Thunderbird since version 78 no longer uses GnuPG (GPG) for Email decryption, and as such GPG smartcards like the Librem Key no longer work out of the box with Thunderbird. To use the Librem Key to decrypt emails it is now necessary to manually enable GPG use in Thunderbird.
To make Thunderbird work with the Librem Key follow the steps bellow:
With this setup Thunderbird will use GPG and the smartcard to decrypt emails, but encrypting an email you send to someone else is still done via the new implementation that Thunderbird uses, so you still need import your Public Keys from GPG to Thunderbird as described here.
To enable Email decryption with a GPG Smartcard:
- First we enable GPG in Thunderbird again
- Then tell Thunderbird which GPG Key should be used to decrypt emails.
Go to the preferences page by selecting: Edit > Preferences
- At the bottom of the preferences page select: Config Editor
- Press the I accept the risk button
In the next page:
- Paste the following line in the search bar: mail.openpgp.allow_external_gnupg
- Then double click on the search result to change the setting from: false to true
- After that close the window
And with this setting Thunderbird will now use GPG (and the Smartcard if you have one) to decrypt emails.
To do this:
- Go to, Edit > Account Settings
- Select the email account in question and then the option; End-To-End-Encryption
- Select the option to use an External GPG Key
- In the Text input field paste the Fingerprint of the GPG key you use in your smartcard.
- Press: Save Key ID
Then it should look like this:
And after that you should be able to use your GPG smartcard (Libremkey, Nitrokey, etc.) to decrypt emails in Thunderbird.