> > I had no problems transitioning from Enigmail to Thunderbird 78.3.1, > > which has removed Enigmail. With an existing GPG installation, it > > was necessary to run the command "gpg --export-secret-keys --armor > > > private_key.asc" for importation into Thunderbird. Then in Thunderbird, > > clicking the main account header in the side panel brings up a link > > "End-to-end encryption." This brings up "Account Settings," toward the > > bottom of which is an "End-To-End Encryption" header. From here one can > > enable OpenPGP by importing the "private_key.asc" file created earlier. > > OK, but how do I create a sticky setting that tells TB to use encryption? > > If I go to "Account Settings | End-to-End Encryption" I can select and add a > key to an account. But there doesn't seem to be a "save" function, and as > soon as I leave the settings page, the setting reverts to "None - do not use > OpenPGP for this identity".
The first step is not exactly adding a key to an account. The first step is importing a private GPG key stored on your computer for use in Thunderbird; this key can then be used (or not) with any e-mail account you are accessing via Thunderbird. (For example, you might access both a work e-mail account and a personal e-mail account in Thunderbird.) I'll try to elaborate on my previous message with more details. I'm assuming you have an existing GPG key stored in the subdirectory ~/.gnupg of your home directory and have run the command "gpg --export-secret-keys --armor > private_key.asc" already. 1. In Thunderbird, under Account Settings --> End-to-End Encryption," under the "OpenPGP" section, initially it will say, "Thunderbird doesn't have a personal OpenPGP key for [your e-mail address]." Next to that message is a button "Add Key." 2. Clicking on that button opens a new window with the message, "If you have an existing personal key for this email address, you should import it. Otherwise you will not have access to your archives of encrypted emails, nor be able to read incoming encrypted emails from people who are still using your existing key." You will be able to select either "Create a new OpenPGP Key" or "Import an existing OpenPGP Key." Select "Import an existing OpenPGP Key" and click "Continue." 3. In the next window that opens, click "Select File to Import" and select the file "private_key.asc" created earlier. 4. A new window will open that should have a message at the top saying (in my case) "Thunderbird found 2 keys that can be imported"; each will be listed with its ID, e-mail address, and a box you can check saying "Treat this key as a Personal Key." (In my case, I selected my most recent key, the earlier one having been revoked.) Click "Continue." You'll be asked to enter the passphrase used to decrypt access to your private key on your machine. Then a window should open with a green highlighted message saying "OpenPGP Keys successfully imported!" Each key will be listed with a button "Key Properties." 5. At the bottom of the window there will be a message, "To start using your imported OpenPGP key for email encryption, close this dialog and access your Account Settings to select it." Click Continue. Then, on the Account Settings --> End-to-End Encryption screen, deselect "None" and select the ID of the OpenPGP key. 6. At the bottom of the page you can select default settings for sending messages: whether to encrypt by default, whether to digitally sign be default. If you are using Thunderbird to access multiple accounts, you will set these options on the "Account Settings --> End-to-End Encryption" page for each account. 7. Quit Thunderbird and restart it. (This step is probably unnecessary but couldn't hurt.) 8. When you compose or reply to a message, in the Composition Toolbar of the composition window (which will appear at the top, right underneath "File," "Edit," "View," etc.), you should see "Send," "Spelling," "Security," and "Save." 9. "Security" provides a drop-down menu for "Encryption Technology" (choose OpenPGP), "Do Not Encrypt," "Require Encryption," "Digitally Sign This Message," "Attach My Public Key," and "View Security Info." Here you can alter the default settings you chose in "Account Settings --> End-to-End Encryption." So far as I can tell, account settings in Thunderbird are sticky by default. If I go to Account Settings (accessible under the "Edit" drop-down menu of Thunderbird), change an option, and then simply close the "Account Settings" tab, the option stays as I set it until I change it again by reopening Account Settings. Once you've imported your GPG private keys, they should be usable in any account you're accessing in Thunderbird. This can be checked under "Tools --> OpenPGP Key Manager," which will open a window showing the private keys you've imported. Highlighting one of them and clicking "View --> Key Properties" will show information about the key (fingerprint, etc.); under "Type" it should read "key pair (secret key and public key)." Best regards, Greg Marks
signature.asc
Description: PGP signature