Qubes/Thunderbird 78: Difference between revisions

From Legoktm
(wip)
 
(finish)
 
Line 1: Line 1:
Guide on how to configure Qubes's split GPG to work in Thunderbird 78 as a "smartcard". This is based on a post in r/Qubes, but the OP deleted it. Also see the [https://wiki.mozilla.org/Thunderbird:OpenPGP:Smartcards#Qubes_split_GPG_configuration Thunderbird split GPG documentation] and [https://wiki.mozilla.org/Thunderbird:OpenPGP:Migration-From-Enigmail migration notes].
This is based on a post in r/Qubes, but the OP deleted it.


# Upgrade your TemplateVM so it installs Thunderbird 78
# Upgrade your TemplateVM so it installs Thunderbird 78
Line 5: Line 5:
# Set <code>mail.openpgp.allow_external_gnupg</code> to <code>true</code> and <code>mail.openpgp.alternative_gpg_path</code> to <code>/usr/bin/qubes-gpg-client-wrapper</code>.
# Set <code>mail.openpgp.allow_external_gnupg</code> to <code>true</code> and <code>mail.openpgp.alternative_gpg_path</code> to <code>/usr/bin/qubes-gpg-client-wrapper</code>.
# Restart Thunderbird
# Restart Thunderbird
# Go to Account settings -> End-To-End encryption. You'll see something like "Thunderbird doesn't have an OpenPGP key for <address>"
# Click "Add key", select "Use your external key through GnuPG (e.g. from a smartcard)" and then "Continue"
# Enter the full key ID of the associated GPG key. You can run <code>gpg --list-secret-keys</code> in your split GPG vm to get the full key ID.
# Click "Save Key ID" and then you should be set.

Supposedly there's a way to get Enigmail to import your previous GPG keyring into Thunderbird, but I didn't figure that part out.

Latest revision as of 17:19, 8 October 2020

Guide on how to configure Qubes's split GPG to work in Thunderbird 78 as a "smartcard". This is based on a post in r/Qubes, but the OP deleted it. Also see the Thunderbird split GPG documentation and migration notes.

  1. Upgrade your TemplateVM so it installs Thunderbird 78
  2. Open Thunderbird, go to Preferences, scroll all the way down and click on "Config Editor". Accept the warning.
  3. Set mail.openpgp.allow_external_gnupg to true and mail.openpgp.alternative_gpg_path to /usr/bin/qubes-gpg-client-wrapper.
  4. Restart Thunderbird
  5. Go to Account settings -> End-To-End encryption. You'll see something like "Thunderbird doesn't have an OpenPGP key for <address>"
  6. Click "Add key", select "Use your external key through GnuPG (e.g. from a smartcard)" and then "Continue"
  7. Enter the full key ID of the associated GPG key. You can run gpg --list-secret-keys in your split GPG vm to get the full key ID.
  8. Click "Save Key ID" and then you should be set.

Supposedly there's a way to get Enigmail to import your previous GPG keyring into Thunderbird, but I didn't figure that part out.