How is Thunderbird signing my emails?

George Mitchell george+freebsd at m5p.com
Thu Nov 19 02:53:16 UTC 2020


The Thunderbird people have integrated the functionality of Enigmail
into Thunderbird itself.  In the abstract, this sounds like a great
idea, because I believe that the more people use PGP signatures and
encryption, the better.  But the concrete reality of the implementation
puzzles me in a couple of respects:

a. It's now inclined to attach my public key to every message I send,
unless I tell it it not to do that on a message-by-message basis (under
the "Security" menu in the message composition dialog).  I can't find
where I can globally disable this.

b. More alarmingly, when it appends my PGP signature to my outgoing
messages, it is able to unlock my private key without asking for the
passphrase.  How is it doing this??  Enigmail (not unexpectedly)
always had to ask for my passphrase, unless I had supplied it in the
last five minutes.                                       -- George

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20201118/bf610eaf/attachment.sig>


More information about the freebsd-hackers mailing list