Thunderbird
The Thunderbird project announced that for the future version of Thunderbird 78, scheduled for summer 2020, will add a built-in feature for email encryption and digital signatures using the OpenPGP standard. This new feature will replace the Enigmail plugin, which will remain supported until the end of Thunderbird 68, which is scheduled for Fall 2020.
Regarding encryption in Thunderbird features two popular technologies, supporting end-to-end encryption and digital signatures in email. Thunderbird has provided built-in support for S / MIME for many years and will continue to do so. The Enigmail plug-in made it possible to use Thunderbird with external GnuPG software for OpenPGP messaging.
Since the plugin types supported by Thunderbird will change with version 78, the current branch of Thunderbird 68.x (held until fall 2020) it will be the last that can be used with Enigmail.
Thunderbird 78 will provide assistance to Enigmail users to migrate existing keys and configurations.
To accomplish this, the team benefited from the collaboration of Patrick Brunschwig, longtime Enigmail developer, who proposed working with the Thunderbird team on OpenPGP.
In this change, Patrick said the following:
“My goal has always been to support OpenPGP in the Thunderbird base product. Although a long story will end, after 17 years of work at Enigmail, I am very happy with this result. "
Users who have not used Enigmail before will have to choose to use OpenPGP messaging, as encryption will not be activated automatically. However, Thunderbird 78 will help users discover the new feature.
To promote safe communication, Thunderbird 78 will encourage the user to confirm the keys used by correspondents, inform them of any unexpected changes and offer assistance in resolving the problem.
The main objective is to be able to send an encrypted and digitally signed email, decrypt received email, verify digitally signed email accuracy, and provide this functionality in a secure, compliant, interoperable, and user-friendly manner. The team views encryption and digital signatures as features that can be used together or independently.
When sending an email, users should be able to choose the features they want to use themselves and when receiving emails, it must be possible to determine which of these protection mechanisms has been used
It is unclear if Thunderbird 78 will support indirect key ownership confirmations used in the Web of Trust model (Wot), or to what extent. However, it must be possible to share user confirmations of key ownership (key signatures) and interaction with OpenPGP key servers.
Thunderbird cannot integrate GnuPG software due to incompatible licenses (MPL version 2.0 vs GPL version 3+). Instead of relying on users to obtain and install external software like GnuPG or GPG4Win, the team has indicated their intention to identify and use an alternative compatible library and distribute it with Thunderbird on all platforms.
To process OpenPGP messages, GnuPG stores secret keys, correspondent public keys, and trusts public key information in its own file format. Thunderbird 78 will not reuse the GnuPG file formatInstead, it will implement its own storage for keys and trust.
Users who already have secret keys from their previous use of Enigmail and GnuPG and wish to reuse their existing secret keys will need to transfer their keys to Thunderbird 78. On systems where GnuPG is installed, import assistance will be offered to users.
GnuPG managed secret keys are generally protected by a passphrase. Using Thunderbird's internal keystore, lThe master password function could be reused to protect OpenPGP keys in the same way that it can already be used to protect login information and keys used for S / MIME. This could save you from having to remember separate passwords for each OpenPGP key.
It is currently unclear if Thunderbird 78 will be able to reuse the trust settings established using Enigmail and GnuPG software. The team also doesn't know if Thunderbird 78 will implement the Web of Trust model for indirect confirmations.