Thunderbird and OpenPGP

This page lists resources, discussion venues, and plans related to OpenPGP messaging with Thunderbird.

Background

Prior to Thunderbird version 78.x, the Enigmail Add-On provided OpenPGP encrypted messaging, which required the use of external GnuPG software.

Thunderbird 78 includes OpenPGP functionality, and no longer requires the installation of external software.

This improvement is necessary, because Enigmail cannot be used with Thunderbird 78, except to facilitate the migration of existing keys.

If you are a previous user of Enigmail, please read How does Thunderbird's OpenPGP implementation differ from Enigmail?

HOWTO and FAQ

See Mozilla's support OpenPGP in Thunderbird - HOWTO and FAQ knowledge base article.

Development Status

• Thunderbird 78.0 release - OpenPGP functionality is experimental, and disabled by default.
• It is hoped to be stable in 78.2 - until then Enigmail users should not attempt to update to 78 until an automatic update occurs.
• Thunderbird 78.2.1 release, August 29, 2020 - OpenPGP is enabled by default (mail.openpgp.enable=true), and the enigmail add-on changed to migrate users to OpenPGP https://www.thunderbird.net/en-US/thunderbird/78.2.1/releasenotes/
  • See also our initial announcement and the detailed description from October 2019.
• Post Thunderbird 78.3 - fixes and improvements
  • Experimental support for smartcard secret key operations (no public key operations) is under development.

See the tb-planning list archive for answers to some commonly asked questions.

A presentation was given about the development of integrated OpenPGP support as part of the Thunderbird Virtual Summit 2020.

Discussion

To help with testing, or for help in using Thunderbird's OpenPGP, please post in e2ee topicbox. Or chat at Matrix: #openpgp:mozilla.org

Please report bugs at Bugzilla, product MailNews Core, component Security: OpenPGP. (You need to register an account to access that link.)

To discuss policy aspects of Thunderbird's OpenPGP, please post to the public tb-planning mailing list.

Open issues and TODO list

The best way to see our progress and open issues is run a bugzilla query.

In addition, we have a high level overview of items that have already been worked on, and which are still ToDo (might be outdated).

Debugging / Tracing

If you run into a problem, you may try the following mechanisms to obtain additional information, which may be useful for you, or for the Thunderbird developers when reporting a problem, to analyze the cause.

Error Console

The simplest is to open the Thunderbird Error Console. You can open it from the menu Tools→Developer Tools→Error Console. Messages shown in red are of particular interest.

OpenPGP log

Thunderbird version 126 and up

To view more logging about OpenPGP related processing

• Open Settings > General and search for about:config (Config Editor)
• Use the search box on top to find the openpgp.loglevel preference and set it to the desired level. Use All for maximal verbosity. The default is Warn which will log only errors and warnings.

It is not necessary to restart Thunderbird - logging starts immediately.

You can view the output at Tools > Developer > Error Console (Ctrl+Shift+J). To expose timestamps, click the gear icon in top-right of the Error Console, turn on "Show Timestamps".

Logs are also available on native console.

Thunderbird version 125 and below

To view some details about the processing of messages, you may set a preference in Thunderbird:

• Open menu Edit→Preferences→General, find the Config Editor.
• Add a new preference of the name temp.openpgp.logDirectory and set it to a string value, which must be the full name of a temporary directory, for example on Linux or macOS you could use value /tmp/.
• Restart Thunderbird.
• Thunderbird will write messages to a file named enigdbug.txt in the set directory.

The log will have a lot of information, most of which is harmless or not interesting. But it may contain clues about the cause of a problem.

Enigmail 2.2.x Add-on log

If you're trying to analyze a problem in the migration process that is performed by the Enigmail 2.2.x Add-on, please set the additional preference extensions.enigmail.logDirectory - it must also be set to a directory, but that must be a different directory than the one for OpenPGP log. For example, create a directory named /tmp/enig22 and set extensions.enigmail.logDirectory to string value /tmp/enig22. If you set both variables, then two separate debug log files will be created, both named enigdbug.txt.

RNP log

Advanced users may attempt to view internal error messages produced by the OpenPGP cryptographic engine that Thunderbird uses (the RNP library). To do so:

• Set the environment variable called RNP_LOG_CONSOLE, e.g. in a Linux terminal you could do that using the command export RNP_LOG_CONSOLE=1.
• Then you must start Thunderbird from within that terminal window, to ensure that it will see the environment variable that you have set.

Testing

If you are running 78.x and have the previous Enigmail Add-on installed, then Enigmail will update to version 2.2.x, which is a minimal release that helps you to migrate the keys and settings to Thunderbird 78.

If you haven't used Enigmail previously, you can enable OpenPGP for an email account in account settings.

If you want to help with testing see the discussion area below.

For advanced users: testing experimental builds.