Octopus, an alternate OpenPGP backend for Thunderbird
Hi everyone! Remember when Thunderbird broke compatibility with Enigmail? Here's a new drop-in replacement for librnp that integrates with your keyring: https://sequoia-pgp.org/blog/2021/04/08/202103-a-new-backend-for-thunderbird...
Dne 08. 04. 21 v 19:56 Adam Mizerski napsal(a):
Hi everyone! Remember when Thunderbird broke compatibility with Enigmail?
Here's a new drop-in replacement for librnp that integrates with your keyring:
https://sequoia-pgp.org/blog/2021/04/08/202103-a-new-backend-for-thunderbird...
It is sad that we have to wait on Red Hat to do The Right Thing™ (not using bundled unsupported cryptographical library and breaking users gpg configuration), but shouldn't we at least now package this into our Thunderbird? Matěj -- https://matej.ceplovi.cz/blog/, Jabber: mcepl@ceplovi.cz GPG Finger: 3C76 A027 CA45 AD70 98B5 BC1D 7920 5802 880B C9D8 Every true American would rather see this land face war than see her flag lowered in dishonor. -- The Episcopal bishop of New York, William Manning, 1916
Am 08.04.21 um 23:45 schrieb Matěj Cepl:
Dne 08. 04. 21 v 19:56 Adam Mizerski napsal(a):
Hi everyone! Remember when Thunderbird broke compatibility with Enigmail?
Here's a new drop-in replacement for librnp that integrates with your keyring:
https://sequoia-pgp.org/blog/2021/04/08/202103-a-new-backend-for-thunderbird...
It is sad that we have to wait on Red Hat to do The Right Thing™ (not using bundled unsupported cryptographical library and breaking users gpg configuration), but shouldn't we at least now package this into our Thunderbird?
started to work on it in mozilla:experimental. Not working yet, though. Wolfgang
On 11/04/2021 13.42, Wolfgang Rosenauer wrote:
Am 08.04.21 um 23:45 schrieb Matěj Cepl:
Dne 08. 04. 21 v 19:56 Adam Mizerski napsal(a):
Hi everyone! Remember when Thunderbird broke compatibility with Enigmail?
Here's a new drop-in replacement for librnp that integrates with your keyring:
https://sequoia-pgp.org/blog/2021/04/08/202103-a-new-backend-for-thunderbird...
It is sad that we have to wait on Red Hat to do The Right Thing™ (not using bundled unsupported cryptographical library and breaking users gpg configuration), but shouldn't we at least now package this into our Thunderbird?
started to work on it in mozilla:experimental.
Not working yet, though.
Thanks :-) If somebody knows more about it, please talk ;-) -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
Am 11.04.21 um 14:02 schrieb Carlos E. R.:
On 11/04/2021 13.42, Wolfgang Rosenauer wrote:
Am 08.04.21 um 23:45 schrieb Matěj Cepl:
It is sad that we have to wait on Red Hat to do The Right Thing™ (not using bundled unsupported cryptographical library and breaking users gpg configuration), but shouldn't we at least now package this into our Thunderbird?
started to work on it in mozilla:experimental.
Not working yet, though.
Thanks :-)
If somebody knows more about it, please talk ;-)
So, the issue is that Thunderbird 78.9.1 introduced new APIs between TB and librnp so that Octopus is incomplete at this very moment. Devs are informed and now aware to update octopus. For people still curious and want to see updates: The repo mozilla:experimental now contains a TB 78.9.1 which installs an additional subpackage called MozillaThunderbird-openpgp That package can be replaced with sequoia-octopus-librnp containing the Octopus drop-in replacement. As said: at this moment some things don't work. Actually I don't know if there are even some things which work at the moment. The library can be loaded but already listing of keys is broken. And the usual disclaimer: Using mozilla-experimental may eat your data. Specifically your PGP data so make sure you have backups and use it on your own risk. Wolfgang
On 11/04/2021 17.31, Wolfgang Rosenauer wrote:
Am 11.04.21 um 14:02 schrieb Carlos E. R.:
On 11/04/2021 13.42, Wolfgang Rosenauer wrote:
Am 08.04.21 um 23:45 schrieb Matěj Cepl:
It is sad that we have to wait on Red Hat to do The Right Thing™ (not using bundled unsupported cryptographical library and breaking users gpg configuration), but shouldn't we at least now package this into our Thunderbird?
started to work on it in mozilla:experimental.
