“The Mozilla developers have been and still are actively working on removing old code from their code base.
This affects not only Thunderbird itself, but also add-ons.
While it was possible for Thunderbird to keep old “legacy” add-ons alive for a certain time, the time has come for Thunderbird to stop supporting them. Thunderbird 78 will no longer to support the APIs that Enigmail requires and only allow new “WebExtensions”.
WebExtensions have a completely different API than classical add-ons, and a much reduced set of capabilities to hook into the user interface.
For Enigmail to continue to work, it would therefore be required to rewrite it from scratch. However, that’s beyond our available time limitations.
We have therefore agreed with the Thunderbird developers that it’s much better to implement OpenPGP support directly in Thunderbird.
The set of functionalities will be different than what Enigmail offers, and at least initially likely be less feature-rich. But in our eyes, this is by far outweighed by the fact that OpenPGP will be part of Thunderbird and no add-on and no third-party tool will be required.”
Mozilla made changes to thunderbird that are so massive, that addons like Enigmail will stop working.
Mozilla does not use default GNU Linux OpenPGP, but RNP
In 2017 German Security company Cure53 ran an audit on Enigmail and found 3x Critical flaws.
“The tests yielded a total of twenty-one security-relevant issues, including three “Critical”-level vulnerabilities” (src)
- TBE-01-002 Enigmail: Weak Parsing causes Confidentiality Compromise (Critical)
- TBE-01-015 Thunderbird: Decrypted PGP Blocks exposed via RSS Feeds (Critical)
- TBE-01-021 Enigmail: Flawed parsing allows faked Signature Display (Critical)
We are happy to report that no critical or major security issues were found, all identified issues had a medium or low severity rating, and we will publish the results in the future.” (src)
h2>Updating to Thunderbird 78 from 68
Soon the Thunderbird automatic update system will start to deliver the new Thunderbird 78 to current users of the previous release, Thunderbird 68. This blog post is intended to share with you details about our OpenPGP support in Thunderbird 78, and some details Enigmail add-on users should consider when updating. If you are interested in reading more about the other features in the Thunderbird 78 release, please see our previous blog post.
Updating to Thunderbird 78 is highly recommended to ensure you will receive security fixes, because no more fixes will be provided for Thunderbird 68 after September 2020.
The traditional Enigmail Add-on cannot be used with version 78, because of changes to the underlying Mozilla platform Thunderbird is built upon. Fortunately, it is no longer needed with Thunderbird version 78.2.1 because it enables a new built-in OpenPGP feature.
Not all of Enigmail’s functionality is offered by Thunderbird 78 yet – but there is more to come. And some functionality has been implemented differently, partly because of technical necessity, but also because we are simplifying the workflow for our users.
With the help of a migration tool provided by the Enigmail Add-on developer, users of Enigmail’s classic mode will get assistance to migrate their settings and keys. Users of Enigmail’s Junior Mode will be informed by Enigmail, upon update, about their options for using that mode with Thunderbird 78, which requires downloading software that isn’t provided by the Thunderbird project. Alternatively, users of Enigmail’s Junior Mode may attempt a manual migration to Thunderbird’s new integrated OpenPGP feature, as explained in our howto document listed below.
Unlike Enigmail, OpenPGP in Thunderbird 78 does not use GnuPG software by default. This change was necessary to provide a seamless and integrated experience to users on all platforms. Instead, the software of the RNP project was chosen for Thunderbird’s core OpenPGP engine. Because RNP is a newer project in comparison to GnuPG, it has certain limitations, for example it currently lacks support for OpenPGP smartcards. As a workaround, Thunderbird 78 offers an optional configuration for advanced users, which requires additional manual setup, but which can allow the optional use of separately installed GnuPG software for private key operations.
The Mozilla Open Source Support (MOSS) awards program has thankfully provided funding for an audit of the RNP library and Thunderbird’s related code, which was conducted by the Cure53 company.
We are happy to report that no critical or major security issues were found, all identified issues had a medium or low severity rating, and we will publish the results in the future.
More Info and Support
We have written a support article that lists questions that users might have, and it provides more detailed information on the technology, answers, and links to additional articles and resources. You may find it at: https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq
If you have questions about the OpenPGP feature, please use Thunderbird’s discussion list for end-to-end encryption functionality at: https://thunderbird.topicbox.com/groups/e2ee
Several topics have already been discussed, so you might be able to find some answers in its archive.
thunderbird (1:78.3.1-1) unstable; urgency=medium
The Thunderbird ESR series starting with version 78.x has finally dropped the
support for legacy Add-ons and also for legacy WebExtension Add-ons.
