Thunderbird:OpenPGP:Aliases: Difference between revisions

Jump to navigation Jump to search

Thunderbird:OpenPGP:Aliases (view source)

Revision as of 17:35, 2 March 2021

163 bytes removed ,  2 March 2021
After completing the feature, update the documentation
(Added category Thunderbird_OpenPGP as agreed with Kai in Mozilla chat)
(After completing the feature, update the documentation)
Line 1: Line 1:
= = = = = = = = = = = = = = = = = = = = = = =
This page documents the OpenPGP recipient alias feature.
EXPERIMENTAL FEATURE STILL UNDER DEVELOPMENT
It is a new feature available in Thunderbird 88 Beta, and will potentially be added to 78.9.0
= = = = = = = = = = = = = = = = = = = = = = =


As of Thunderbird 78.6.0, Thunderbird can send encrypted email using OpenPGP, if you have the recipient's public key, you have accepted to use the public key, and a user ID in the public key matches the recipient's email address.
In its default configuration, Thunderbird can send encrypted email using OpenPGP, if you have the recipient's public key, you have accepted to use the public key, and a user ID in the public key matches the recipient's email address.


To send encrypted email to an address that isn't defined in a key's user ID, we need to develop a new recipient alias feature for Thunderbird.
The alias feature allows you to send email using any OpenPGP public key that is technically acceptable to Thunderbird's OpenPGP engine, regardless of the user IDs contained in the public key.


While we intend to implement a user interface define recipient aliases in a future Thunderbird release, for the stable 78.x we will only offer a manual configuration mechanism. This enhancement is currently being developed. This page documents how to use it.
Initially no user interface is provided for managing the aliases, it's required to manually edit a text file in the JSON file format.


At this time only an experimental build is available. Download instructions are below. The instruction below only work with the experimental build.
An alias can be defined for a specific email address (higher priority), or for a all email addresses of a domain (lower priority, used if no alias is defined that exactly matches a recipient's email address). If neither an email alias nor a domain alias is found for a recipient email address, then Thunderbird will perform the regular lookup by user id for an accepted key.


A preliminary documentation for using the feature is also provided on this page, but it might change until the feature is declared stable.
Alias keys can be specified by 16-character ID or by full fingerprint. All public keys defined by an alias must be available, not expired, not revoked, and support encryption. Public keys will be used even if they are still in the undecided state, the listing in the alias file is considered as an override for the usual acceptance requirement. However, public keys that are marked as rejected cannot be used. If a problem is found with any key defined in an alias, using the alias and sending the message is prevented. Problems with aliases are logged to the Thunderbird error console.  
Nevertheless, you are invited to test the feature and give feedback in https://bugzilla.mozilla.org/show_bug.cgi?id=1644085 or at https://thunderbird.topicbox.com/groups/e2ee


Create a new text file, as described here:
To enable the use of aliases, you must manually create a text file, and must configure Thunderbird to use the file.
https://bug1644085.bmoattachments.org/attachment.cgi?id=9193371


Save the file, for example use filename openpgp_alias_to_keys.json .
To configure and enable an alias file, open preferences, config editor. Set preference mail.openpgp.alias_rules_file to an empty string (default) to disable the use of aliases. To use a file that you have manually copied to the profile directory, enter its filename without a path (e.g. openpgp_alias_to_keys.json, no / or \\ characters are allowed). To use a file that is stored elsewhere on your system, you may enter a full file:// URL.


In Thunderbird, use preferences, config editor. Find preference mail.openpgp.alias_rules_file and set it to the filename you have chosen above. If you have saved the file into your Thunderbird profile directory, then it is sufficient to set the filename, only. If you have saved the file elsewhere on your disk, you must set the preference to the full path where the file can be found, e.g. /home/myself/openpgp_alias_to_keys.json or c:\users\myself\openpgp_alias_to_keys.json . (It hasn't yet been tested on Windows, maybe you need to use c:\\users\\myself\\openpgp_alias_to_keys.json .)
Note at this time the file will be read by Thunderbird, but not modified. If a future version of Thunderbird adds user interface to edit alias rules, it will overwrite the file.


