Thunderbird and OpenPGP
This page lists resources, discussion venues, and plans related to OpenPGP messaging with Thunderbird.
Prior to Thunderbird version 78.x, the Enigmail Add-On provided OpenPGP encrypted messaging, which required the use of external GnuPG software.
Thunderbird 78 includes OpenPGP functionality, and no longer requires the installation of external software.
This improvement is necessary, because Enigmail cannot be used with Thunderbird 78, except to facilitate the migration of existing keys.
If you are a previous user of Enigmail, please read How does Thunderbird's OpenPGP implementation differ from Enigmail?
HOWTO and FAQ
See Mozilla's support OpenPGP in Thunderbird - HOWTO and FAQ knowledge base article.
- Thunderbird 78.0 release - OpenPGP functionality is experimental, and disabled by default.
It is hoped to be stable in 78.2 - until then Enigmail users should not attempt to update to 78 until an automatic update occurs.
- Thunderbird 78.2.1 release, August 29, 2020 - OpenPGP is enabled by default (mail.openpgp.enable=true), and the enigmail add-on changed to migrate users to OpenPGP https://www.thunderbird.net/en-US/thunderbird/78.2.1/releasenotes/
- Post Thunderbird 78.3 - fixes and improvements
- Experimental support for smartcard secret key operations (no public key operations) is under development.
See the tb-planning list archive for answers to some commonly asked questions.
To help with testing, or for help in using Thunderbird's OpenPGP, please post in e2ee topicbox. Or chat at Matrix: #openpgp:mozilla.org
Please report bugs at Bugzilla, product MailNews Core, component Security: OpenPGP. (You need to register an account to access that link.)
To discuss policy aspects of Thunderbird's OpenPGP, please post to the public tb-planning mailing list.
Open issues and TODO list
The best way to see our progress and open issues is run a bugzilla query.
In addition, we have a high level overview of items that have already been worked on, and which are still ToDo (might be outdated).
Debugging / Tracing
If you run into a problem, you may try the following mechanisms to obtain additional information, which may be useful for you, or for the Thunderbird developers when reporting a problem, to analyze the cause.
The simplest is to open the Thunderbird Error Console. You can open it from the menu Tools→Developer Tools→Error Console. Messages shown in red are of particular interest.
To view some details about the processing of messages, you may set a preference in Thunderbird:
- Open menu Edit→Preferences→General, find the Config Editor.
- Add a new preference of the name
temp.openpgp.logDirectoryand set it to a string value, which must be the full name of a temporary directory, for example on Linux or macOS you could use value
- Restart Thunderbird.
- Thunderbird will write messages to a file named
enigdbug.txtin the set directory.
The log will have a lot of information, most of which is harmless or not interesting. But it may contain clues about the cause of a problem.
Enigmail 2.2.x Add-on log
If you're trying to analyze a problem in the migration process that is performed by the Enigmail 2.2.x Add-on, please set the additional preference
extensions.enigmail.logDirectory - it must also be set to a directory, but that must be a different directory than the one for OpenPGP log. For example, create a directory named
/tmp/enig22 and set
extensions.enigmail.logDirectory to string value
/tmp/enig22. If you set both variables, then two separate debug log files will be created, both named
Advanced users may attempt to view internal error messages produced by the OpenPGP cryptographic engine that Thunderbird uses (the RNP library). To do so:
- Set the environment variable called
RNP_LOG_CONSOLE, e.g. in a Linux terminal you could do that using the command
- Then you must start Thunderbird from within that terminal window, to ensure that it will see the environment variable that you have set.
This section is obsolete - OpenPGP is production and enabled by default in current version of Thunderbird 78.
If you use OpenPGP for non-critical purposes, then you are welcome to enable it manually and help with testing.
To enable it in Thunderbird 78.0, use the config editor and change the value of preference mail.openpgp.enable to true, then restart Thunderbird.
If you are running 78.x and have the previous Enigmail Add-on installed, then Enigmail will update to version 2.2.x, which is a minimal release that helps you to migrate the keys and settings to Thunderbird 78.
If you haven't used Enigmail previously, you can enable OpenPGP for an email account in account settings.
If you want to help with testing see the discussion area below.
For advanced users: testing experimental builds.