Add support for Mozilla Thunderbird

[bcm0]

This could be useful for some people as recently mentioned in https://github.com/keepassxreboot/keepassxc/issues/88

Requests for KeePassRPC support (closed): https://github.com/keepassxreboot/keepassxc/issues/259 https://forum.kee.pm/t/use-with-keepassxc/311

[droidmonkey]

We are not going to add support for KeePassRPC. What is that actual request for? What part of Thunderbird requires you to iniect passwords into fields?

[bcm0]

I thought it would be obvious. Thunderbird is a mail client. It is based on Firefox and likewise it is capable to store passwords in its own password manager. If users don't use the manager they have to input their passwords in a popup window each time they receive or send mails. The purpose of KeePass is to provide a central password manager and replace the browser or mail clients own one.

I understood that KeePassRPC won't be supported, but maybe there's an alternative way to inject passwords?

[droidmonkey]

That is what KeePassXC-Browser extension is for. It may already work with Thunderbird if the dialog popups are the standard http auth dialogs that Firefox uses.

[ggeorgg]

I also think that it may already work, but I can't install KeepassXC-Browser addon in thunderbird. I don't know which things need to be adapted and how much work it is.

[jleclanche]

The purpose of KeePass is to provide a central password manager and replace the browser or mail clients own one.

This is tracked in #1403. KeepassXC should have the ability to be the system keyring, as those apps already integrate with it. Adding support for a single app specifically is not a scalable thing.

[bcm0]

You are right. Scalability is important. As Thunderbird ignores the system keyring it needs an individual solution like Firefox or Chrome.

[WPFilmmaker]

I would like to see this as well.

With the recent discoveries over firefox (and thunderbird) way to save passwords, something like keepassxc would be needed (if you don't know check https://palant.de/2018/03/10/master-password-in-firefox-or-thunderbird-do-not-bother).

Firefox is implementing a new password manager (https://www.bleepingcomputer.com/news/software/firefox-to-get-a-better-password-manager/) but who knows if/when it will land on thunderbird..

[Milliw]

+1 for this! Trying to migrate from Windows 10 to SolusOS/Linux these days and miss this. Under Windows using "Kee" (formerly "KeeFox") plugin was working well. Expected that there would be some solution under Linux, too, but I was wrong so far... :-/

[droidmonkey]

You can still use autotype in the interim

[bcm0]

You can still use autotype in the interim

Yes you can but that isn't comfortable if you have multiple accounts. Thanks for the suggestion though.

[moerkey]

+1 for this. I want to switch from KeePass2 to KeePassXC.

[mateusz-gozdek-sociomantic]

There is also https://github.com/kee-org/keebird project now, which could be considered in context of this issue.

[riedel]

Keebird seems to be a legacy fork due to firefox moving to webextension. Thunderbird will eventually follow I guess. This is the link to the state of webextension support in thunderbird: https://bugzilla.mozilla.org/show_bug.cgi?id=1396172 . Seems that mostly mail specific APIs are missing. I have not found info if native messaging would actually be already usable in latest versions.

I also think that it may already work, but I can't install KeepassXC-Browser addon in thunderbird. I don't know which things need to be adapted and how much work it is.

Has anyone tried what happens when trying to migrate this extension to a recent Thunderbird beta?

[WPFilmmaker]

@riedel keebird counterpart for firefox moved to webextension, no idea if keebird will follow...

In the meanwhile the "new" password manager for FF (see my previous comment in this ticket) is dead.

From the developer's github: "Please note: this is no longer an actively-developed prototype and not officially supported. Any data stored is not guaranteed to be retained in future updates."

https://github.com/mozilla-lockbox/lockbox-extension/releases

Can we please have support for TB? :)

[radasbona]

You can still use autotype in the interim

At the moment it's a real pain in the ass. Every Password Field (4 Mail Accounts, Calendar Server, Adressbook Server) has the same Window Title. The Keepass Helper Add-on i used before to fix this is abandon and broke in Tb 60.

[droidmonkey]

There are apparently other addons you can use to replace Keepass Helper: https://addons.mozilla.org/en-US/firefox/search/?platform=windows&q=url%20in%20title

[radasbona]

Well, Search Result > 1009 Addons. > Compatible with Thunderbird 60 > Zero.

All Thunderbird Addons have been moved to: https://addons.thunderbird.net

[droidmonkey]

Kinda says something about Thunderbird addon support

[Jonny007-MKD]

I started a addon on https://github.com/Jonny007-MKD/password-dialog-title. It can already be installed manually If you have some experience or time I would be happy to merge your PRs.

[zetheroo]

@Jonny007-MKD How does one install your addon? When I try to install it in TB (in Ubuntu 18.04) it says it cannot be installed. (Also your 'installed manually' link returns a 504)

[Jonny007-MKD]

@zetheroo: Turns out packaging that addon is only zipping it :) I create a release for you.

[AdamPS]

1403 is now fixed. There is an experimental Thunderbird add-on to integrate with GNOME keyring. Potentially those together could be a route to solving this issue. However the add-on is marked as experimental and not compatible with the latest Thunderbird version. I've not tried it yet.

