You need to use a Master Password in Thunderbird if you use OpenPGP

Martin Brinkmann
Dec 7, 2020
Email, Thunderbird
|
11

Thunderbird email client users who use the program's built-in email encryption functionality need to set a master password in Thunderbird to properly protect their encryption keys.

Thunderbird introduced support for encrypting emails using OpenPGP in the major version 78. Previously, Thunderbird users relied on extensions such as Enigmail to use encryption when reading and sending emails in the client.

The introduction of native support made things a lot easier, as it meant that users could get started encrypting emails right away without having to install and configure third-party extensions, even once as good as Enigmail.

Thunderbird 78.x supports the importing of keys and also the generation of new keys. Users who used encryption before to protect emails may notice that Thunderbird does not ask for an unlocking password when they need to encrypt or decrypt email messages in the client.

Kai Engert provided a technical analysis of the inner workings on Mozilla's Bug tracking site three months ago. According to him, secret keys are stored encrypted on the disk. Thunderbird generates a password automatically for all keys and stores it encrypted on the disk as well.

Problem is: the unprotected key is stored in the key4.db file in the Thunderbird directory. In other words: anyone who gets access to the file may use the information to decrypt the data and gain access to encrypted emails in the end.

A support page confirms this:

At the time you import your personal key into Thunderbird, we unlock it, and protect it with a different password, that is automatically (randomly) created. The same automatic password will be used for all OpenPGP secret keys managed by Thunderbird. You should use the Thunderbird feature to set a Master Password. Without a master password, your OpenPGP keys in your profile directory are unprotected.

The only protection that Thunderbird offers against this kind of threat is the master password.

Only by setting a master password will the information in key4.db be protected, and the use of the OpenPGP secret keys will then require to unlock once by entering the master password (to unlock key4.db, which has the information that can then be used to unlock the automatic password and the keys.)

How to set up a master password in Thunderbird

thunderbird set up master password

You can set up a master password in Thunderbird in the following way:

  1. Select Tools > Options in Thunderbird.
  2. Select Privacy & Security if it is not selected already.
  3. Scroll down to the passwords section on the page that opens.
  4. Check "use a master password".
  5. You may be asked to enter the operating system password/pin to proceed.
  6. Type the password and repeat it to set it.

Note that it is essential that you remember the password as it unlocks access to your emails and other data stored in Thunderbird. You may want to consider using a password manager such as KeePass to save the master password.

Other options

There are other means of protection, e.g. by using full disk encryption to prevent local access to the key4.db file. An open source program like VeraCrypt can be used for that. It is easy to set up and can be used to encrypt the system disk and/or other drives or partitions.

Closing Words

The development team may introduce support for protecting OpenPGP keys using user defined passwords instead of the single randomly generated password. A bug is already available but it is unclear whether the change will be introduced or if it won't be implemented.

Thunderbird users who use the built-in OpenPGP functionality may want to enable master password functionality to protect Thunderbird data against unauthorized access. Mozilla should consider informing users about the fact during the initial setup or import.

Now You: Do you use Thunderbird and OpenPGP?

Summary
You need to use a Master Password in Thunderbird if you use OpenPGP
Article Name
You need to use a Master Password in Thunderbird if you use OpenPGP
Description
Thunderbird email client users who use the program's built-in email encryption functionality need to set a master password in Thunderbird to properly protect their encryption keys.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. JMGG said on January 19, 2012 at 8:25 am
    Reply

    You said that Outlook isn’t your main email client, so which is your main one?

    1. BalaC said on January 19, 2012 at 9:42 am
      Reply

      I think its thunderbird

    2. Martin Brinkmann said on January 19, 2012 at 10:15 am
      Reply

      It is Mozilla Thunderbird.

  2. Salaam said on September 24, 2012 at 9:52 pm
    Reply

    Awesome! This actually solved my problem… what a stupid bug.