Not working yet, though.
Thanks :-)
If somebody knows more about it, please talk ;-)
So, the issue is that Thunderbird 78.9.1 introduced new APIs between TB and librnp so that Octopus is incomplete at this very moment. Devs are informed and now aware to update octopus.
Thanks for reporting :-)
For people still curious and want to see updates:
The repo mozilla:experimental now contains a TB 78.9.1 which installs an additional subpackage called MozillaThunderbird-openpgp
That package can be replaced with sequoia-octopus-librnp containing the Octopus drop-in replacement.
As said: at this moment some things don't work. Actually I don't know if there are even some things which work at the moment. The library can be loaded but already listing of keys is broken.
And the usual disclaimer: Using mozilla-experimental may eat your data. Specifically your PGP data so make sure you have backups and use it on your own risk.
I think I will stay this way of the fence for the time ;-) It is very interesting to see advancement and light, even if far. -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
Hi, another update. Upstream was quite swift in implementing most of the important things. The repo now contains a new build which I'm just using to write this mail. I personally still have some difficulties to see all of my keys. Specifically the one for this address so I cannot sign this mail. So I hope that others will give it some testing as well as I'm not using PGP that much. Wolfgang
Am 11.04.21 um 20:17 schrieb Wolfgang Rosenauer:
Hi, another update. Upstream was quite swift in implementing most of the important things. The repo now contains a new build which I'm just using to write this mail. I personally still have some difficulties to see all of my keys. Specifically the one for this address so I cannot sign this mail.
So I hope that others will give it some testing as well as I'm not using PGP that much.
Now also confirmed with my yubikey based keypair and works like a charm. For others interested because I ran into this with one of my very old keys: - ElGamal is not supported at all - my legacy DSA1024/ElGamal key is not even recognized/shown (despite it's in my gpg keyring) Wolfgang
Am Donnerstag, 8. April 2021, 19:56:51 CEST schrieb Adam Mizerski:
Hi everyone! Remember when Thunderbird broke compatibility with Enigmail?
Here's a new drop-in replacement for librnp that integrates with your keyring:
https://sequoia-pgp.org/blog/2021/04/08/202103-a-new-backend-for-thunderbird /
Just out of curiosity, what's wrong with the openpgp integration that is part of thunderbird? Cheers MH -- Mathias Homann Mathias.Homann@openSUSE.org Jabber (XMPP): lemmy@tuxonline.tech IRC: [Lemmy] on freenode and ircnet (bouncer active) telegram: https://telegram.me/lemmy98 keybase: https://keybase.io/lemmy gpg key fingerprint: 8029 2240 F4DD 7776 E7D2 C042 6B8E 029E 13F2 C102
On Sun, Apr 11, 2021 at 8:33 AM Mathias Homann <Mathias.Homann@opensuse.org> wrote:
Am Donnerstag, 8. April 2021, 19:56:51 CEST schrieb Adam Mizerski:
Hi everyone! Remember when Thunderbird broke compatibility with Enigmail?
Here's a new drop-in replacement for librnp that integrates with your keyring:
https://sequoia-pgp.org/blog/2021/04/08/202103-a-new-backend-for-thunderbird /
Just out of curiosity, what's wrong with the openpgp integration that is part of thunderbird?
Two major things: * No integration with system keyring, making it a pain to use the GPG keys you have now * Usage of Botan means that system wide crypto policies don't control algorithms used in Thunderbird The first is a problem for everyone, the second is a problem for Enterprise Linux distributions trying to maintain certifications. -- 真実はいつも一つ!/ Always, there's only one truth!
Am 11.04.21 um 15:06 schrieb Neal Gompa:
On Sun, Apr 11, 2021 at 8:33 AM Mathias Homann <Mathias.Homann@opensuse.org> wrote:
Just out of curiosity, what's wrong with the openpgp integration that is part of thunderbird?
Two major things:
* No integration with system keyring, making it a pain to use the GPG keys you have now * Usage of Botan means that system wide crypto policies don't control algorithms used in Thunderbird
+ No chain of trust. Very important in an enterprise setting, too.
On 11/04/2021 15.28, Ben Greiner wrote:
Am 11.04.21 um 15:06 schrieb Neal Gompa:
On Sun, Apr 11, 2021 at 8:33 AM Mathias Homann <> wrote:
Just out of curiosity, what's wrong with the openpgp integration that is part of thunderbird?
