Follow

Do you have questions or concerns about email encryption?
Please put them here.⬇️

@thunderbird@mastodon.online why hasn't there been a standardized, fully secure method of end to end encryption like OMEMO or Matrix?

@thatonecalculator @thunderbird Well, OpenPGP has been around for quite a bit longer than the Double Ratchet algorithm :D (1991 vs 2013).

If by "multi e2ee" you mean multi-device capable, you are wrong. OpenPGP can be used on multiple devices at the same time, either by using different keys, or a shared primary key with per-device subkeys, or simply by sharing the same key across multiple devices.

@vanitasvitae@fosstodon.org
@thunderbird@mastodon.online should've been more clear, I meant multi user conversations. last I remember openpgp could only be used with one person talking to another.

@thatonecalculator @thunderbird That's also not true. You can very well send messages encrypted to multiple recipients without much overhead.

@thatonecalculator @thunderbird No worries :) Crypto is still not super user-friendly unfortunately, although things are improving. Signal has demonstrated that userfriendly E2EE is doable.

@thatonecalculator @thunderbird I always thought the fundamental difference was that email is an async protocol, which precludes a number of useful cryptographic features from other systems, like PFS.

@rick @thunderbird Why I have to import my keys and can‘t use the existing in the .gnupg directory ?

@thunderbird
What do people need to start to use encryption?

(Moreba question for the audience 😉)

@reclus
When will Thunderbird be able again to send PGP/MIME emails? It is able to receive and show them, but not to send them. Especially if attachments are involved many receipients are not able to handle the current format.

With former enigmail the format could be choosen.

And please, don't change the current behaviar in K9mail with OpenKeyChain, because that is my current way to reach others that only support PGP/MIME.
@thunderbird

@WhyNot @reclus @thunderbird Personally, I need K-9 to stop using OpenKeyChain myself, because it currently won't let me add an OpenPGP key I created in Thunderbird to my Posteo account.

@CyborgZeta
😲 How could OpenKeyChain hinder you to add an OpenPGP key to Posteo? (not a Posteo user)
@reclus @thunderbird

@WhyNot @reclus @thunderbird It hinders me by not letting me add the key to my account in K-9. I select import an existing key, select the key, and rather than add it to the account it just remains in OpenKeyChain. It's really as simple as that.

@CyborgZeta
Well that is the normal behavior. The keys remains always in OpenKeyChain. To link it to your account in K9, you choose account settings (or however it is called in your language version) for this account, end-to-end encryption, set the switch to activate OpenPGP support for this account and then select the key you want to use with this account.
@reclus @thunderbird

@CyborgZeta
As a precondition, you need to config OpenKeyChain. Start the app, select apps from the menu, tap on K-9 Mail and select the keys that K9 is allowed to use.
@reclus @thunderbird

@WhyNot @reclus @thunderbird Yeah, I tried that, but it won't let me add the key I made in Thunderbird. My experience has been that it only likes keys made in K-9, or made with the provider's front-end. The reverse is also true; if I make a key for the account in K-9, it will accept it. But then Thunderbird won't.

@CyborgZeta
Maybe it will help to generate the key in PGP (openPGP, GnuPG, ...), export it there and import it to all the others. 🤷‍♂️
@reclus @thunderbird

@thunderbird How do we make encryption easier to use when the bulk of the providers have a financial interest not to have encryption (Google, Hotmail, other places that scan emails for data)?"

Also, is there a way of using SSH keys instead of SSL much like AGE encrypts things? Or Gemini's TOFU (trust on first use)?

@thunderbird

It seems that there is a problem with signature checking. Thunderbird shows an invalid signature when I'm sending an email to myself (signed with my key).

K9 & OpenKeyChain shows a correct signature for the same email.

After recurrent checks sometimes the signature is shown as correct in Thunderbird (even for those mails that were shown as invallid before), sometimes not. (non-deterministic?)

(Checked with the same identity & key and with different identities & keys.)

@thunderbird no for me (because I already use it for years) but a lot of people ask me "how to decrypt emails via gpg when I receive an email in Gmail from someone who sent it via thunderbird with gpg?"
The only answer I give is to use mailvelop...

@thunderbird Thanks that it's possible to ask questions. Is it possible to store PGP encrypted emails like usual emails in Thunderbird? I mean storing them unencrypted like any other email. I had the experience that I couldn't access received encrypted emails after a while, because I/Thunderbird didn't have the key anymore

@thunderbird @9Lukas5 When out of the box working GPG in thunderbird on Mac?

@thunderbird
Please add support for Web-of-Trust, to make openpgp-ca.org/ useful with TB.

@thunderbird Has thunderbird created a tutorial on email encryption?

@Yung_Lyun We definitely need documentation.
@KillYourFM is meeting with Thunderbird's resident encryption expert Kaie later today. The goal is to have a transfer of knowledge, then explain the basics (and their importance) to our community.

@thunderbird Can I request that unlocking the gpg/pgp key not be done at start-up and left unlocked/passkey accessible? Maybe I'm weird but I actively dislike that being in the master key store and unlocked the entire time the keyring is open. I'd much prefer the model similar to the way it was done with enigmail where the gpg/pgp key was VERY explicitly unlocked to use vs. having the password in the master store and effectively always available

@warthog9 @thunderbird

Preach! 🙂 Yet another one of those "conveniences" at the cost of security.

@thunderbird Please add a "Require encryption" option that can be set per recipient.

@thunderbird How come autocrypt makes email encryption so easy on #DeltaChat but not on #Thunderbird? Can I haz DeltaChat <-> Thunderbird?

@mray @thunderbird I use Thunderbird on the desktop (Windows 10 - yar yah yah) POP'ing all accounts.

I use Thunderbird on my laptop (for travel and off-site) & IMAP all accounts.

I use K-9 on mobile (GrapheneOS) with IMAP for all accounts.

I also use Delta Chat on desktop & mobile as a Signal replacement.

It would be nice if there was some integration between the Delta Chat 'concept' and the Thunderbird products.

@papertape @thunderbird back in the Enigmail days you could set it up to work encrypted.

But I'm not even talking about that - I would like it to look and feel like the other chat integrations Thunderbird has.

@thunderbird Why cant I anymore have encryption enabled by default for email addresses I have a key for.

@thunderbird
When will #Thunderbird use #SequoiaPGP instead of the buggy rnp library? Esp. since sequoia is written in rust.

When will #Thunderbird implement easy encryption be default with automatic key-roll-over, like #pEp #prettyEasyPrivacy does? Or simply make pEp default part of TB?

@thunderbird
That no people that I email will have the technical ability to read the encrypted email I send them.

@thunderbird Will it be possible to re-encrypt saved emails with a different key?

Sign in to participate in the conversation
Mastodon

A newer server operated by the Mastodon gGmbH non-profit