From 28bcddc6591b3ff87b74102f4f007838a4957dd1 Mon Sep 17 00:00:00 2001 From: tiyn Date: Wed, 1 Jul 2026 01:27:58 +0200 Subject: [PATCH] Thunderbird: Improved Guide to Update PGP keys --- wiki/android/fairemail.md | 5 +++++ wiki/openpgp.md | 10 +++++++--- wiki/thunderbird.md | 42 +++++++++++++++++++++++++++++++++++---- 3 files changed, 50 insertions(+), 7 deletions(-) diff --git a/wiki/android/fairemail.md b/wiki/android/fairemail.md index 728af06..1f3f115 100644 --- a/wiki/android/fairemail.md +++ b/wiki/android/fairemail.md @@ -23,6 +23,11 @@ There the provider of OpenPGP (`OpenPGP provider`) can be set to OpenKeychain (`org.sufficientlysecure.keychain`). Using OpenKeychain PGP keys can then be imported and stored. +Please note that keys only need to be imported once. +If the keys are changed, especially if identities are added or remove, the key inside the +OpenKeychain app can simply be updated by selecting the update button. +However, identities need to be removed manually sometimes. + After this is done outgoing mails can be encrypted by signed or encrypted by selecting the `Encrypt` selection on the top bar when writing emails. diff --git a/wiki/openpgp.md b/wiki/openpgp.md index 446e961..737476e 100644 --- a/wiki/openpgp.md +++ b/wiki/openpgp.md @@ -13,8 +13,12 @@ sometimes also `gpg` or `gpg2` package. ## Usage This section addresses the usage of OpenPGP. +All topics regarding generation, export or editing keys are described in the specific implementation +of the OpenPGP standard – for example [PGP](/wiki/linux/gpg.md). -### Encrypting, Decrypting, Signing and Verifying Emails +### Publishing PGP Keys -OpenPGP is often used to encrypt, decrypt or sign [emails](/wiki/email.md). -Most modern [email clients](/wiki/email.md#client) feature a way to do that. +It sometimes can be useful to publicly publish your public key. +This is mostly done to verify mail addresses. +For this the public key is usually added be added on [keys.openpgp.org](https://keys.openpgp.org). +Select `upload` or `manage` on the website and follow instructions to set this up. diff --git a/wiki/thunderbird.md b/wiki/thunderbird.md index c2ae29e..5d78d1d 100644 --- a/wiki/thunderbird.md +++ b/wiki/thunderbird.md @@ -7,21 +7,55 @@ numerous [email](/wiki/email.md) addresses, calendars, todos and contacts. The following section addresses different uses and add-ons of Thunderbird. +### Add New Alias/Identity to Existing Account + +When using mail aliases most of the time they by default map to the existing mail. +This way the receiving of messages works by default. +However, some steps have to be taken for the sending of messages using the alias mail address to +work. +Navigate to the `Account Setting` entry of the existing mail address. +There select `Manage Identities...` and select `Add...`. +Set `Your Name` and `Email Address` accordingly to the new alias. +At the `Private Data` section set the existing mail address identity under `Outgoing Server`. +Then save. +Afterward, if you intend to use end-to-end encryption select the alias identity entry again and +select `Edit`. +Navigate to `End-To-End Encryption` and set the settings according to your wishes. +For example the OpenPGP key may have to be selected and default settings for signing could be set. + ### Use PGP Key for Encryption, Decryption and Signing Thunderbird can use [OpenPGP](/wiki/openpgp.md) to sign, encrypt or decrypt mails. -To add this navigate to the `Account Settings` under `Edit` and then select the mail to add the PGP -key to and `End-to-End Encryption`. -There keys can be added by selecting `Add Keys...` and afterwards the private key can be selected + +Firstly a key needs to be generated. +This is explained in the sections on [key generation](/wiki/linux/gpg.md#generating-a-key-pair), +[key management](/wiki/linux/gpg.md#managing-multiple-users-and-e-mails-of-an-existing-secret-key) +and [key export](/wiki/linux/gpg.md#backing-up-and-exporting-keys) in the +[GPG entry](/wiki/linux/gpg.md). +Other [OpenPGP](/wiki/openpgp.md) implementations can also be used but [GPG](/wiki/linux/gpg.md) is +the most used one. + +To add a key to an existing mail account on Thunderbird, navigate to the `Account Settings` under +`Edit` and then select the mail to add the PGP key to and `End-to-End Encryption`. +There keys can be added by selecting `Add Keys...` and afterward the private key can be selected for encryption, decryption and signing. This however is only possible if the key is issued to the same e-mail it should be added to. In the `Account Settings` of emails with set up PGP key the default options can be set up. -Under `Deault settings for sending messages` it can be set to encrypt or not encrypt mails by +Under `Default settings for sending messages` it can be set to encrypt or not encrypt mails by default. Emails can also be signed by default if not encrypted (for this select `Sign unencrypted messages`). +Finally, the PGP key should be published. +This can be done via Thunderbirds own `OpenPGP Key Manager` under the `End-To-End Encryption` tab of +the `Account Settings` of a mail entry. +Select a OpenPGP key to publish and select `Keyserver` and `Publish`. +Thunderbird will, by default, publish to [keys.openpgp.org](https://key.openpgp.org) but the +managing and removal of keys can be more easily be done manually as explained in the +[OpenPGP entry](/wiki/openpgp.md#publishing-pgp-keys). +It is generally recommended to also publish the keys this way. + ### Enable Spell Checking of a Specific Language Spell checking can be changed in the `Settings` from the `Edit` tab.