Restart Thunderbird. Start to compose a new message. Enter a recipient that should match one of your alias definitions. Ensure OpenPGP is selected as the technology for this message. Click the security button, to view the message security info.
The file that you manually edit must follow this structure:


Look for a line that contains the recipient email address that you expect to match your alias rule. If a problem was found, the status should be shown as "Alias Problem". If the alias was found to work, you'll see status "a -> b" to indicate that the address will be mapped to something else.
  {
    "description": "Thunderbird OpenPGP Alias Rules",
    "rules": [
      {
        "domain": "domain1.example.com",
        "keys": [
          {
            "description": "Catch-all for domain1.example.com",
            "fingerprint": "EB85BB5FA33A75E15E944E63F231550C4F47E38E"
          }
        ]
      },
      {
        "domain": "domain2.example.com",
        "keys": [
          {
            "description": "domain2.example.com folks",
            "fingerprint": "D1A66E1A23B182C9980F788CFBFCC82A015E7330"
          }
        ]
      },
      {
        "email": "list@domain1.example.com",
        "keys": [
          {
            "description": "John",
            "fingerprint": "D1A66E1A23B182C9980F788CFBFCC82A015E7330"
          },
          {
            "description": "Eve",
            "id": "F231550C4F47E38E"
          }
        ]
      }
    ]
  }


If it doesn't work as expected, open the error console (Menu Tools, Web Developer), it might contain additional information.
Note that descriptions are optional.


Note that it isn't necessary that a key has been marked as accepted. By defining the alias rule, you have declared that you accept the key for this use.
After you have provided the alias configuration, you may test it in the following way:


Note that currently the file is read only once at the time Thunderbird is started. If you make a change to the file, it's currently necessary to restart Thunderbird.
Start to compose a new message. Enter a recipient that should match one of your alias definitions. Ensure OpenPGP is selected as the technology for this message. Click the security button, to view the message security info.


If you would like to test that the correct keys are used, you may do so without actually sending the message. Use the menu command File / Send later. Then check your local folders, Outbox. Look for the message you have just prepared. Select it, and click the OpenPGP icon, and look at the recipient encryption keys. This allows you to check whic h keys will be used for encryption.
Look for a line that contains the recipient email address that you expect to match your alias rule. If a problem was found, the status should be shown as "Alias Problem". If the alias was found to work, you'll see status "a -> b" to indicate that the address will be mapped to something else.


The build is available for download from Mozilla's "try server".
If it doesn't work as expected, open the error console (Menu Tools, Web Developer), it might contain additional information.
The build is here:
https://treeherder.mozilla.org/jobs?repo=try-comm-central&revision=08f16db74457760be0a28572a21cf05890f0c290


You can see the list of patches included in the build, it is based on 78.6.0 plus the changes that are listed.
If you would like to test that the correct keys are used, you may do so without actually sending the message. Use the menu command File / Send later. Then check your local folders, Outbox. Look for the message you have just prepared. Select it, and click the OpenPGP icon, and look at the recipient encryption keys. This allows you to check whic h keys will be used for encryption.
 
Downloading a build works by clicking the green "B" of the platform you need, then clicking "Artifacts" in the lower area that appears, and then downloading the respective archive for your platform. For Linux you need target.tar.bz2 , for Windows you need target.zip , and for macOS you need target.dmg .
 
For convenience, here are direct links:
 
Linux 64 bit:
https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/eK7HevGjRIerrlBbECNgHQ/runs/0/artifacts/public/build/target.tar.bz2
 
Linux 32 bit:
https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/Vl9AKCQuT12fuHx_GuXAgA/runs/0/artifacts/public/build/target.tar.bz2
 
macOS:
https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/Vl9AKCQuT12fuHx_GuXAgA/runs/0/artifacts/public/build/target.tar.bz2
 
Windows 64 bit:
https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/RGM1smI2TySKHUZM7fqxfg/runs/0/artifacts/public/build/target.zip


Windows 32 bit:
See also https://bugzilla.mozilla.org/show_bug.cgi?id=1644085
https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/aiQ1BMLiQcmANAWKPjrCtA/runs/0/artifacts/public/build/target.zip


[[Category:Thunderbird_OpenPGP]]
[[Category:Thunderbird_OpenPGP]]
Kaie
Confirmed users
563

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1234239"

Navigation menu