OpenPGP template for Thunderbird not working

[JohnBox]

Running TB portable alongside Gpg4win and Enigmail addon and am wondering what I would need to write in the OpenPGP template to allow all functions relating to OpenPGP and the Enigmail addon please?

TB portable exe is e.g = ThunderbirdUser.exe

Path to TB Portable exe e.g. = H:\SOFTWARE\THUNDERBIRD PORTABLE User\NORMAL

Path to Gpgp4win executables = C:\Program Files (x86)\GNU\GnuPG

I can sign, encrypt and decrypt emails sent and received fine when outside of SBOX, though when running TB in SBOX I keep running into errors even if I allow all processes it fires up.

Current Local template mock-up looks like this and unfortunately it is not working.

Code: Select all

[Template_Local_Thunderbird_User_PGP]
Tmpl.Title=OpenPGP for Thunderbird User
OpenFilePath=<gpg_programs>,%AppData%\gnupg\
OpenFilePath=<gpg_programs>,%Local AppData%\Thunderbird
OpenFilePath=<gpg_programs>,%AppData%\Thunderbird
OpenFilePath=<gpg_programs>,%Tmpl.Thunderbird_User_PGP%
OpenFilePath=thunde~1.exe,%AppData%\gnupg
OpenFilePath=thunderbirdUser.exe,%AppData%\gnupg
ProcessGroup=<gpg_programs>,gpg.exe,gpg2.exe,gpg-agent.exe
LingerProcess=gpg-agent.exe
Tmpl.Class=Local

SBIE version is 4.18 64-bit.

I already have a local TB portable template that enables me to run the above mentioned TB exe in portable mode. Using this as local template as there are more than one instances of TB portable on the machine for various users and it works fine.

Perhaps I can combine this local template with the OpenPGP functions and put it all in one local template?

Code: Select all

[Template_Local_ThunderbirdUser]
Tmpl.Title=ThunderbirdUser
OpenFilePath=thunderbirdUser.exe,%Tmpl.ThunderbirdUser%
Tmpl.Class=Local

Thanks for any help towards this.

[Guest10]

Questions, more than help...
"OpenFilePath=<gpg_programs>,%AppData%\Thunderbird"
You call this "portable" Thunderbird. Or, is it really just normal TB that's been set up so that multiple users each have their own profile?

The above setting should specify the folder containing the "profiles.ini" file and the "Profiles" folder. Are those items really located underneath "%AppData%\Thunderbird" for each user?
I know that each user would have their own %AppData% folder, but I seem to recall that in a different forum thread you used Sandbox Settings > Applications > Folders to define the location of the Thunderbird profile folder for each user.
Using the "Folders" setting would define the location for the profile folder under a [TemplateSettings] section in Sandboxie's configuration file.

"OpenFilePath=<gpg_programs>,%Tmpl.Thunderbird_User_PGP%"
Is the variable called "%Tmpl.Thunderbird_User_PGP%" defined anywhere in Sandboxie's configuration file?
Normally, a user created variable would need to be defined in the [TemplateSettings] section of the sandboxie.ini config file, such as the one that I think you defined for the profile folder location. And besides, shouldn't this setting point to TB's profile folder location as you have already defined it?

[JohnBox]

Questions, more than help...
"OpenFilePath=<gpg_programs>,%AppData%\Thunderbird"
You call this "portable" Thunderbird. Or, is it really just normal TB that's been set up so that multiple users each have their own profile?

I have set up TB Portable in this way for multiple users: http://forums.sandboxie.com/phpBB3/view ... =5&t=19374
and confirm that this is indeed the portable version from Portable Apps http://portableapps.com/apps/internet/t ... d_portable .

The above setting should specify the folder containing the "profiles.ini" file and the "Profiles" folder. Are those items really located underneath "%AppData%\Thunderbird" for each user?

No, they are located in various completely separate folders trees, each with their own TB portable instance root folder and each with their own e.g. tbportableUser1.exe in respective subfolders.

Code: Select all

[Template_Local_ThunderbirdUser1]
Tmpl.Title=ThunderbirdUser1
OpenFilePath=thunderbirdUser1.exe,%Tmpl.ThunderbirdUser1t%
Tmpl.Class=Local

So "OpenFilePath=<gpg_programs>,%AppData%\Thunderbird" would become "OpenFilePath=<gpg_programs>,%Tmpl.ThunderbirdUser1%" like below?

Code: Select all

[Template_Local_Thunderbird_PGP_User1]
Tmpl.Title=OpenPGP for Thunderbird Portable User1
OpenFilePath=<gpg_programs>,%AppData%\gnupg\
OpenFilePath=<gpg_programs>,%Tmpl.ThunderbirdUser1%
OpenFilePath=thunde~1.exe,%AppData%\gnupg
OpenFilePath=thunderbirduser.exe,%AppData%\gnupg
ProcessGroup=<gpg_programs>,gpg.exe,gpg2.exe,gpg-agent.exe
LingerProcess=gpg-agent.exe
Tmpl.Class=Local

I know that each user would have their own %AppData% folder, but I seem to recall that in a different forum thread you used Sandbox Settings > Applications > Folders to define the location of the Thunderbird profile folder for each user.

