2

As far as I know, when Alice sends an encrypted email using PGP to Bob then the email will be encrypted using Bob's public key. Only Bob can decrypt it (as long as no one else has Bob's private key).

As far as I know, Thunderbird implements exactly this behavior. Thunderbird 78 has this function built-in, for previous versions you need the enigmail-addon, which is doing in fact the same.

But when I open Thunderbird I can read in cleartext the encrypted emails which I have sent to other people. How is this possible? Does Thunderbird store an unencrypted copy of the emails anywhere?

schroeder
  • 123,438
  • 55
  • 284
  • 319
anion
  • 1,013
  • 8
  • 10
  • @schroeder - Your edit here changing *"encrypted sent"* to *"locally-stored"* may seem grammatically better but it is technically misleading. The reason is that depending upon how one is using **IMAP**, **sent** mail *may* reside on the server and is not locally stored at all. This is also why storing unencrypted sent copies would be a bad thing. – user10216038 Dec 24 '20 at 16:52

3 Answers3

2

Thunderbird prior to the completely re-written version 78 provided encrypted GPG/PGP email support via the Enigmail plugin.

Sending encrypted email used both your public key and the recipient(s) public key(s). This was easy to see simply by selecting the sent email. You would be prompted to enter your own Private Key to decrypt the sent mail, or you could look at the message source and see the -----BEGIN PGP MESSAGE----- content.

Thunderbird 78 is a complete re-write and no longer uses Enigmail or GPG. It now uses a subset of OpenPGP.

It still includes both your public key and the recipient(s) public key(s) but it's less easy to verify, you'd have to open the email via an editor outside of Thunderbird 78 to see that the sent copy is indeed encrypted.

So what's going on with Thunderbird 78 and the OP's question, "Does Thunderbird store an unencrypted copy of the emails anywhere?"

No it doesn't store unencrypted email, it stores your Private Key and auto opens everything!

Now it gets even fuzzier.

The New Thunderbird developers will tell you that the stored Private Key is encrypted, and it is, but it's automatically accessible via another key stored in the Thunderbird database, in the clear.

The next level of fuzz is that the official line here is that if you use a master password then the database is protected by the master password. This is true, but this means all of your private keys are protected by only the same master password.

The net result is that Thunderbird 78 automatically opens all your encrypted mail because it has all your PGP secret passwords. The developers insist that this is for search and sort convenience and is what users desire.

By contrast, Enigmail never writes private passwords to disk, they exist only in your head and in RAM while being actively used. Additionally opening one key does not open other keys.

Interlink is a Thunderbird XUL based fork. It supports Enigmail and Lightning plugins. You can even drop your current Thunderbird profile (Pre-78) into Interlink and be instantly converted over. It runs on Linux and Windows.

user10216038
  • 7,552
  • 2
  • 16
  • 19
  • References for these things? – schroeder Dec 24 '20 at 00:32
  • 1
    @schroeder - I've personally verified all of this but here you go. References: https://support.mozilla.org/en-US/questions/1304363 , https://bugzilla.mozilla.org/show_bug.cgi?id=1662272 , https://thunderbird.topicbox.com/groups/e2ee/T8fe10f820https://www.ghacks.net/2020/12/07/you-need-to-use-a-master-password-in-thunderbird-if-you-use-openpgp/?unapproved=4480493&moderation-hash=ba0cdf049668ec50adcf8168d53e1baa#comment-448049358bf9c6 , https://www.ghacks.net/2020/12/07/you-need-to-use-a-master-password-in-thunderbird-if-you-use-openpgp/?unapproved=4480493&moderation-hash=ba0cdf049668ec50adcf81 – user10216038 Dec 24 '20 at 03:51
1

You need to look at the basics of PGP:

  • an encryption key is created
  • the message is encrypted with this key
  • the key is encrypted with the receiver's public key
  • both encrypted encryption key and encrypted message is sent to receiver

So, A) there may be no need to encrypt the locally stored email (why would it?), and B) the message isn't encrypted with the receiver's key at all and your email client could store the key used for the message.

schroeder
  • 123,438
  • 55
  • 284
  • 319
-1

The email is encrypted with your PGP key and with the recipients PGP key.

martijnbrinkers
  • 690
  • 4
  • 7
  • 1
    Reference for this? – schroeder Dec 23 '20 at 10:44
  • martijnbrinkers is correct, this has been the standard mechanism used by Thunderbird Enigmai GPG pre version 78. 78 uses OpenPGP now but still works this way. However 78 also does something else. I'll add an answer. – user10216038 Dec 23 '20 at 23:23