Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

The Thunderbird extension

A MailExtension for self-service on a SithBit account: wallet login, mail password, timezone, do-not-disturb schedules, aliases, balances, and delegated encryption-key management. Everything that must be signed is signed inside the extension by a WebAssembly module compiled from this workspace’s own crates — the server only relays already-signed transactions and never holds your key.

Requires Thunderbird 140 or later.

What the operator must run

The extension talks only to account-api. For the aliases, balances, and encryption-key panes, the API needs its [chain] section configured (a mail-grpc gateway plus a Solana RPC endpoint — see the configuration reference); without it those panes report the surface as unavailable while login and the settings panes keep working.

Building and installing

cd webclients/thunderbird
./build.sh          # wasm-pack build + stages shared/ + zips the xpi

Install sithbit-thunderbird.xpi via Thunderbird’s Add-ons Manager (gear menu → Install Add-on From File). Thunderbird accepts self-built, unsigned xpi files permanently — no store listing is needed. For development, point Load Temporary Add-on (Tools → Developer Tools → Debug Add-ons) at thunderbird/staging/manifest.json.

The extension ships with host permissions for http://localhost / http://127.0.0.1 only. Pointing it at a remote API (extension options) prompts for that origin’s permission when you save.

The wallet and its passphrase

First open (the SithBit button in the spaces toolbar), the dashboard asks for your Solana keypair file — the JSON array of 64 numbers — and a passphrase. The keypair is encrypted with the passphrase (PBKDF2 + AES-GCM) before it is stored in the Thunderbird profile; the decrypted key lives only in memory and is gone when Thunderbird exits, so each restart asks for the passphrase again.

Login is a wallet challenge: the API issues a nonce, the extension signs it, and a day-long session token comes back. No password ever exists for login — your wallet is the account.

Panes

  • Balances — wallet SOL, on-chain mailbox message count, and a per-sender stamp lookup (stamp balances are held per sender, so there is no single “total stamps” number).
  • Aliases — every alias pointing at your wallet. Registration and transfer stay in the CLI.
  • Encryption key — publish, rotate, or close a delegated X25519 key. The transaction is built and signed in the extension’s wasm module and relayed through the API. Export the secret when it is shown — it appears exactly once, in the same JSON format sithbit mail get -x reads; mail sealed to an old key still needs that old key’s secret, so keep every export.
  • Settings — the mail password your IMAP/POP/SMTP client uses (username = wallet address) and your IANA timezone.
  • Do not disturb — weekly or date-range windows during which senders are asked to retry later, evaluated in your timezone.

Security notes

  • The wallet secret at rest is exactly as strong as your passphrase.
  • The session token authorizes account changes (password, timezone, DND) for up to 24 hours; on-chain actions additionally require the unlocked wallet, which never survives a restart.
  • The API relay cannot alter what you sign: transactions are built from the workspace’s own instruction encoders compiled to wasm, and a parity test pins them byte-for-byte to the CLI’s.