Bug 1603809 - Unified account preferences for S/MIME and OpenPGP. r=PatrickBrunschwig,mkmelin
authorKai Engert <kaie@kuix.de>
Thu, 05 Mar 2020 22:59:12 +0100
changeset 38518 586f1686ac4ba992fb059603fef073850926e39b
parent 38517 86329202745b8bdcae6aab6f72eacecea96b72bb
child 38519 b0232faeed8a3bc67763c31d2c7b3fcf31e2c162
push id400
push userclokep@gmail.com
push dateMon, 04 May 2020 18:56:09 +0000
reviewersPatrickBrunschwig, mkmelin
bugs1603809
Bug 1603809 - Unified account preferences for S/MIME and OpenPGP. r=PatrickBrunschwig,mkmelin Differential Revision: https://phabricator.services.mozilla.com/D65618
.eslintignore
mail/components/compose/content/MsgComposeCommands.js
mail/components/compose/content/messengercompose.xhtml
mail/extensions/am-e2e/AME2E.jsm
mail/extensions/am-e2e/am-e2e.inc.xhtml
mail/extensions/am-e2e/am-e2e.js
mail/extensions/am-e2e/am-e2e.xhtml
mail/extensions/am-e2e/components.conf
mail/extensions/am-e2e/moz.build
mail/extensions/am-e2e/prefs/e2e-prefs.js
mail/extensions/jar.mn
mail/extensions/moz.build
mail/extensions/openpgp/content/BondOpenPGP.jsm
mail/extensions/openpgp/content/am-enigprefs.xhtml
mail/extensions/openpgp/content/modules/amPrefsService.jsm
mail/extensions/openpgp/content/modules/keyObj.jsm
mail/extensions/openpgp/content/modules/keyRing.jsm
mail/extensions/openpgp/content/strings/am-enigprefs.properties
mail/extensions/openpgp/content/strings/enigmail.dtd
mail/extensions/openpgp/content/strings/enigmail.properties
mail/extensions/openpgp/content/ui/am-enigprefs.js
mail/extensions/openpgp/content/ui/commonWorkflows.js
mail/extensions/openpgp/content/ui/enigmailEditIdentity.js
mail/extensions/openpgp/content/ui/keyPicker.css
mail/extensions/openpgp/content/ui/keyPicker.ftl
mail/extensions/openpgp/content/ui/keyPicker.js
mail/extensions/openpgp/content/ui/keyPicker.xhtml
mail/extensions/openpgp/jar.mn
mail/extensions/openpgp/locale/jar.mn
mail/extensions/openpgp/moz.build
mail/extensions/openpgp/prefs/openpgp-prefs.js
mail/extensions/smime/jar.mn
mail/installer/package-manifest.in
mail/locales/en-US/chrome/messenger-smime/msgCompSMIMEOverlay.properties
mail/locales/en-US/chrome/messenger/am-e2e.properties
mail/locales/en-US/chrome/messenger/am-smime.dtd
mail/locales/en-US/chrome/messenger/am-smime.properties
mail/locales/jar.mn
mailnews/base/prefs/content/am-help.js
mailnews/base/prefs/content/am-identity-edit.xhtml
mailnews/extensions/smime/content/am-smime.inc.xhtml
mailnews/extensions/smime/content/am-smime.js
mailnews/extensions/smime/content/am-smime.xhtml
mailnews/extensions/smime/content/certpicker.xhtml
mailnews/extensions/smime/content/smime.js
mailnews/extensions/smime/moz.build
mailnews/extensions/smime/src/SMIMEService.jsm
mailnews/extensions/smime/src/components.conf
mailnews/extensions/smime/src/moz.build
--- a/.eslintignore
+++ b/.eslintignore
@@ -59,30 +59,29 @@ editor/ui/dialogs/content/EdLinkChecker.
 editor/ui/dialogs/content/EdSnapToGrid.js
 editor/ui/dialogs/content/EdSnapToGrid.xul
 editor/ui/texzilla/**
 
 # mailnews exclusions
 mailnews/mailnews.js
 mailnews/extensions/dsn/content/dsn.js
 mailnews/extensions/mdn/content/mdn.js
-mailnews/extensions/smime/content/smime.js
 
 # mail exclusions
 mail/app/profile/all-thunderbird.js
 mail/app/profile/channel-prefs.js
 mail/base/content/protovis-r2.6-modded.js
 mail/branding/nightly/thunderbird-branding.js
 mail/branding/thunderbird/thunderbird-branding.js
 # This file is split into two in order to keep it as a valid json file
 # for documentation purposes (policies.json) but to be accessed by the
 # code as a .jsm (schema.jsm)
 mail/components/enterprisepolicies/schemas/schema.jsm
 mail/components/im/all-im.js
-mail/extensions/openpgp/prefs/openpgp-prefs.js
+mail/extensions/am-e2e/prefs/e2e-prefs.js
 mail/locales/en-US/all-l10n.js
 mail/components/compose/texzilla/**
 mail/components/compose/composer.js
 
