Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Please ask a new question if you need help.

GPG keys became unavailable for use by Thunderbird

  • 3 replies
  • 0 have this problem
  • 14 views
  • Last reply by 1lemonsik

1lemonsik
1lemonsik
more options

Hi,

my situation was like so: I am using Thunderbird 102.6.0 under an up to date Fedora 36. I have an email account registered into Thunderbird. I have an RSA key with a passphrase added which I use to sign an decrypt as needed. I use a master password.

That was the situation before today. No update to Thunderbird have been made since the issue, nor to the system (afaik). I can not sign and decrypt messages anymore through Thunderbird. For instance, when I seek to send a signed email Thunderbird gives me a popup with: `Unable to send the message, because there is a problem with your personal key.`. Signature verification still works so at least Thunderbird can access my public key.

I go to the Thunderbird `Account Settings` and under `End-To-End Encryption` I see that the selected personal key radio button is greyed out. It says that the private is not available or readable (I dont remember, the message disappeared when I selected a radio button repenting an other key in the list...).

I check the Thunderbird OpenPGP manager and see that there is indeed a key for the email address associated to the account (see the attached picture).

This key pair is valid enough so that I can manually encrypt and decrypt using the `gpg` command (using a terminal, not under Thunderbird).

Any idea why Thunderbird forgot about the private key ?

Hi, my situation was like so: I am using Thunderbird 102.6.0 under an up to date Fedora 36. I have an email account registered into Thunderbird. I have an RSA key with a passphrase added which I use to sign an decrypt as needed. I use a master password. That was the situation before today. No update to Thunderbird have been made since the issue, nor to the system (afaik). I can not sign and decrypt messages anymore through Thunderbird. For instance, when I seek to send a signed email Thunderbird gives me a popup with: `Unable to send the message, because there is a problem with your personal key.`. Signature verification still works so at least Thunderbird can access my public key. I go to the Thunderbird `Account Settings` and under `End-To-End Encryption` I see that the selected personal key radio button is greyed out. It says that the private is not available or readable (I dont remember, the message disappeared when I selected a radio button repenting an other key in the list...). I check the Thunderbird OpenPGP manager and see that there is indeed a key for the email address associated to the account (see the attached picture). This key pair is valid enough so that I can manually encrypt and decrypt using the `gpg` command (using a terminal, not under Thunderbird). Any idea why Thunderbird forgot about the private key ?
Attached screenshots

All Replies (3)

1lemonsik
1lemonsik Question owner
more options

TLDR; Thunderbird forgot my private key.

Matt
Matt
  • Moderator
  • Top 10 Contributor
more options

Perhaps ask in the E2EE mailing list. https://thunderbird.topicbox.com/groups/e2ee

Looking there I do wonder if the certificate is signed with the no longer supported SHA1 or MD5.

IT could be a difference between PnuGP and the RNP library used in Thunderbird as the update to the RNP library to disallow things has not been implemented over a PnuGPhttps://blog.thunderbird.net/2022/05/openpgp-keys-and-sha-1/ Although I find the whole hting about as clear as mud really after reading this. https://support.mozilla.org/en-US/kb/openpgp-unsafe-key-properties-ignored

I knew there was a reason I used s/Mime.

1lemonsik
1lemonsik Question owner
more options

I simply re imported the key and it is now working fine. The fix being trivial does not remove the fact that this is scary and lets you wonder about where and how this key was stored. Especially when you are dealing with end to end encryption and maybe more importantly, authentification.