#openpgp #thunderbird #keylist

app tb-openpgp-certs

A tool to interact with TB78 (and later) OpenPGP cert storage

1 unstable release

0.1.0 Jan 27, 2021

#57 in #openpgp

GPL-3.0-or-later

37KB
358 lines

This is a tool to interact with TB78 (and later) OpenPGP cert storage. It only deals with "public keys", private keys are not handled.

CAUTION: This tool is a hack to interact with Thunderbird's OpenPGP certificate storage. It might eat your keyring (see below).

Import all keys from a Keylist into Thunderbird

Three parameters are needed to import a Keylist into the Thunderbird databases:

  • The filesystem path of the Thunderbird profile that the Keylist should be imported into,
  • the URL of a Keylist,
  • the expected CA Fingerprint for that Keylist.

The Gpgsync demo Keylist can be imported into Thunderbird like this:

$ tb-openpgp-certs -p ~/.thunderbird/foobar.default/ import keylist https://raw.githubusercontent.com/firstlookmedia/gpgsync/develop/example-keylist/keylist.json --ca 4CA5857F960C8A78D82C11F36D00387A7A0206E2

Details

Thunderbird 78+ stores public OpenPGP certificate data in two locations, in Thunderbird profile directories:

  • pubring.gpg contains the actual OpenPGP certificates
  • openpgp.sqlite contains some metadata, in particular the "acceptance" level of each certificate

This tool modifies the content of those two files.

However, note that Thunderbird does not currently reload changes from these files until it is restarted.

Before running this tool, make backups of (at least) the files pubring.gpg and openpgp.sqlite, if you worry about corrupting or losing your Thunderbird OpenPGP certificate store.

Dependencies

~45–64MB
~1M SLoC