From MozillaWiki
Jump to: navigation, search

= = = = = = = = = = = = = = = = = = = = =


= = = = = = = = = = = = = = = = = = = = =

As of Thunderbird 78.6.0, Thunderbird can send encrypted email using OpenPGP, if you have the recipient's public key, you have accepted to use the public key, and a user ID in the public key matches the recipient's email address.

To send encrypted email to an address that isn't defined in a key's user ID, we need to develop a new recipient alias feature for Thunderbird.

While we intend to implement a user interface define recipient aliases in a future Thunderbird release, for the stable 78.x we will only offer a manual configuration mechanism. This enhancement is currently being developed. This page documents how to use it.

At this time only an experimental build is available. Download instructions are below. The instruction below only work with the experimental build.

A preliminary documentation for using the feature is also provided on this page, but it might change until the feature is declared stable. Nevertheless, you are invited to test the feature and give feedback in or at

Create a new text file, as described here:

Save the file, for example use filename openpgp_alias_to_keys.json .

In Thunderbird, use preferences, config editor. Find preference mail.openpgp.alias_rules_file and set it to the filename you have chosen above. If you have saved the file into your Thunderbird profile directory, then it is sufficient to set the filename, only. If you have saved the file elsewhere on your disk, you must set the preference to the full path where the file can be found, e.g. /home/myself/openpgp_alias_to_keys.json or c:\users\myself\openpgp_alias_to_keys.json . (It hasn't yet been tested on Windows, maybe you need to use c:\\users\\myself\\openpgp_alias_to_keys.json .)

Restart Thunderbird. Start to compose a new message. Enter a recipient that should match one of your alias definitions. Ensure OpenPGP is selected as the technology for this message. Click the security button, to view the message security info.

Look for a line that contains the recipient email address that you expect to match your alias rule. If a problem was found, the status should be shown as "Alias Problem". If the alias was found to work, you'll see status "a -> b" to indicate that the address will be mapped to something else.

If it doesn't work as expected, open the error console (Menu Tools, Web Developer), it might contain additional information.

Note that it isn't necessary that a key has been marked as accepted. By defining the alias rule, you have declared that you accept the key for this use.

Note that currently the file is read only once at the time Thunderbird is started. If you make a change to the file, it's currently necessary to restart Thunderbird.

If you would like to test that the correct keys are used, you may do so without actually sending the message. Use the menu command File / Send later. Then check your local folders, Outbox. Look for the message you have just prepared. Select it, and click the OpenPGP icon, and look at the recipient encryption keys. This allows you to check whic h keys will be used for encryption.

The build is available for download from Mozilla's "try server". The build is here:

You can see the list of patches included in the build, it is based on 78.6.0 plus the changes that are listed.

Downloading a build works by clicking the green "B" of the platform you need, then clicking "Artifacts" in the lower area that appears, and then downloading the respective archive for your platform. For Linux you need target.tar.bz2 , for Windows you need , and for macOS you need target.dmg .

For convenience, here are direct links:

Linux 64 bit:

Linux 32 bit:


Windows 64 bit:

Windows 32 bit: