On Mon, 2020-11-02 at 11:49 +0100, John Paul Adrian Glaubitz wrote:
Can you elaborate how to remove the secret keys from Thundebird again and how to enforce the keys to be stored externally?
I don't know how to do that. All I did was a) setting mail.openpgp.allow_external_gnupg = true first thing after I started TB 78 for the first time. b) not entering my passphase at the GNUpg prompt during the enigmail import procedure. That way I made sure that the private key was never stored in TB. The import completed nonetheless, without the private keys, which is what I wanted. If you'd used and unlocked your gpg private keys before, you should make sure the gpg agent didn't cache any credentials related to your private keys (pkill -HUP gpg-agent).
I would like to do the same as I don't trust Thunderbird in this regard
Same here ;-)
Martin
--
Dr. Martin Wilck