From MozillaWiki
Jump to: navigation, search

Thunderbird and OpenPGP

This page lists resources, discussion venues, and plans related to OpenPGP messaging with Thunderbird.


Previously, until Thunderbird version 68.x, the Enigmail Add-On provided OpenPGP encrypted messaging, which required the use of external GnuPG software.

Soon, Thunderbird will include OpenPGP functionality, and will no longer require the installation of external software.

This improvement is necessary, because Enigmail cannot be used with Thunderbird 78, except for key migration purposes.

If you are a previous user of Enigmail, please read How does Thunderbird's OpenPGP implementation differ from Enigmail?

Development Status

As of the Thunderbird 78.0 release, the OpenPGP functionality is experimental, and disabled by default.

It is hoped to be stable in 78.2 - until then Enigmail users should not attempt to update to 78 until an automatic update occurs.

See also our initial announcement and the detailed description from October 2019.

See the tb-planning list archive for answers to some commonly asked questions.

A presentation was given about the development of integrated OpenPGP support as part of the Thunderbird Virtual Summit 2020.

Experimental support for smartcard secret key operations (no public key operations) is under development.


If you use OpenPGP for non-critical purposes, then you are welcome to enable it manually and help with testing.

To enable it in Thunderbird 78.0, use the config editor and change the value of preference mail.openpgp.enable to true, then restart Thunderbird.

If you are running 78.x and have the previous Enigmail Add-on installed, then Enigmail will update to version 2.2.x, which is a minimal release that helps you to migrate the keys and settings to Thunderbird 78.

If you haven't used Enigmail previously, you can enable OpenPGP for an email account in account settings.

If you want to help with testing see the discussion area below.

For advanced users: testing experimental builds.


To help with testing, or for help in using Thunderbird's OpenPGP, please post in e2ee topicbox. Or chat at Matrix:

Please report bugs at Bugzilla, product MailNews Core, component Security: OpenPGP. (You need to register an account to access that link.)

To discuss policy aspects of Thunderbird's OpenPGP, please post to the public tb-planning mailing list.

Open issues and TODO list

The best way to see our progress and open issues is run a bugzilla query.

In addition, we have a high level overview of items that have already been worked on, and which are still ToDo (might be outdated).

Debugging / Tracing

If you run into a problem, you may try the following mechanisms to obtain additional information, which may be useful for you, or for the Thunderbird developers when reporting a problem, to analyze the cause.

The simplest is to open the Thunderbird Error Console. You can open it from the menu, Tools, Developer Tools, Error Console. Messages shown in red are of particular interest.

To view some details about the processing of messages, you may set a preference in Thunderbird. Open preferences, general, find the config editor. Add a new preference of the name temp.openpgp.logDirectory and set it to a string value, which must be the full name of a temporary directory, for example on Linux or macOS you could use value /tmp/ . Once set, Thunderbird will write messages to a file named enigdbug.txt in that directory. The log will have a lot of information, most of which is harmless or not interesting. But it may contain clues about the cause of a problem.

If you're trying to analyze a problem in the migration process that is performed by the Enigmail 2.2.x Add-on, please set the additional preference extensions.enigmail.logDirectory - it must also be set to a directory, but that must be a different directory than above. For example, create a directory named /tmp/enig22 and set extensions.enigmail.logDirectory to string value /tmp/enig22 . If you set both variables, then two separate files will be created, both named enigdbug.txt

Advanced users may attempt to view internal error messages produced by the OpenPGP cryptographic engine that Thunderbird uses (the RNP library). To do so, you need to set the environment variable called RNP_LOG_CONSOLE, e.g. in a Linux terminal you could do that using the command export RNP_LOG_CONSOLE=1. Then you must start Thunderbird from within that terminal window, to ensure that it will see the environment variable that you have set.