You need to use a Master Password in Thunderbird if you use OpenPGP
Thunderbird email client users who use the program's built-in email encryption functionality need to set a master password in Thunderbird to properly protect their encryption keys.
Thunderbird introduced support for encrypting emails using OpenPGP in the major version 78. Previously, Thunderbird users relied on extensions such as Enigmail to use encryption when reading and sending emails in the client.
The introduction of native support made things a lot easier, as it meant that users could get started encrypting emails right away without having to install and configure third-party extensions, even once as good as Enigmail.
Thunderbird 78.x supports the importing of keys and also the generation of new keys. Users who used encryption before to protect emails may notice that Thunderbird does not ask for an unlocking password when they need to encrypt or decrypt email messages in the client.
Kai Engert provided a technical analysis of the inner workings on Mozilla's Bug tracking site three months ago. According to him, secret keys are stored encrypted on the disk. Thunderbird generates a password automatically for all keys and stores it encrypted on the disk as well.
Problem is: the unprotected key is stored in the key4.db file in the Thunderbird directory. In other words: anyone who gets access to the file may use the information to decrypt the data and gain access to encrypted emails in the end.
A support page confirms this:
At the time you import your personal key into Thunderbird, we unlock it, and protect it with a different password, that is automatically (randomly) created. The same automatic password will be used for all OpenPGP secret keys managed by Thunderbird. You should use the Thunderbird feature to set a Master Password. Without a master password, your OpenPGP keys in your profile directory are unprotected.
The only protection that Thunderbird offers against this kind of threat is the master password.
Only by setting a master password will the information in key4.db be protected, and the use of the OpenPGP secret keys will then require to unlock once by entering the master password (to unlock key4.db, which has the information that can then be used to unlock the automatic password and the keys.)
How to set up a master password in Thunderbird
You can set up a master password in Thunderbird in the following way:
- Select Tools > Options in Thunderbird.
- Select Privacy & Security if it is not selected already.
- Scroll down to the passwords section on the page that opens.
- Check "use a master password".
- You may be asked to enter the operating system password/pin to proceed.
- Type the password and repeat it to set it.
Note that it is essential that you remember the password as it unlocks access to your emails and other data stored in Thunderbird. You may want to consider using a password manager such as KeePass to save the master password.
Other options
There are other means of protection, e.g. by using full disk encryption to prevent local access to the key4.db file. An open source program like VeraCrypt can be used for that. It is easy to set up and can be used to encrypt the system disk and/or other drives or partitions.
Closing Words
The development team may introduce support for protecting OpenPGP keys using user defined passwords instead of the single randomly generated password. A bug is already available but it is unclear whether the change will be introduced or if it won't be implemented.
Thunderbird users who use the built-in OpenPGP functionality may want to enable master password functionality to protect Thunderbird data against unauthorized access. Mozilla should consider informing users about the fact during the initial setup or import.
Now You: Do you use Thunderbird and OpenPGP?
You said that Outlook isn’t your main email client, so which is your main one?
I think its thunderbird
It is Mozilla Thunderbird.
Awesome! This actually solved my problem… what a stupid bug.
If this is the same bug that I’ve encountered, there may be another fix: (1) hover over open Outlook item in Taskbar, cursor up to hover over Outlook window item, and right-click; (2) this should give you Restore / Move / Size / Minimize / Maximize — choose Move or Size; (3) use your cursor keys, going arbitrarily N/S/E/W, to try to move or size the Outlook window back into view. Basically, the app behaves as though it were open in a 0x0 window, or at a location that’s offscreen, and this will frequently work to resize and/or move the window. Don’t forget to close while resized/moved, so that Outlook remembers the size/position for next time.
THANK YOU Claude!!! I could get the main window to launch but could not get any other message window to show on the desktop. You are my hero!!!!
Solved my issue! 6 years later and this is still problem…
Fantastic. Thank you. Size did the trick.
This solved my Outlook problem, too. Thank you. :)
Thank you so much, this started happening to me today and was causing big problems. You are a life saver, I hope I can help you in some way some day.
You are a god – thank you!
thanks a lot…. work like charm.. :-)
Yah…thanks Claude. I’ve been having the same problem and tried all the suggestions…your solution was the answer. It had resized itself to a 0/0 box. Cheers
Excellent post. This had me baffled even trying to accurately describe the problem. This fixed it for me.
Thank you
Thanks a lot for the article. Don’t know why it happenend, don’t know how it got fixed, but it was really annoying and now it works :-)
Thanks a lot. I was facing this issue from past 3 week. I tried everything but no resolution. The issue was happening intermittently and mainly when I was changing the display of screen ( as i use 2 monitors). The only option i had was to do system restore. But thanks to you.
I’ve been tried to sole this problem for 12hours. Your comment about changing the display of screen helped me a lot!! Thanks!!
Thank you…don’t know why this happened but your instructions helped me fix it. Running Windows 10 and office pro 2007
Great tip! Thanks!
Worked for me, too – thank you!!!
It’s Worked for me, too
thank you very much!
I had a similar issue with Outlook 2013 on Windows 10 and this helped me to fix it. Thank you very much!
Thank you so much. Solved!
Considering you published this in 2012, incredible not been debugged by Microsoft.
Thank you again. M
This problem was faced by only one user logging to TS 2008 r2 using outlook 2010.The issue was resolved.
Thanks.
Great tip. Thank you!!!! If it helps, I had to use the Control Key and the arrow keys at the same time to bring my window back into view. Worked like a charm.
Thank you, this worked !!!!
Man, you are a fucking god. Thanks a lot, what an annoying bug!!
Awesome, this post solved the issue. Many thanks!