I migrated to Thunderbird after Microsoft desupported Outlook Express around the mid-2000's. Dealing with large email folders in Windows Mail tested my patience. I also didn't want to upgrade to licensed Outlook. So Thunderbird has been my primary desktop email client during the life of this blog, and it's no accident that multiple posts have touched on Thunderbird.
This week I upgraded to Thunderbird 78; upgrades are always risky since some of your add-ons may not be compatible with the new release. So, for example, a plug-in I was using to access at least a half dozen Google calendars isn't currently available. Of course, I can easily check Google Calendar on my desktop or Android, but it's convenient in my email client if I see, say, a grandniece is celebrating her birthday.
One thing I've looked at doing is improving my email security through PKI technology. Basically there are public/private key pairs that you can use to encrypt and/or establish nonrepudiation of an email source. For example, I can use your public key to encrypt an email so only you can view its content, e.g., by providing a correct passcode/PIN. I can also apply my private key to the email which you could use my public key to verify that I sent said email. (For a related discussion, see here.)
Government (especially military) personnel often use smart tokens/smartcards known as CAC's. (I've discussed CAC's in recent posts.) Basically there are PKI certificates which are paired with your passcode/PIN to work with secure emails, network access and/or endpoint devices, etc.,It's a form of multi-factor authentication: something you have (a token), something you know (the passcode).
In legacy Thunderbird one add-on, Enigmail, has provided an implementation of PKI through integration with OpenPGP (pretty good privacy). I muddled through its implementation. All of this is freeware, no out-of-pocket costs including limited-term certificates, Now I have a large number of email accounts for various purposes, but there are 3 external providers I primarily use (an arbitrary order: hormail/outlook.com, gmail, and yahoo). And so I configured key-pairs for each of the accounts, and tested the functionality among the accounts.
The biggest problem I have with the technology is almost no personal contact or other (business) emails deploy PKI. I use it so infrequently (mostly to check functionality after various upgrades), I'll sometimes have to check one of my password stores to recall my different passphrases for the accounts.
One of the key new features of Thunderbird 78 is native support for OpenPGP, which basically means Enigmail is redundant. It's fairly straightforward to create a new keypair through OpenPGP Kleopatra, but I haven't come across any tutorials on implementing them in Thunderbird. As time permits, I'll try to add a fourth keypair and perhaps document it in a future post.
One nice thing in Thunderbird for past Enigmail users is they provide a migration option I believe in the options menu. At least the initial steps of the migration were fairly obvious; in my case, in the order yahoo, gmail and outlook.com. What completely threw me off was the fourth prompt, which prompted me for the password for a long randomized alphanumeric string. What the hell? Is it prompting me for some password I forgot to capture in configuring Enigmail a while back?
I noticed there \were 3 such prompts\, so the obvious inference is I had to reenter the same passwords. In what order? I guessed in the earlier migration sequence. Good guess. I'm not sure why the interface was designed that way, but it wasn't obvious.
It's fairly easy to toggle on the signature and/or encryption options (I think through a security menu in the compose window), not to mention adding your public key to the email. And when I opened the email at the target I noticed a nice padlock symbol in the message window.