By this some packaged Add-ons within Debian, but also some external installed
Add-ons might not working any more!
The very popular Add-on Enigmail, which was providing OpenPGP support within
the Thunderbird application, isn’t getting further development as an external
Add-on due a consequence of the changed Add-on API.
Instead Thunderbird now has Built-In OpenPGP support since version 78.0.
The latest version of the Enigmail Add-on (>= 2.2) will provide an migration
wizard which helps to migrate the existing OpenPGP keys into Thunderbird.
Please have a look for further information about Enigmail on the project
homepage and the Add-on website.
You might also want to have a look at README.Debian for more information.
— Carsten Schoenert Sun, 20 Sep 2020 8:40:00 +0200
also check out: howto
Great work guys!
Was gibt es Neues in Enigmail v2.0?
Willkommen bei der neuen Enigmail-Version 2.0!
Die Version enthält viele neue und geänderte Funktionen. Bitte nehmen Sie sich eine Minute Zeit, um zu erfahren, was es Neues gibt:
Verschlüsselung des Betreffs der Nachricht
Wir haben eine neue Methode entwickelt, welche den Betreff in die verschlüsselte E-Mail verschiebt und den sichtbaren Betreff durch “Encrypted Message” ersetzt. Wenn eine solche Nachricht entschlüsselt wird, wird der Betreff automatisch durch den originalen Betreff ersetzt. Diese Funktionalität ist standardmäßig aktiviert, es gibt jedoch eine Einstellung, mit der man sie ausschalten kann. (Für diese Methode muss die Nachricht per PGP/MIME gesendet werden.)
Geändertes Verhalten der Schaltflächen zum Verschlüsseln und Signieren
Die SchaltflächenVerschlüsseln und Signieren im Fenster Nachricht verfassen funktionieren nun sowohl für das OpenPGP- als auch für das S/MIME-Protokoll. Wenn beide Algorithmen möglich sind, wird Enigmail versuchen, denjenigen zu bevorzugen, für den alle Schlüssel verfügbar sind.
Unterstützung für Autocrypt
Enigmail unterstützt nun Autocrypt, einen neuen Standard zur Verteilung von Schlüsseln als Teil der gesendeten Nachrichten. Enigmail importiert automatisch Schlüssel aus Autocrypt-kompatiblen Nachrichten, so dass im Laufe der Zeit immer mehr E-Mails verschlüsselt werden können.
Neuer p≡p Junior-Modus (Pretty Easy Privacy)
Enigmail enthält jetzt einen p≡p Junior-Modus. Derzeit müssen Sie dazu p≡p manuell installieren; dies wird sich in einer zukünftigen Version ändern. Der p≡p Junior-Modus ermöglicht es Ihnen, die OpenPGP-Verschlüsselung so transparent wie möglich zu nutzen; Sie müssen sich nicht mehr um die Schlüsselverwaltung und die Synchronisation von Schlüsseln zwischen Geräten kümmern.
Bitte beachten Sie unsere Dokumentation, um Hilfe zur Verwendung von Enigmail zu erhalten.
- Tightly integrated suport for OpenPGP with Mozilla Thunderbird and SeaMonkey (and other Mozilla-based mail clients)
- Encrypt/sign mail when sending, decrypt/authenticate received mail
- Support for inline-PGP (RFC 4880) and PGP/MIME (RFC 3156)
- Per-Identity based encryption and signing defaults
- Per-Recipient rules for automated key selection, and enabling/disabling encryption and signing
- Integrated OpenPGP key management user interface
- Automatically encrypt or sign attachments for inline PGP messages
- Powerful GUI for easy configuration and OpenPGP key management
- Detailed user preferences for advanced configuration
- Integrated OpenPGP PhotoID viewer
- Supports OpenPGP key retrieval via proxy servers
- Integrates with GnuPG, version 2.2.x (recommended) and 2.0.x (old version, support ends 2017)
- Supports Mozilla’s Multiple Identities feature
- Official release for all platforms supported by Thunderbird (Windows, Linux, Mac OS X, Solaris, *BSD)
- Many languages are included in the official releases