Thunderbird 78 and OpenPGP smart cards

[R. Steve McKown]

pbrunschwig wrote:

Thunderbird will use its own keystore, that is not shared with GnuPG.

We use OpenPGP smart cards extensively, for a host of daily development and business tasks, including e-mail via Thunderbird + Enigmail. We use both on Linux and Windows.

How will our experience change if we try to go to Thunderbird 78.2? My primary concerns are:

• Integration with gpg-agent. Obviously we can't extract private keys out of the smart card to populate a local on-disk database as that would significantly reduce our security posture.
• Integration with our local, private key server that distributes private keys for employees.

Thanks,
Steve

[Patrick Brunschwig]

Why do you ask the Enigmail team how the Thunderbird functionality will look like? I can give you a rough idea, but not more:

Thunderbird 78.2 (not 78.0) will suport the use of Smartcards via GnuPG for operations that require private keys. For public keys, Thunderbird will use its own keystore that is not shared with GnuPG.

[R. Steve McKown]

Why do you ask the Enigmail team how the Thunderbird functionality will look like?

Mostly because you are involved and I've failed to find the right place from which to engage the right Thunderbird group online. Perhaps you have a reference to share?

Thunderbird 78.2 (not 78.0) will suport the use of Smartcards via GnuPG for operations that require private keys.

That's actually very useful feedback. Thanks for taking the time to reply, and for Enigmail!

[Patrick Brunschwig]

I will not provide support for OpenPGP in Thunderbird. Support for Thunderbird is available from https://support.mozilla.org/en-US/products/thunderbird