On Mon, 2020-09-14 at 10:30 +0200, Wolfgang Rosenauer wrote:
You can find the upstream FAQ here and if you are using Thunderbird with enigmal today you really should read it carefully: https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq
Q: "I need to use both GnuPG and Thunderbird in parallel, can I synchronize my keys?" A: "No." Q: "How is my personal key protected?" A: "At the time you import your personal key into Thunderbird, we unlock it, and protect it with a different password, that is automatically (randomly) created. [..] You should use the Thunderbird feature to set a Master Password. Without a master password, your OpenPGP keys in your profile directory are unprotected." These two answers prove to me that this feature isn't production-ready. Protecting one of the most important items for personal privacy (the GPG secret key) with just the thunderbird master password sounds like a joke. In general, not relying on gpg strikes me as a bad idea, as that's what allows sharing the same set of keys between different applications. And being unable to share or even synchronize keys with the de-facto-standard PGP encryption software seems - dumb, sorry. It's not your fault. But perhaps let it sit in the mozilla repo for some more time. Anyway, thanks for the warning, Martin -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org -- Dr. Martin Wilck <mwilck@suse.com>, Tel. +49 (0)911 74053 2107 SUSE Software Solutions Germany GmbH HRB 36809, AG Nürnberg GF: Felix Imendörffer -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org