes
- Reviewed:
- Reviewed by: wsmwk
- Is approved? Yes
- Is current revision? No
- Ready for localization: No
Revision Source
Revision Content
The Thunderbird OpenPGP Alias Keys feature
When sending an encrypted email with OpenPGP encryption, Thunderbird requires that you have an accepted and usable public key for each recipient.
An OpenPGP public key consists of several attributes, including technical key material, a validity period and one or multiple user identities. A user identity may contain a name and an email address.
To encrypt an email for a recipient, Thunderbird usually requires an OpenPGP public key that contains a matching email address.
In some scenarios you may need to use a public key that doesn't contain a matching email address. For example, a company might have published only a single public key that doesn't contain any specific email address. The public key might be intended for sending encrypted email to any employee of the company. When receiving an email that was encrypted with that key, the company might then decrypt the email, and then forward the decrypted email to the intended recipient. While this isn't complete End-To-End Encryption, at least the email will be encrypted while passing through the public Internet, until it arrives at the company's email server.
At the time of writing this article, the only way to send an encrypted email using a key that lacks a matching email address is by using an advanced configuration mechanism, the OpenPGP Alias Keys feature.