Two major things:
* No integration with system keyring, making it a pain to use the GPG keys you have now * Usage of Botan means that system wide crypto policies don't control algorithms used in Thunderbird
+ No chain of trust. Very important in an enterprise setting, too.
It doesn't ask for the password when signing emails, or when sending encrypted emails (this instant I don't remember about receiving). It only asks when starting Thunderbird, ie, once per session (which in my case can mean weeks). -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday, 2021-04-11 at 15:50 +0200, Carlos E.R. wrote:
On 11/04/2021 15.28, Ben Greiner wrote:
Am 11.04.21 um 15:06 schrieb Neal Gompa:
On Sun, Apr 11, 2021 at 8:33 AM Mathias Homann <> wrote:
Just out of curiosity, what's wrong with the openpgp integration that is part of thunderbird?
Two major things:
* No integration with system keyring, making it a pain to use the GPG keys you have now * Usage of Botan means that system wide crypto policies don't control algorithms used in Thunderbird
+ No chain of trust. Very important in an enterprise setting, too.
It doesn't ask for the password when signing emails, or when sending encrypted emails (this instant I don't remember about receiving).
It only asks when starting Thunderbird, ie, once per session (which in my case can mean weeks).
It doesn't cope with inline PGP, like this email. - -- Cheers, Carlos E. R. (from openSUSE 15.2 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCYHL/DBwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVTP4AoIs9av2p10if9rX886Zl OItEUL7QAJ0VI9Y98d3kSbi/vFnupaW7aE37iA== =C11E -----END PGP SIGNATURE-----
Am 11.04.21 um 15:52 schrieb Carlos E. R.:
On Sunday, 2021-04-11 at 15:50 +0200, Carlos E.R. wrote:
On 11/04/2021 15.28, Ben Greiner wrote:
Am 11.04.21 um 15:06 schrieb Neal Gompa:
On Sun, Apr 11, 2021 at 8:33 AM Mathias Homann <> wrote:
Just out of curiosity, what's wrong with the openpgp integration that is part of thunderbird?
Two major things:
* No integration with system keyring, making it a pain to use the GPG keys you have now * Usage of Botan means that system wide crypto policies don't control algorithms used in Thunderbird
+ No chain of trust. Very important in an enterprise setting, too.
It doesn't ask for the password when signing emails, or when sending encrypted emails (this instant I don't remember about receiving).
It only asks when starting Thunderbird, ie, once per session (which in my case can mean weeks).
It doesn't cope with inline PGP, like this email.
Not sure if octopus will fix this as it just replaces the backend. Actually I don't think it will. Wolfgang
On 11/04/2021 15.52, Carlos E. R. wrote:> On Sunday, 2021-04-11 at 15:50 +0200, Carlos E.R. wrote:
On 11/04/2021 15.28, Ben Greiner wrote:
Am 11.04.21 um 15:06 schrieb Neal Gompa:
On Sun, Apr 11, 2021 at 8:33 AM Mathias Homann <> wrote:
Just out of curiosity, what's wrong with the openpgp integration that is part of thunderbird?
Two major things:
* No integration with system keyring, making it a pain to use the GPG keys you have now * Usage of Botan means that system wide crypto policies don't control algorithms used in Thunderbird
+ No chain of trust. Very important in an enterprise setting, too.
It doesn't ask for the password when signing emails, or when sending encrypted emails (this instant I don't remember about receiving).
It only asks when starting Thunderbird, ie, once per session (which in my case can mean weeks).
It doesn't cope with inline PGP, like this email.
Actually, this Thunderbird version (78.8.0) seems to be coping. I don't know when this started to happen, rpm says it was installed on 2021-03-06. I'm surprised I missed it for a month. The openPGP information at top-right is in Yellow. Says I have "not verified that the key is really owned by the sender". Strange, it is my own key. Doesn't offer a button to sign it. I can click "view signer key", and I get a dialog with information. At the bottom, there is a tab that says "Your acceptance" - I can not select the text to post it here. This worked in the past. I'll try a photo. <https://paste.opensuse.org/63724865> Despite saying it is a personal key several times, there is no difference. -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
participants (8)
-
Adam Mizerski -
Ben Greiner -
Carlos E. R. -
Carlos E.R. -
Mathias Homann -
Matěj Cepl -
Neal Gompa -
Wolfgang Rosenauer