Yes, I have done this since they are in different root folders and defined the folders for each instance like so:

Code: Select all

[Template_Local_ThunderbirdUser1]
Tmpl.Title=ThunderbirdUser1
OpenFilePath=thunderbirdUser1.exe,%Tmpl.ThunderbirdUser1t%
Tmpl.Class=Local

Using the "Folders" setting would define the location for the profile folder under a [TemplateSettings] section in Sandboxie's configuration file.

Yes in the SBIE config file I have:

Code: Select all

[TemplateSettings]
Tmpl.ThunderbirdUser1.user=D:\SOFTWARE\THUNDERBIRD PORTABLE User1\NORMAL\Data\profile
Tmpl.ThunderbirdUser2.user=D:\SOFTWARE\THUNDERBIRD PORTABLE User2\NORMAL\Data\profile
Tmpl.ThunderbirdUser3.user=D:\SOFTWARE\THUNDERBIRD PORTABLE User3\NORMAL\Data\profile
etc.

"OpenFilePath=<gpg_programs>,%Tmpl.Thunderbird_User_PGP%"
Is the variable called "%Tmpl.Thunderbird_User_PGP%" defined anywhere in Sandboxie's configuration file?

Yes, I think this I have done by doing this:

Code: Select all

[Template_Local_Thunderbird_PGP_User1]
Tmpl.Title=OpenPGP for Thunderbird Portable User1
OpenFilePath=<gpg_programs>,%AppData%\gnupg\
OpenFilePath=<gpg_programs>,%Tmpl.ThunderbirdUser1%
OpenFilePath=thunde~1.exe,%AppData%\gnupg
OpenFilePath=thunderbirduser.exe,%AppData%\gnupg
ProcessGroup=<gpg_programs>,gpg.exe,gpg2.exe,gpg-agent.exe
LingerProcess=gpg-agent.exe
Tmpl.Class=Local

Normally, a user created variable would need to be defined in the [TemplateSettings] section of the sandboxie.ini config file, such as the one that I think you defined for the profile folder location. And besides, shouldn't this setting point to TB's profile folder location as you have already defined it?

So what do I need to define where and what leads to where please? At this point I am lost and find it hard to see what is going where.


I think I have defined things like above, now TB portable opens but does not throw any error messages any more, though Enigmail does not work, without throwing me error messages.

In the Folders section, do I need to define the folder for OpenPGP as well as for the local TB portable location? I think not, since I have already defined the TB portable location there in a Template so in the OpenPGP definition I simply write

Code: Select all

OpenFilePath=<gpg_programs>,%Tmpl.ThunderbirdUser1%

and that should point OpenPGP to the local Tb portable, no?

See the SBIE ini excerpt for User1 and User2 and if possible let me know where I need to define what for User1 to be able to run OpenPGP.

Code: Select all

[TemplateSettings]

Tmpl.ThunderbirdUser1.user=D:\SOFTWARE\THUNDERBIRD PORTABLE User1\NORMAL\Data\profile
Tmpl.ThunderbirdUser2.user=D:\SOFTWARE\THUNDERBIRD PORTABLE User2\NORMAL\Data\profile

[ThunderbirdUser1]

Enabled=y
ConfigLevel=7
Template=Local_Thunderbird_PGP_User1
Template=Local_ThunderbirdUser1
Template=AutoRecoverIgnore
Template=Firefox_Phishing_DirectAccess
Template=Chrome_Phishing_DirectAccess
Template=LingerPrograms
Template=BlockPorts
BorderColor=#FF0080
NeverDelete=n
DropAdminRights=y
NotifyStartRunAccessDenied=y
ProcessGroup=<StartRunAccess>,<ThunderbirdUser1>,SumatraPDF.exe,gpg.exe,gpg2.exe,gpg-agent.exe
ProcessGroup=<ThunderbirdUser1>,thunderbirdportableUser1.exe,thunderbirdUser1.exe
ProcessGroup=<InternetAccess>,<ThunderbirdUser1>
ClosedFilePath=!<InternetAccess>,InternetAccessDevices
ClosedFilePath=\Device\Mup\
NotifyInternetAccessDenied=n
BoxNameTitle=n
AutoDelete=y
ForceProcess=<ThunderbirdUser1>
ReadFilePath=C:\Windows\
RecoverFolder=D:\DOWNLOADS
AutoRecover=y
ClosedIpcPath=!<StartRunAccess>,*

