We should allow expert users to retrieve the passphrase that was automatically created to protect the RNP keyring files managed by Thunderbird.

Background:

Thunderbird stores the OpenPGP secret files in a keyring file inside the Thunderbird profile directory.

The keyring file is managed by the RNP software. To ensure that copying the keyring file isn't sufficient to obtain the secret keys (when using a master password in Thunderbird), they are protected with a passphrase.

We want to centralize the protection of secret key storage with the Thunderbird's Master Password mechanism, that's why we don't ask the user to provide the passphrase. Rather, the passphrase is randomly generated at initial keyring creation time.

The password is saved in file encrypted-openpgp-passphrase.txt - however - again, copying this file shouldn't be sufficient to obtain the passphrase (when using a master password in Thunderbird).

File encrypted-openpgp-passphrase.txt is encrypted using the symmetric key stored in key4.db, as part of the Secret Decoder Ring functionality.

By default, the symmetric key inside file key4.db is unprotected. However, as soon as the user sets a master password, the symmetric key inside key4.db is protected with PBE (password based encryption).

This means, by default, if the user doesn't set a master password, the secret keys can be recovered easily, if the files key4.db, encrypted-openpgp-passphrase.txt and the keyring files are all available.

However, as soon as a master password is set, obtaining those files is no longer sufficient to make use of the keys.

Because of this approach, it's unnecessary to reencrypt the keyring files or file encrypted-openpgp-passphrase.txt at the time the master password is set, because those files are already encrypted.

We could consider to add a command to the OpenPGP key manager, "show passphrase used for OpenPGP keyring of secret keys".

If a master password is set, the user would be required to enter the master password to confirm, before the keyring passphrase is shown on screen.

Note that ideally, users shouldn't have to worry about the file format that we're using internally to manage the secret keys. These files are not intended to be shared with other software, and I think we don't want to promise that the format of the keyring files will remain the same between Thunderbird releases.

So ideally, we'd add a functionality to export the internal secret keys into a standard OpenPGP private key file. That would make it unnecessary to reveal the passphrase that we're using internally.

The functionality to backup/export a private is already offered in the Thunderbird OpenPGP key manager, it's just not yet working/implemented.

The backup functionality will very soon be added in bug 1651707.

For this bug here (reveal password used for internal storage) I'd like to declare it as wontfix, because users aren't support to use this storage.
The argument is that we don't want to promise that the storage in the profile directory will remain stable, and users shouldn't try to access or modify it directly.
However, for advanced users, I would be OK to add a hidden preference, that enables an additional menu command in the key manager, which can then be used to view the storage password.

Let's just wontfix it then.

I realize this doesn't require any UI.
It's possible to use the Thunderbird error console to view it.
That means, anyone with access to a running Thunderbird executable, which has been unlocked with the master password, can enter commands into the error console to display the automatic passphrase.

Should we document the commands here?

Remember that to protect your keys, you need to protect access to your computer.
Encrypt your harddisk.
Lock your computer's screen when you're not using it, to ensure nobody executes these commands and steals your key files, and nobody installs a key logger to steal your passwords that you type into other software (such as gnupg).

Hi :KaiE:,
can you please describe the steps that are needed to get the clean passphrase for the keys. The ticket has status "wontfix" but the functionality is nessesary for some users like me who want to use the public-keys from thunderbird to i.e. encrypt files or want to migrate to a gnupg but keep the keys.
That there are security issues with the way thunderbird store opengpg keys / there passphrases made it even more necessary to have a way to get that stuff fixed manually, when the public-keys are already published to a number of email recipients.

Does the backup functionality added in bug 1651707 not work for you?

(In reply to Daniel Veditz [:dveditz] from comment #8)

Does the backup functionality added in bug 1651707 not work for you?

In the meantime, i changed to the experimental external gnu-keyring system of thunderbird. And have no problems.

But before i tried to use the "export to file" function of the thunderbird-keyring. And later imported it into the the gnu-keyring. I found that i need to have a passphrase to use them for decrypting messages. Which i don't have cause thunderbird created the passphrase automatically.

Is there any difference in "export to file" from "security copy of secret key"?
Is the certificate still the same after export/security copy the certificate?
How to get the passphrase of an thunderbird generated certificate?

P.S.: I don't know the exact english menu labels. I use the german version which is:
"Schlüssel in Datei exportieren" -> export to file
"Sicherheitskopie für geheime(n) Schlüssel erzeugen" -> security copy of secret key

Hi, I am still interested in what's going on because:

• Ubuntu keeps asking me for a passphrase while I didn't put any
• I managed to recover the Thunderbird-generated passphrase from key4.db using firepwd: https://security.stackexchange.com/a/255173/8965
• I managed to export a backup key (using a new passphrase) and import it on Thunderbird/RNP on another computer (using this new passphrase)
• I didn't manage to import this backup key on GnuPG, neither on this computer nor another computer

Is it a problem of cache, or is there a problem in the way GnuPG handles this Thunderbird/RNP-generated key?

(In reply to vie from comment #10)

• I didn't manage to import this backup key on GnuPG, neither on this computer nor another computer

Do you have EdDSA/x25519 keypair? Currently exists some incompatibility between GnuPG and RNP (GnuPG fails to import EdDSA secret key, generated by RNP), described here https://bugzilla.mozilla.org/show_bug.cgi?id=1713621 and here: https://dev.gnupg.org/T5464

Backwards it works fine.

I realize this doesn't require any UI.
It's possible to use the Thunderbird error console to view it.
That means, anyone with access to a running Thunderbird executable, which has been unlocked with the master password, can enter commands > into the error console to display the automatic passphrase.

Should we document the commands here?

please document how to do it.

I have to help a user who forgot the passphrase and now can't import the secret key in a new laptop using a new profile.

I would like to not revoke the key, but to be able to export the secret key and import that in the new laptop using tb 78

thanks.

Given comment 10, there is no point in keeping it secret.

It's just that it allows easier drive-by attacks by everyone.

But anyone with the required skills could hire a developer to find the necessary commands to reveal it.
So keeping this secret is simply security-by-obscurity.

It needs to be clear that if you have secrets on your machine, but keep your machine unlocked, your secrets are at immediate risk.

So always keep your machine locked when you're away, use a master password, protect your files on disk, and protect all your backups.

If you have access to the unlocked Thunderbird, open the Developer Tools / Error Console, and execute the commands from comment 14.

var { OpenPGPMasterpass } = ChromeUtils.import("chrome://openpgp/content/modules/masterpass.jsm");
await OpenPGPMasterpass.retrieveOpenPGPPassword();