1 unstable release
0.1.0 | Jan 27, 2021 |
---|
#57 in #openpgp
37KB
358 lines
This is a tool to interact with TB78 (and later) OpenPGP cert storage. It only deals with "public keys", private keys are not handled.
CAUTION: This tool is a hack to interact with Thunderbird's OpenPGP certificate storage. It might eat your keyring (see below).
Import all keys from a Keylist into Thunderbird
Three parameters are needed to import a Keylist into the Thunderbird databases:
- The filesystem path of the Thunderbird profile that the Keylist should be imported into,
- the URL of a Keylist,
- the expected CA Fingerprint for that Keylist.
The Gpgsync demo Keylist can be imported into Thunderbird like this:
$ tb-openpgp-certs -p ~/.thunderbird/foobar.default/ import keylist https://raw.githubusercontent.com/firstlookmedia/gpgsync/develop/example-keylist/keylist.json --ca 4CA5857F960C8A78D82C11F36D00387A7A0206E2
Details
Thunderbird 78+ stores public OpenPGP certificate data in two locations, in Thunderbird profile directories:
pubring.gpg
contains the actual OpenPGP certificatesopenpgp.sqlite
contains some metadata, in particular the "acceptance" level of each certificate
This tool modifies the content of those two files.
However, note that Thunderbird does not currently reload changes from these files until it is restarted.
Before running this tool, make backups of (at least) the files
pubring.gpg
and openpgp.sqlite
, if you worry about corrupting or losing
your Thunderbird OpenPGP certificate store.
Dependencies
~45–64MB
~1M SLoC