[Template_Local_ThunderbirdUser1]

Tmpl.Title=ThunderbirdUser1
OpenFilePath=thunderbirdUser1.exe,%Tmpl.ThunderbirdUser1%
Tmpl.Class=Local

[ThunderbirdUser2]

Enabled=y
ConfigLevel=7
Template=Local_ThunderbirdUser2
Template=BlockPorts
Template=LingerPrograms
Template=Chrome_Phishing_DirectAccess
Template=Firefox_Phishing_DirectAccess
Template=AutoRecoverIgnore
BorderColor=#408000
NeverDelete=n
DropAdminRights=y
NotifyStartRunAccessDenied=y
ProcessGroup=<StartRunAccess>,<ThunderbirdUser2>,SumatraPDF.exe
ProcessGroup=<InternetAccess>,<ThunderbirdUser2>
ProcessGroup=<ThunderbirdUser2>,thunderbirdportableUser2.exe,thunderbirdUser2.exe
ClosedFilePath=!<InternetAccess>,InternetAccessDevices
ClosedFilePath=\Device\Mup\
NotifyInternetAccessDenied=n
BoxNameTitle=n
AutoDelete=y
ForceProcess=<ThunderbirdUser2>
CopyLimitKb=473304
ReadFilePath=C:\Windows\
RecoverFolder=D:\DOWNLOADS
AutoRecover=y
ClosedIpcPath=!<StartRunAccess>,*

[Template_Local_ThunderbirdUser2]

Tmpl.Title=ThunderbirdUser2
OpenFilePath=thunderbirdUser2.exe,%Tmpl.ThunderbirdUser2%
Tmpl.Class=Local

[Guest10]

Rather than try to quote my way through your 2 threads, trying to explain my reasoning, I'm going to try it this way.
Both TB and the gpg programs should have OpenFilePath settings to the user's TB profile folder.
Primarily, the gpg programs need to have access to the "Mail" sub-folder.
So, access to the entire profile folder will give them that access, and you have already defined the profile folder location for each user using Sandboxie's "Folders" setting.

Additional:
----
GnuPG Program files:
In Thunderbird's "Enigmail" menu > Preferences > Basic tab > Files and Directories:
Does it show that "GnuPG was found ..." in some folder, for each user when sandboxed?
The Enigmail add-on needs to know where the gpg.exe file is located.

If not, each user needs to "Browse" to and select it, because the location of gpg.exe must be stored in each user's TB profile folder.
The location is stored in the TB "prefs.js" file for each user.

This setting (from the template below):
OpenFilePath=thunderbirdUser1.exe,%Tmpl.ThunderbirdUser1%
will allow each sandboxed user to save the location of the gpg.exe program file in their own "prefs.js" file if GnuPG does not already show it as "found".
----
GnuPG "Home" folder:
I assume that you are using the portable version of the PGP software, from Portable Apps.
Otherwise, a "normal" install of GnuPG would be looking for the user's keyring files in a "home" folder at "C:\Users\(user)\AppData\Roaming\gnupg", instead of the sub-folder where the portable app stores the keyring files.
If you are using the Portable Apps PGP install, then this is likely OK.
----
This is what I would try, using one template that combines together the settings for TB and PGP:

Code: Select all

[Template_Local_Thunderbird_PGP_User1]
Tmpl.Title=OpenPGP for Thunderbird Portable User1
OpenFilePath=thunderbirdUser1.exe,%Tmpl.ThunderbirdUser1%
OpenFilePath=thunde~1.exe,%Tmpl.ThunderbirdUser1%
OpenFilePath=<gpg_programs>,%Tmpl.ThunderbirdUser1%
ProcessGroup=<gpg_programs>,gpg.exe,gpg2.exe,gpg-agent.exe
LingerProcess=gpg-agent.exe
Tmpl.Class=Local

The above template does not allow the safebrowsing anti-phishing files to be saved out of the sandbox if the safebrowsing folder is not stored underneath the TB profile folder.
That folder is normally stored at "C:\Users\(user)\AppData\Local\Thunderbird\Profiles\xxxxxxxx.default\safebrowsing" for a "normal" install of TB, but a portable install will probably put the "safebrowsing" folder under the TB profile folder.

So you should look to see if the "safebrowsing" sub-folder is located under the user's TB profile folder. If so, then that's OK since the setting:
"OpenFilePath=thunderbirdUser1.exe,%Tmpl.ThunderbirdUser1%"
will allow any updated anti-phishing files to be saved out of the sandbox.

[JohnBox]

Ha, I did not know there is a portable version of the PGP software, silly me for not looking that up prior to install, I thought it is so important and perhaps relies on being installed to the OS partition that I installed it to there directly. Will restore to an OS image without the PGP installed and get the portable version and THEN report back here to see if I get it running with your last reply. Great that you made me notice the PGP portable version!