Page MenuHomePureOS Tracker

Configure Thunderbird to work with Librem Key and other GPG Smartcards
Updated 11 Days AgoPublic

Thunderbird since version 78 no longer uses GnuPG (GPG) for Email decryption, and as such GPG smartcards like the Librem Key no longer work out of the box with Thunderbird. To use the Librem Key to decrypt emails it is now necessary to manually enable GPG use in Thunderbird.

To make Thunderbird work with the Librem Key follow the steps bellow:

NOTE: These steps were done in PureOS and the Thunderbird Menu Bar is enabled. So these steps might be a little different in other setups.
NOTE: If you never used a Librem Key or a GPG Smartcard, and you are also setting them up for the first time, please check this manual on how to create and add a GPG key to your Librem Key/Smartcard.

With this setup Thunderbird will use GPG and the smartcard to decrypt emails, but encrypting an email you send to someone else is still done via the new implementation that Thunderbird uses, so you still need import your Public Keys from GPG to Thunderbird as described here.

IMPORTANT: Make sure you have GPG and GPGME installed. If you already used a smartcard you should already have them set up. If this is the first time you are setting this up them please make sure those two applications are installed.

To enable Email decryption with a GPG Smartcard:

  1. First we enable GPG in Thunderbird again
  2. Then tell Thunderbird which GPG Key should be used to decrypt emails.

1. Enable GPG again

Go to the preferences page by selecting: Edit > Preferences

cdp1

  • At the bottom of the preferences page select: Config Editor

cdp1

  • Press the I accept the risk button

cdp1

In the next page:

  • Paste the following line in the search bar: mail.openpgp.allow_external_gnupg
  • Then double click on the search result to change the setting from: false to true
  • After that close the window

cdp1

And with this setting Thunderbird will now use GPG (and the Smartcard if you have one) to decrypt emails.

2. Select GPG key to be used to decrypt emails

To do this:

  • Go to, Edit > Account Settings

cdp1

  • Select the email account in question and then the option; End-To-End-Encryption
  • Select the option to use an External GPG Key
  • In the Text input field paste the Fingerprint of the GPG key you use in your smartcard.
  • Press: Save Key ID

cdp1

Then it should look like this:

cdp1

And after that you should be able to use your GPG smartcard (Libremkey, Nitrokey, etc.) to decrypt emails in Thunderbird.

Last Author
joao.azevedo
Last Edited
Fri, Oct 9, 04:26

Event Timeline

joao.azevedo created this object.Thu, Oct 8, 11:22
joao.azevedo edited the content of this document. (Show Details)Thu, Oct 8, 11:28
joao.azevedo edited the content of this document. (Show Details)
mladen awarded a token.Thu, Oct 8, 11:58
joao.azevedo edited the content of this document. (Show Details)Fri, Oct 9, 04:26