  3. Claud said on December 19, 2012 at 2:08 am
    Reply

    If this is the same bug that I’ve encountered, there may be another fix: (1) hover over open Outlook item in Taskbar, cursor up to hover over Outlook window item, and right-click; (2) this should give you Restore / Move / Size / Minimize / Maximize — choose Move or Size; (3) use your cursor keys, going arbitrarily N/S/E/W, to try to move or size the Outlook window back into view. Basically, the app behaves as though it were open in a 0x0 window, or at a location that’s offscreen, and this will frequently work to resize and/or move the window. Don’t forget to close while resized/moved, so that Outlook remembers the size/position for next time.

    1. Lynda said on February 12, 2013 at 3:37 pm
      Reply

      THANK YOU Claude!!! I could get the main window to launch but could not get any other message window to show on the desktop. You are my hero!!!!

    2. Chad said on November 20, 2018 at 4:24 pm
      Reply

      Solved my issue! 6 years later and this is still problem…

    3. Ivan X said on January 21, 2021 at 4:50 pm
      Reply

      Fantastic. Thank you. Size did the trick.

  4. Andrew said on October 26, 2013 at 7:06 am
    Reply

    This solved my Outlook problem, too. Thank you. :)

  5. Charles said on December 7, 2013 at 7:23 pm
    Reply

    Thank you so much, this started happening to me today and was causing big problems. You are a life saver, I hope I can help you in some way some day.

  6. garth said on November 7, 2014 at 7:13 pm
    Reply

    You are a god – thank you!

  7. Faisal said on February 9, 2015 at 10:09 am
    Reply

    thanks a lot…. work like charm.. :-)

  8. Simon said on March 24, 2015 at 11:36 pm
    Reply

    Yah…thanks Claude. I’ve been having the same problem and tried all the suggestions…your solution was the answer. It had resized itself to a 0/0 box. Cheers

  9. Olu said on April 14, 2015 at 1:35 pm
    Reply

    Excellent post. This had me baffled even trying to accurately describe the problem. This fixed it for me.
    Thank you

  10. Coenig said on July 23, 2015 at 7:36 am
    Reply

    Thanks a lot for the article. Don’t know why it happenend, don’t know how it got fixed, but it was really annoying and now it works :-)

  11. Fali said on January 20, 2016 at 4:19 pm
    Reply

    Thanks a lot. I was facing this issue from past 3 week. I tried everything but no resolution. The issue was happening intermittently and mainly when I was changing the display of screen ( as i use 2 monitors). The only option i had was to do system restore. But thanks to you.

    1. MIki said on January 10, 2019 at 11:54 am
      Reply

      I’ve been tried to sole this problem for 12hours. Your comment about changing the display of screen helped me a lot!! Thanks!!

  12. Christina said on January 20, 2016 at 6:14 pm
    Reply

    Thank you…don’t know why this happened but your instructions helped me fix it. Running Windows 10 and office pro 2007

  13. Oz said on July 22, 2016 at 3:20 pm
    Reply

    Great tip! Thanks!

  14. Tracy said on September 1, 2016 at 4:48 pm
    Reply

    Worked for me, too – thank you!!!

  15. shawn said on September 9, 2016 at 10:25 am
    Reply

    It’s Worked for me, too
    thank you very much!

  16. Jari said on October 31, 2016 at 11:53 am
    Reply

    I had a similar issue with Outlook 2013 on Windows 10 and this helped me to fix it. Thank you very much!

  17. Michel H said on November 30, 2016 at 11:08 pm
    Reply

    Thank you so much. Solved!
    Considering you published this in 2012, incredible not been debugged by Microsoft.
    Thank you again. M

  18. Ziad Bitar said on January 9, 2017 at 2:00 am
    Reply

    This problem was faced by only one user logging to TS 2008 r2 using outlook 2010.The issue was resolved.

    Thanks.

  19. Anonymous said on February 15, 2017 at 5:24 pm
    Reply

    Great tip. Thank you!!!! If it helps, I had to use the Control Key and the arrow keys at the same time to bring my window back into view. Worked like a charm.

  20. Rochelle said on March 6, 2017 at 11:59 am
    Reply

    Thank you, this worked !!!!

  21. anom1234 said on May 20, 2018 at 11:20 pm
    Reply

    Man, you are a fucking god. Thanks a lot, what an annoying bug!!

  22. JC said on October 12, 2020 at 2:14 pm
    Reply

    Awesome, this post solved the issue. Many thanks!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.