On Tue, Nov 3, 2020 at 10:33 AM Jiri Slaby <jslaby@suse.cz> wrote:
On 03. 11. 20, 8:29, Andrei Borzenkov wrote:
On Tue, Nov 3, 2020 at 10:07 AM Jiri Slaby <jslaby@suse.cz> wrote:
On 02. 11. 20, 11:49, John Paul Adrian Glaubitz wrote:
Hi Martin!
On 11/2/20 11:29 AM, Martin Wilck wrote:
So, all in all, it's less bad than I expected, even though I still think the upstream developers' choice was ill-advised. I still strongly recommend against importing private keys in TB.
Can you elaborate how to remove the secret keys from Thundebird again and how to enforce the keys to be stored externally?
I did the same mistake. Moving secring.gpg away from my TB profile seems to do the job. Then I need to allow external gnupg and select proper key in account settings again. Now it wants a passwd when I sign this message.
I think encryption is not possible in this setup :(...
According to FAQ it should be
This key ID will be used to digitally sign messages with your account. It will also be used when you send an encrypted message, which will be encrypted for you, in addition to encrypting for the message recipients.
https://wiki.mozilla.org/Thunderbird:OpenPGP:Smartcards#Configure_an_email_a...
The page states later in Limitations of using GnugPG: For all public key operations and their trust settings, Thunderbird 78 will always use the internal RNP library. _GnuPG will not be used for encryption_, and GnuPG will not be used for signature verification.
So I only misunderstood?
Encryption does not use secret keys at all - it is using public keys of recipients (you including, so you can later read it). All public keys operations are performed internally, so public keys must be imported into and managed by TB. It means you may need to import every public key twice, as Martin already mentioned. Neither are secret keys used for signature verification - again, you are using public keys of sender. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org