Hello Patrick,
Am 31.05.2020 um 10:01 schrieb Patrick Brunschwig: > Mark wrote on 31.05.2020 01:28: >> Doesn't TB also need your secret keys to decrypt messages? > > With smartcard support via GnuPG, all secret key operations are handled > by GnuPG, and all public key operations are handled by TB (Note: the > standard case, without smartcard support, will be that all keys are in > Thunderbird). > > The use-cases are clearly distinct: > - encryption: you only need public keys > - decryption: you only need secret keys > - signing: you only need secret keys > - verification: you only need public keys > The standard user will not be able to work with that "solution". Compared to the "enigmail-solution" this is the hell and bound to fail. >> Also what if you need your public keys outside of TB such as encrypting >> a file? > > That's not supported by Thunderbird. The idea of OpenPGP in Thunderbird > is that you use it for email. > That is correct, but nevertheless it is mandatory to have and use a single key-store. >> The reason I'm asking is that awhile ago I posted about unknown files in >> my GNUPG directory. PAPubring.gpg and PAsecring.gpg. I eventually found >> out those are key rings used by a program I have called Power Archiver. >> I'm not sure why it has it own set of keys, still awaiting an >> explanation from support. If every app is not using the same pair of key >> rings (and there is no synchronization between them) could that not lead >> to problems? > > The only "problem" might be that you have different keys on different > key rings. But this is not necessarily a problem - you use different > keys for different purposes and you can import and export the keys > between the tools if needed. > As I stated before: This is a real problem. Multiple keys-stores are not manageable and this planned solution is much more complicated than the current with enigmail. Therefore it is bound to be a non-starter. > -Patrick > >> On 5/30/2020 12:57 PM, Patrick Brunschwig wrote: >>> Mark wrote on 30.05.2020 20:54: >>>> So then do you have multiple pairs of key rings? One pair for TB78 and >>>> its built in PGP and another pair as part of GNUPG? >>> No exactly. You have your secret keys with GnuPG, and your public keys >>> with Thunderbird. No synchronization required. >>> >>> -Patrick >>>> If so how do you keep them synchronized? >>>> >>>> On 5/30/2020 9:17 AM, Patrick Brunschwig wrote: >>>>> Robert J. Hansen wrote on 30.05.2020 01:07: >>>>>>> If TB 78 is going to have native support of openGPG encryption, then the >>>>>>> original person in the thread should be able to export all of the keys >>>>>>> in their key rings, and import all of those keys into TB 78, or am I >>>>>>> missing one of the gotchas with >>>>>>> TV 78 and it's openGPG encryption support. >>>>>> You're missing the gotcha of "as of -Beta3, the new Thunderbird *cannot >>>>>> even import a key*." >>>>> I'm sorry, but that is simply not true. There is a known bug in the >>>>> library used by Thunderbird (RNP) that leads to crashes when importing >>>>> _certain_ keys. But I succeeded in importing all of my keys without any >>>>> problems (more than 1.000), except for 5 V3-keys. I can definitely say >>>>> that it's not just broken, and it can import keys. >>>>> >>>>>> I'm not kidding. It is so far from complete that Kai Englert, who leads >>>>>> the TB78 OpenPGP effort, recently proposed postponing OpenPGP support in >>>>>> TB until version 78.2, or about a three-month delay. >>>>> Again, that's oversimplified. OpenPGP will not be enabled _by_ _default_ >>>>> but users may still enable it manually. >>>>> >>>>>> At present, as of -Beta3, TB78's OpenPGP support is badly broken. >>>>> No, it's incomplete - work in progress. That's not quite the same. >>>>> >>>>> -Patrick > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users