 # exclude MailConstants.jsm because: #filter subtitution
 mail/base/modules/MailConstants.jsm
 
 # calendar/ exclusions
--- a/mail/components/compose/content/MsgComposeCommands.js
+++ b/mail/components/compose/content/MsgComposeCommands.js
@@ -1551,32 +1551,32 @@ function InitFileSaveAsMenu() {
   document
     .getElementById("cmd_saveAsDraft")
     .setAttribute("checked", defaultSaveOperation == "draft");
   document
     .getElementById("cmd_saveAsTemplate")
     .setAttribute("checked", defaultSaveOperation == "template");
 }
 
+function isSmimeSigningConfigured() {
+  return !!gCurrentIdentity.getUnicharAttribute("signing_cert_name");
+}
+
+function isSmimeEncryptionConfigured() {
+  return !!gCurrentIdentity.getUnicharAttribute("encryption_cert_name");
+}
+
+function isPgpConfigured() {
+  return !!gCurrentIdentity.getUnicharAttribute("openpgp_key_id");
+}
+
 function toggleGlobalSignMessage() {
   gSendSigned = !gSendSigned;
   gUserTouchedSendSigned = true;
   setEncSigStatusUI();
-
-  /*
-  if (gSMFields.signMessage) // make sure we have a cert name...
-  {
-    if (!gCurrentIdentity.getUnicharAttribute("signing_cert_name"))
-    {
-      gSMFields.signMessage = false;
-      showSMNeedSetupInfo();
-      return;
-    }
-  }
-  */
 }
 
 function setGlobalEncryptMessage(mode) {
   let oldSendEnc = gSendEncrypted;
   let oldOptEnc = gOptionalEncryption;
 
   switch (mode) {
     case 0:
@@ -1595,67 +1595,87 @@ function setGlobalEncryptMessage(mode) {
       return;
   }
 
   if (oldSendEnc != gSendEncrypted || oldOptEnc != gOptionalEncryption) {
     gUserTouchedSendEncrypted = true;
   }
 
   setEncSigStatusUI();
-
-  /*
-  if (gSMFields.requireEncryptMessage)
-  {
-    // Make sure we have a cert.
-    if (!gCurrentIdentity.getUnicharAttribute("encryption_cert_name"))
-    {
-      gSMFields.requireEncryptMessage = false;
-      showSMNeedSetupInfo();
-      return;
-    }
-  }
-  */
 }
 
 function toggleAttachMyPublicKey() {
   gAttachMyPublicPGPKey = !gAttachMyPublicPGPKey;
   gUserTouchedAttachMyPubKey = true;
 }
 
 function setSecuritySettings(menu_id) {
-  document
-    .getElementById("menu_securityEncryptDisable" + menu_id)
-    .setAttribute("checked", !gSendEncrypted && !gOptionalEncryption);
+  let enc0Item = document.getElementById(
+    "menu_securityEncryptDisable" + menu_id
+  );
+  enc0Item.checked = !gSendEncrypted && !gOptionalEncryption;
   /*
-  document
-    .getElementById("menu_securityEncryptOptional" + menu_id)
-    .setAttribute("checked", gSendEncrypted && gOptionalEncryption);
+  let enc1Item = document
+    .getElementById("menu_securityEncryptOptional" + menu_id);
+  enc1Item.checked = (gSendEncrypted && gOptionalEncryption);
   */
-  document
-    .getElementById("menu_securityEncryptRequire" + menu_id)
-    .setAttribute("checked", gSendEncrypted && !gOptionalEncryption);
-
-  document
-    .getElementById("menu_securitySign" + menu_id)
-    .setAttribute("checked", gSendSigned);
+  let enc2Item = document.getElementById(
+    "menu_securityEncryptRequire" + menu_id
+  );
+  enc2Item.checked = gSendEncrypted && !gOptionalEncryption;
+
+  let sigItem = document.getElementById("menu_securitySign" + menu_id);
+  sigItem.checked = gSendSigned;
+
+  let disableSig = false;
+  let disableEnc = false;
+
+  if (MailConstants.MOZ_OPENPGP && gSelectedTechnologyIsPGP) {
+    if (!isPgpConfigured()) {
+      disableSig = true;
+      disableEnc = true;
+    }
+  } else {
+    if (!isSmimeSigningConfigured()) {
+      disableSig = true;
+    }
+    if (!isSmimeEncryptionConfigured()) {
+      disableEnc = true;
+    }
+  }
+
+  enc0Item.disabled = disableEnc;
+  //enc1Item.disabled = disableEnc;
+  enc2Item.disabled = disableEnc;
+
+  sigItem.disabled = disableSig;
 
