Поиск в Поддержке

Избегайте мошенничеств со службой поддержки. Мы никогда не просим вас позвонить, отправить текстовое сообщение или поделиться личной информацией. Сообщайте о подозрительной активности, используя функцию «Сообщить о нарушении».

Learn More

Storage of PGP passphrase

  • 7 ответов
  • 4 имеют эту проблему
  • 250 просмотров
  • Последний ответ от Wayne Mery

more options

I have just upgraded from 68.12 to 78.2.2. I used Enigmail but I have migrated to the built-in openPGP. Everything runs as it should.

But it seems that my passphrase has been saved. In the old Enigmail, it used to ask for the passphrase regularly, which I found safer.

So in Thunderbird 78.2.2, is there a way to avoid the saving of the passphrase, or to define how long the passphrase should be saved (e.g. 15 min, session...)? If not, should I then use a master password to protect it? I cannot find the passphrase under saved passwords, so I am not sure where it is stored and therefore if the master password would protect the passphrase.

Thank you!

Выбранное решение

In the old Enigmail, it used to ask for the passphrase regularly, which I found safer.

Thunderbird OpenPGP does protect private keys, but it does it differently than Enigmail/GPG. It's the same mechanism that has been used in the past to protect private keys for S/MIME certificates, and for SSL/TLS client side certificates.

Thunderbird uses an automatically created, random password to protect all the OpenPGP secret keys.

An encrypted version of that password is stored in file encrypted-openpgp-passphrase.txt in the Thunderbird profile directory.

The password is encrypted using the Thunderbird Master Password feature. It uses a symmetric key that lives in file key4.db.

By default, file key4.db is unprotected. If you setup a Thunderbird master password, then the keys in file key4.db are password protected, and you will have to unlock it once each time you start Thunderbird, the first time any key from that database is required.

So in Thunderbird 78.2.2, is there a way to avoid the saving of the passphrase, or to define how long the passphrase should be saved (e.g. 15 min, session...)?

You can still use use GPG for secret key operations only, i.e. for signing and decryption. See https://wiki.mozilla.org/Thunderbird:OpenPGP:Smartcards

Note, even though the article is about using smartcards, it also works when the keys managed by GnuPG are stored in the standard software keyring files.

Прочитайте этот ответ в контексте 👍 1

Все ответы (7)

more options

Полезно?

more options

Выбранное решение

In the old Enigmail, it used to ask for the passphrase regularly, which I found safer.

Thunderbird OpenPGP does protect private keys, but it does it differently than Enigmail/GPG. It's the same mechanism that has been used in the past to protect private keys for S/MIME certificates, and for SSL/TLS client side certificates.

Thunderbird uses an automatically created, random password to protect all the OpenPGP secret keys.

An encrypted version of that password is stored in file encrypted-openpgp-passphrase.txt in the Thunderbird profile directory.

The password is encrypted using the Thunderbird Master Password feature. It uses a symmetric key that lives in file key4.db.

By default, file key4.db is unprotected. If you setup a Thunderbird master password, then the keys in file key4.db are password protected, and you will have to unlock it once each time you start Thunderbird, the first time any key from that database is required.

So in Thunderbird 78.2.2, is there a way to avoid the saving of the passphrase, or to define how long the passphrase should be saved (e.g. 15 min, session...)?

You can still use use GPG for secret key operations only, i.e. for signing and decryption. See https://wiki.mozilla.org/Thunderbird:OpenPGP:Smartcards

Note, even though the article is about using smartcards, it also works when the keys managed by GnuPG are stored in the standard software keyring files.

Изменено christ1

Полезно?

more options

I'd prefer that Thunderbird adds a second 'MasterPassword' just for the Mail-Encryption Keys with configureable Interval (0-30 Minutes) how often there is being asked for it like Enigmail did before. The "SmartCard" Way is possible but not really great.

Полезно?

more options

Keeping PGP Private Key Passwords in memory per session is reasonable but saving them for automatic decryption along with account passwords is NOT!

There is a big difference in expected privacy and security levels between an account password and a PGP Private Key Password!

PGP passwords should not reside on disk anywhere! By rights, they should also be explicitly purged from memory upon exiting Thunderbird.

Полезно?

more options

The current 78 version of Thunderbird breaks too many PGP security measures in its zeal to be easy to use.

I've switched back to 68 and Enigmail for now.

I'll see what the future brings. "Interlink" seems to be a Thunderbird clone that supports Enigmail but I haven't tried it yet.

Полезно?

more options

openpgp in thunderbird 78 is a security disaster. It seems that experienced linux users who have been using enigmail with gnupg for years have been completely bypassed with this design decision. Thunderbird 78 will certainly be a relief for Windows users and beginners in encryption issues. But security wise snake oil. By default the passphrase is simply stored without any request if you don't use a master password. Per recipient rules are not possible. Also the use of a smartcard for encryption is not possible. I also switched back to thunderbird 68 and will use it with apparmor as long as possible. Maybe someone will develop a fork, which is suitable for Linux users again. Or I use another mail client.

Полезно?

more options

Perhaps you have not been informed

  • The author of Engimail was very much involved in the implementation of OpenPGP
  • The library used for encryption does not yet support smartcard - but that is expected to change
  • Because of time constraints to deliver OpenPGP in version 78, what you see today is just the first iteration - so compromises were made and there is missing functionality - so there is more to come

Полезно?

Задать вопрос

Для ответа на сообщения вы должны войти в свою учётную запись. Пожалуйста, задайте новый вопрос, если у вас ещё нет учётной записи.