[onitake]

@AdamPS I'm not sure if it makes a lot of sense to add an additional layer of indirection here. It could be useful if you already use Gnome and the Gnome keyring, but otherwise? On the other hand, perhaps something useful can be taken from this addon (UI wise for example).

[kkapsner]

I gave it a shot: https://github.com/kkapsner/keepassxc-mail

It's still in early alpha stage and any suggestions and enhancement requests are appreciated. So everybody who wants to try it/test/help is welcome.

[droidmonkey]

@varjolintu if this works out can we adopt this into our repo and officially support in the browser integration settings?

[varjolintu]

@droidmonkey Sure.

@kkapsner Thanks for giving this a shot!

[AdamPS]

@kkapsner That's great news, thank you very much for starting work. I'll try it as soon as I can but I'm a bit busy for the next few weeks. Please don't lose heart if no one tries it right away - if it works well I believe this will be well-used and much appreciated. However there are only 16 participants on the thread so it might take time for people to find it.

[varjolintu]

@kkapsner Btw, it would make the code more easier to read if you just use 'use strict'; at the start of each .js file instead of putting that inside every function.

[Jonny007-MKD]

I installed keepassxc-mail a few days ago and I already don't want to miss it anymore!

[kkapsner]

@all thanks for the encouraging feedback. I know that the start of a new addon is slow (especially when it's not officially signed) and will keep on working on it.

@varjolintu I have not decided yet on how I will organize the code/functionalities. But I actually got already annoyed by all the "use strict";s... so I definitely will not stick to that style ;)

[acolomb]

@kkapsner thank you for your efforts. I have tried it in a Thunderbird test profile and it seemed to work alright on first tries. Once it stabilizes and is getting more feature complete, I will probably switch over from KeePass2 / Keebird to keepassxc-mail soon.

[kkapsner]

Please leave an issue for each feature you want to have. Otherwise I will only implement what I think is necessary (e.g. I'm not quite sure if I should implement a "save password to database" feature).

[Jonny007-MKD]

Actually I am highly pleased and need nothing more 😉

[acolomb]

I (and others I presume from my web research) have struggled with finding the right URL to record for the mail server connections. Therefore I think automating this task would be awesome, as the URL is definitely known in the exact instant when the credentials are available for saving.

Another thing, which you already state in the installation manual: Setup of the native messaging should be easier. But you probably don't need a GitHub issue to remind you of that?

[kkapsner]

I (and others I presume from my web research) have struggled with finding the right URL to record for the mail server connections. Therefore I think automating this task would be awesome, as the URL is definitely known in the exact instant when the credentials are available for saving.

Good point. Then the "save to DB" feature is on the TODO list.

Another thing, which you already state in the installation manual: Setup of the native messaging should be easier. But you probably don't need a GitHub issue to remind you of that?

If everything works out it will be as simple as for the browser integration.

[sergeevabc]

@kkapsner, the main wish is to simplify the installation procedure. Currently it’s a mess, not to mention it’s not applicable for users of portable Thunderbird.

[varjolintu]

@seatedscribe We could add Thunderbird support directly to KeePassXC in the future, so the Native Messaging scripts are automatically installed.

@kkapsner This of course requires the org.keepassxc.keepassxc_mail and keepassxc-mail@keepassxc.org to be used instead of your own.

[sergeevabc]

@varjolintu

@@ -1,2 +1,2 @@
-@seatedscribe
-Thunderbolt
+@sergeevabc
+Thunderbird

[kkapsner]

@varjolintu sure I can use keepassxc.org - just did not want to use it without permission.

[invidian]

@droidmonkey has this been resolved?

[droidmonkey]

We are not going to implement this. Use Auto-Type.

[kerberizer]

FWIW, there's also https://github.com/kkapsner/keepassxc-mail

[droidmonkey]

^ now that's the power of open source right there @varjolintu we can add the above to our documentation

[kkapsner]

And as the addon policy seems to have changed in the last two years keepassxc-mail hopefully will be available on https://addons.thunderbird.net soon: https://github.com/kkapsner/keepassxc-mail/issues/2

(Still with the old addon-id - not sure how well Thunderbird handles id changes...)

[kkapsner]

@kkapsner This of course requires the org.keepassxc.keepassxc_mail and keepassxc-mail@keepassxc.org to be used instead of your own.

I had some thoughts about that in the last week. Using org.keepassxc.keepassxc_mail as the name of the native application is the right choice (it's maintained/controlled by keepassxc.org). But I would suggest that the MailExtension keeps the current ID keepassxc-mail@kkapsner.de. I have two reasons for that:

1. The extension is not maintained or in any way organisationally linked to keepassxc.org. To communicate that a different entity (myself) is responsible it should use the domain of that entity (mine). This responsibility is also communicated to ATN with that.
2. Some people still use the extension and the transition would cause some friction.

Can we get direct support for keepassxc-mail in keepassXC with that?

PS: I would suggest to use the label "Thunderbird (keepassxc-mail)" in the browser integration settings and a disclaimer that the extension is third party.

[kkapsner]

Ping @droidmonkey and @varjolintu.

[droidmonkey]

Why are you pinging me?

[kkapsner]

About my question in my comment before the ping to get direct support for keepassxc-mail into keepassxc.

[droidmonkey]

Created #7838 for tracking

[kkapsner]

Thanks!