Using Thunderbird with Librem Key

Thunderbird versions 78 and newer no longer use GnuPG (GPG) for email decryption, therefore GPG smartcards like the Librem Key no longer work out of the box with Thunderbird. To use the Librem Key to decrypt emails, it is now necessary to manually enable GPG use in Thunderbird.

Follow these steps to connect your Librem Key with Thunderbird:

Note

These steps were created within PureOS, and the Thunderbird Menu Bar is enabled. These steps might appear slightly little different using other setups.

Note

If you have never used a Librem Key or a GPG Smartcard, and you are also setting them up for the first time, please refer to this guide to create and add a GPG key to your Librem Key/Smartcard.

In this setup, Thunderbird will use GPG and the smartcard to decrypt emails. However, encrypting an email is still done via the new implementation that Thunderbird uses. You must still import your Public Keys from GPG to Thunderbird as described here.

Important

Make sure you have GPG and GPGME installed. If you have already used a smartcard, you should already have them set up. If this is the first time you are setting them up, please ensure these two applications are installed.

To enable Email decryption with a GPG Smartcard:

  1. Enable GPG in Thunderbird again

  2. Tell Thunderbird which GPG Key should be used to decrypt emails.

Enable GPG again

  1. Go to the preferences page by selecting: Edit > Preferences

Thunderbird Preferences page

  1. Select Config Editor at the bottom of the preferences page

Thunderbird Config Editor

  1. Select the I accept the risk button

Thunderbird disclaimer

  1. Paste the following line in the search bar: mail.openpgp.allow_external_gnupg

  2. Double-click on the search result to change the setting from: false to true

  3. Close the window

Thunderbird about:config

With this setting, Thunderbird will now use GPG (and the Smartcard if you have one) to decrypt emails.

Select GPG key to be used to decrypt emails

  1. Navigate to Edit > Account Settings

Thunderbird account settings

  1. Select the email account in question and then the option: End-To-End-Encryption

  2. Select the option to use an External GPG Key

  3. Paste the Fingerprint of the GPG key you use in your smartcard into the text input field

  4. Select Save Key ID

Adding an OpenPGP Key to Thunderbird

It should now look like this:

OpenPGP Key added to Thunderbird

You should now be able to use your GPG smartcard (Librem Key, Nitrokey, etc.) to decrypt emails in Thunderbird.