Compare Revisions

How to avoid accepting a counterfeit OpenPGP key when Thunderbird asks you to accept the public key of a correspondent.

<!-- This article is used as context-help, opened when clicking a learn-more link from inside Thunderbird's OpenPGP Key Assistant. Please keep the primary focus of the article. See also https://bugzilla.mozilla.org/show_bug.cgi?id=1773720 --> To send an encrypted OpenPGP message, you must [[OpenPGP in Thunderbird - HOWTO and FAQ#w_how-do-i-get-the-public-keys-of-my-correspondents|obtain the recipient's public key]], for example from a message received from them or from a public keyserver. Once you have obtained the public key, you must also decide if you want to '''accept''' it, because Thunderbird cannot automatically determine if a key is trustworthy - a key may be authentic or a counterfeit. How you determine whether a key is authentic or counterfeit, to be able to decide whether to accept the key or not, is the subject of this article. = Example Counterfeit Key = It is very easy for someone to create a public key with another person name and email address. For example, person Mallory with malicious intentions can simply create a key that contains the name and the email address of your friend Bob, and send the key to you. If someone other than Bob has created the key then it is a counterfeit key. If you then decide to use a counterfeit key in Bob's name, you might believe that you have a confidential conversation with Bob, because you are using email encryption, while in reality the encrypted message is readable by the malicious person Mallory who has created the counterfeit key in Bob's name. This is called a Monster-in-the-Middle-Attack (MITM), also know as Man-in-the-Middle-Attack. = How to Decide Whether to Accept a Public Key = To avoid that you accidentally use a counterfeit key, Thunderbird will never use someone's key automatically. Thunderbird will always require that you make the decision to accept a key as authentic. You also decide how much work you want to invest in checking that a key is authentic or counterfeit. If you have casual conversations with a correspondent, and you consider the contents of your message not very sensitive, you might decide to mark a key as accepted without checking whether the key is authentic. However, if you intend to exchange critical information, and your liberty or your life depends on the information to remain confidential, then you should carefully verify that you received is an authentic key, that they key actually came from the person with whom you wish to correspond. You can do this by viewing the details of a key, and then use a communication channel '''other than email''' to talk to your correspondent. Then each of you should view the details of the other person's public key and look at the fingerprint that is shown. A fingerprint is hash of the full key, a kind of checksum, and therefore a unique way of identifying a key. = Example Verification Process = To explain this process in more detail, if Alice and Bob wants to ensure they use each other's correct keys, they would perform the verification in two steps. In a first step, Alice would open the details of her own personal key, by finding it either in the OpenPGP key manager, or using the End-To-End Encryption tab in account settings. Bob would open the details of the key he has obtained, which claims to be in Alice's name. Then Alice should read out the fingerprint she sees on the screen for her own key, and Bob should listen and compare it with the fingerprint that is shown on his screen for the key that is in Alice' name. If the information fully matches, then Bob has verified Alice's key, and can click the checkbox that says "Yes, I've verified in person this key has the correct fingerprint". As the second step, Alice and Bob should repeat the process by viewing Bob's key. Bob should open the details of his own key, and Alice should open the key she has obtained and claims to be in Bob's name. Then Bob should read the fingerprint he sees on screen for his own key, and Alice should listen and compare it with the information she sees shown for Bob's key. If the fingerprint string fully matches then Alice has verified Bob's key, and can click the checkbox that says "Yes, I've verified in person this key has the correct fingerprint".