Confirm
563
edits
Changes
Add structure and some small reordering, and some highlighting of important details
== Changes from Enigmail and to Thunderbird 78 HOWTO.==
This document is inteneded specifically for existing users of Enigmail, who want to start using Thunderbird 78 and its integrated OpenPGP functionality. If you have never used the Enigmail Add-on, then you don't need this document to use OpenPGP with Thunderbird 78.
'''If you have never used the Enigmail Add-on, then you can skip this document.'''
Due to required technology changes, you'll experience a lot of changes. We have tried to make the new OpenPGP functionality easier to understand and use, but on the other hand, some features will work differently than before, or might be missing.
'''Before you update to Thunderbird 78, you should read this whole document, to understand the changes that you will see.'''
== Experimental in 78.0, but stable in the near future ==
If you're reading this before OpenPGP has been declared as a stable feature in Thunderbird 78.x (expected for the 78.2 release end of August 2020), then please consider to stay with Thunderbird 68 and Enigmail for another while, especially if you depend on the security of OpenPGP and are worried about correct behavior.
If you are willing to experiment, or if the Thunderbird project has already declared OpenPGP as stable, then please read on. Due to required technology changes, you'll experience a lot re using an early release version of changes. We have tried to make Thunderbird 78 the new OpenPGP functionality easier to understand and use, but on the other hand, some features will work differently than before, or might be missingis still disabled by default.
If you're using an early release version of Thunderbird 78, e.g. 78.0 or 78.1, and you are willing would like to experiment, the test while OpenPGP functionality might support is still be disabled by default. Use the TB experimental, you may open Thunderbird preferences, and use the config editor, and to change the preference with the name "mail.openpgp.enable" to the value "true". Then restart Thunderbird. This will enable the user interface for OpenPGP.
== GnuPG vs. RNP and key storage ==
Thunderbird no longer uses the external GnuPG software. Previously, all your own keys and the keys of other people were managed by GnuPG, and Enigmail offered you to view, use and manage them. Now that Thunderbird uses a different technology, it's necessary to perform a migration of your existing keys, to migrate them from GnuPG into Thunderbird's own storage (inside the Thunderbird profile directory). Thunderbird will uses its own copy of the keys, sharing your keys between Thunderbird 78 and GnuPG currently isn't supported. (TODO: explain the smartcard situation.)
The migration functionality isn't provided by Thunderbird. Rather, an update for the Enigmail Add-on and Thunderbird 78 will be available, which no longer provides the usual functionality, but rather will help you to perform a migration of your existing keys.
Once you are using Thunderbird 78, Enigmail should update, and should offer you to migrate your keys. It Note that this will work, even if OpenPGP is not yet stable. The migration process should configure your email accounts to use the same keys that you had used previously.
Thunderbird doesn't use on-demand unlocking (key passwords) for your keys. Rather, the only way to password protect the use of your OpenPGP secret keys is to set up the global Master Password feature of Thunderbird, which you can find in Thunderbird's security preferences.
If you were using the ownertrust configuration for keys with GnuPG, this is handled differently in TB. The equivalent of marking a secret key as ownertrust ultimate is to use Thunderbird's OpenPGP key manager, open its details, and confirm that you accept it as a personal key. This flag will be automatically set by the migration. You might have to manually set it when importing a key using Thunderbird's key manager. The stable Thunderbird release is expected to ask you to set that flag at import time.
== The workflow of sending encrypted email ==
Enigmail had a lot of configuration choices to control the email encryption workflow.
Today, if you enable encryption for a message, then digital signing will be automatically enabled, too. And if digital signing is used, the option to attach your own public key to the message is automatically enabled, too. You may manually disable these options for an individual message, if desired.
== Other changes ==
Previously, instead of sending your public key as an attachement, Enigmail had the ability to include your public key in a hidden email header according to the Autocrypt standard. This functionality currently isn't offered, but might be added in the future.
