How to ensure OpenPGP compliance?

prizedrice · November 6, 2025, 10:05am

Hi,

I have the latest version of GnuPG.

I’d like to make my keys OpenPGP-compliant to work with Thunderbird, as detailed here. I’ve tried their instructions, including replacing --rfc4880 with --openpgp, but my keys still have the LibrePGP-exclusive flags. Am I doing something wrong?

Alternatively, how do I set the openpgp flag in the gpg.conf file?

I’d be grateful for any help you can give.

– Jack

cklassen · November 6, 2025, 12:54pm

Hi @prizedrice,

What is your goal? Do you just want to be able to import the key in Thunderbird? I also was not able to do this with a file.
But when I exported the key with the option --armor then copied it and chose Edit → Import Key(s) from Clipboard I was able to import it.

Tried with GnuPG 2.4.8 and Thunderbird 128.12.0esr.

Just write openpgp in a seperate line in gpg.conf.

prizedrice · November 7, 2025, 12:15am

Thanks for the response.

Yes, I’m trying to import the key to Thunderbird without it telling me that there are unsupported feature flags.

The flags --rfc4880 and putting rfc4880 in gpg.conf are not doing anything. Unsupported feature flags are still being added, such as AEAD.

cklassen · November 7, 2025, 7:44am

I cannot confirm that is doesn’t do anything. Without --rfc4880 the pref list is set to

Cipher: AES256, AES192, AES, 3DES
AEAD: OCB
Digest: SHA512, SHA384, SHA256, SHA224, SHA1
Compression: ZLIB, BZIP2, ZIP, Uncompressed
Features: MDC, AEAD, Keyserver no-modify

With --rfc4880 it is set to

Cipher: AES256, AES192, AES, 3DES
AEAD: 
Digest: SHA512, SHA384, SHA256, SHA224, SHA1
Compression: ZLIB, BZIP2, ZIP, Uncompressed
Features: MDC, Keyserver no-modify

You can see that AEAD is empty and it is missing in Features.

Did you try to do it via clipboard import as I explained above?

prizedrice · November 8, 2025, 2:06am

Hmm, strange. I’m on macOS and the flag does nothing with these commands:

gpg --rfc4880 --edit-key [identifier]
setpref
save

What command are you using exactly? For me, Features still includes AEAD.

On Mac there is no clipboard import, but as GPG was still showing that the key had extra features I’m not sure Thunderbird was the issue. Exporting and then re-importing a Thunderbird-created key does not warn of unsupported features, and checking the key in GPG shows no extra feature flags.