What types of OpenPGP keys are supported?
Please note: Thunderbird uses RNP software to handle keys, which may not yet support some types of keys. This means that some keys supported by GnuPG / Enigmail may not work with Thunderbird 78 by default, especially some keys with advanced structures. However, for private keys, you can solve the problem by configuring Thunderbird to use GnuPG , as described in the next section.
The following keys are not or are not supported by Thunderbird 78 by default :
Certain incomplete keys, such as keys that use offline primary keys.
Keys with different passwords for subkeys
The key is located on a smart card.
A key that uses the MD5 hashing algorithm.
Some other keys may not yet be supported by RNP.
If you find a key that doesn't work in Thunderbird, please report it! If possible, and only if it's a public key, please provide a copy of the key. Be careful, never send us your secret/private keys!
What should I do if Thunderbird doesn't support my key?
Thunderbird 78 allows you to optionally set up external software called GnuPG to handle your keys (for digitally signing and decrypting received messages). This allows the use of smart cards or hardware tokens that store your keys. You can also use it for keys that are stored in files on your computer and are not supported by Thunderbird's built-in OpenPGP implementation.
You need to install and configure the required GnuPG software yourself, as it is not distributed with Thunderbird. Therefore, this mechanism is not enabled by default. To learn how to use it, see the next question about smart cards.
Note that public keys and their acceptance settings (for encryption and signature verification) are always handled by Thunderbird's internal code.
Can I use an OpenPGP smart card or hardware token with Thunderbird 78?
Yes, we do offer an optional mechanism. It requires you to install GnuPG and all required software yourself.
Make sure you have configured a personal key for your email account or identity. When composing an email, use homeowner database the Options menu or the menu on the Security button and enable the protection you want to use.
What is needed to send an encrypted message?
You must set up and select your personal key.
You must have an acceptable public key for each recipient of an encrypted message you want to send. The public key is usually attached to the correspondent's email. Another section of this document provides more information on obtaining public keys from other people.
You must verify that the correspondent's public key actually belongs to them. If you accept someone's public key without verification, you will expose your communications to a man-in-the-middle attack (MITM).
If you do not have the public key for each recipient, your message will be blocked and Thunderbird will alert you. You can choose not to send the message at all, or disable encryption and send the message without protection.