On Mon, 2020-09-14 at 10:30 +0200, Wolfgang Rosenauer wrote:
You can find the upstream FAQ here and if you are using Thunderbird with enigmal today you really should read it carefully: https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq
Q: "I need to use both GnuPG and Thunderbird in parallel, can I
synchronize my keys?"
A: "No."
Q: "How is my personal key protected?"
A: "At the time you import your personal key into Thunderbird, we
unlock it, and protect it with a different password, that is
automatically (randomly) created. [..] You should use the Thunderbird
feature to set a Master Password. Without a master password, your
OpenPGP keys in your profile directory are unprotected."
These two answers prove to me that this feature isn't production-ready.
Protecting one of the most important items for personal privacy (the
GPG secret key) with just the thunderbird master password sounds like a
joke. In general, not relying on gpg strikes me as a bad idea, as
that's what allows sharing the same set of keys between different
applications. And being unable to share or even synchronize keys with
the de-facto-standard PGP encryption software seems - dumb, sorry.
It's not your fault. But perhaps let it sit in the mozilla repo for
some more time.
Anyway, thanks for the warning,
Martin
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
--
Dr. Martin Wilck