   if (MailConstants.MOZ_OPENPGP) {
-    document
-      .getElementById("encTech_OpenPGP" + menu_id)
-      .setAttribute("checked", gSelectedTechnologyIsPGP);
-    document
-      .getElementById("encTech_SMIME" + menu_id)
-      .setAttribute("checked", !gSelectedTechnologyIsPGP);
+    let pgpItem = document.getElementById("encTech_OpenPGP" + menu_id);
+
+    let smimeItem = document.getElementById("encTech_SMIME" + menu_id);
+
+    pgpItem.checked = gSelectedTechnologyIsPGP;
+    smimeItem.checked = !gSelectedTechnologyIsPGP;
+
+    smimeItem.disabled =
+      !isSmimeSigningConfigured() && !isSmimeEncryptionConfigured();
+
+    pgpItem.disabled = !isPgpConfigured();
 
     let sep = document.getElementById("myPublicKeySeparator" + menu_id);
     let box = document.getElementById("menu_securityMyPublicKey" + menu_id);
 
     sep.setAttribute("hidden", !gSelectedTechnologyIsPGP);
     box.setAttribute("hidden", !gSelectedTechnologyIsPGP);
-    box.setAttribute("checked", gAttachMyPublicPGPKey);
+    box.checked = gAttachMyPublicPGPKey;
+
+    if (gSelectedTechnologyIsPGP) {
+      box.disabled = disableEnc;
+    }
   }
 }
 
 function showMessageComposeSecurityStatus() {
   Recipients2CompFields(gMsgCompose.compFields);
 
   window.openDialog(
     "chrome://messenger-smime/content/msgCompSecurityInfo.xhtml",
@@ -1669,41 +1689,16 @@ function showMessageComposeSecurityStatu
         gCurrentIdentity.getUnicharAttribute("signing_cert_name") != "",
       isEncryptionCertAvailable:
         gCurrentIdentity.getUnicharAttribute("encryption_cert_name") != "",
       currentIdentity: gCurrentIdentity,
     }
   );
 }
 
-function showSMNeedSetupInfo() {
-  let compSmimeBundle = document.getElementById("bundle_comp_smime");
-  let brandBundle = document.getElementById("brandBundle");
-  if (!compSmimeBundle || !brandBundle) {
-    return;
-  }
-
-  let buttonPressed = Services.prompt.confirmEx(
-    window,
-    brandBundle.getString("brandShortName"),
-    compSmimeBundle.getString("NeedSetup"),
-    Services.prompt.STD_YES_NO_BUTTONS,
-    0,
-    0,
-    0,
-    null,
-    {}
-  );
-  if (buttonPressed == 0) {
-    let servers = MailServices.accounts.getServersForIdentity(gCurrentIdentity);
-    let server = servers.queryElementAt(0, Ci.nsIMsgIncomingServer);
-    MsgAccountManager("am-smime.xhtml", server);
-  }
-}
-
 function openEditorContextMenu(popup) {
   gSpellChecker.clearSuggestionsFromMenu();
   gSpellChecker.initFromEvent(
     document.popupRangeParent,
     document.popupRangeOffset
   );
   var onMisspelling = gSpellChecker.overMisspelling;
   document.getElementById(
--- a/mail/components/compose/content/messengercompose.xhtml
+++ b/mail/components/compose/content/messengercompose.xhtml
@@ -51,17 +51,16 @@
         macanimationtype="document"
         chromemargin="0,-1,-1,-1"
 #endif
         fullscreenbutton="true">
 
   <stringbundle id="bundle_composeMsgs" src="chrome://messenger/locale/messengercompose/composeMsgs.properties"/>
   <stringbundle id="bundle_messenger" src="chrome://messenger/locale/messenger.properties"/>
   <stringbundle id="brandBundle" src="chrome://branding/locale/brand.properties"/>
-  <stringbundle id="bundle_comp_smime" src="chrome://messenger-smime/locale/msgCompSMIMEOverlay.properties"/>
   <stringbundle id="charsetBundle" src="chrome://communicator/content/labelsencodings.properties"/>
 
 <linkset>
   <html:link rel="localization" href="messenger/messengercompose/messengercompose.ftl"/>
   <html:link rel="localization" href="toolkit/main-window/findbar.ftl"/>
   <html:link rel="localization" href="toolkit/global/textActions.ftl"/>
   <html:link rel="localization" href="messenger/menubar.ftl"/>
 </linkset>
rename from mailnews/extensions/smime/src/SMIMEService.jsm
rename to mail/extensions/am-e2e/AME2E.jsm
--- a/mailnews/extensions/smime/src/SMIMEService.jsm
+++ b/mail/extensions/am-e2e/AME2E.jsm
@@ -1,19 +1,19 @@
 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-var EXPORTED_SYMBOLS = ["SMIMEService"];
+var EXPORTED_SYMBOLS = ["E2EService"];
 
-function SMIMEService() {}
+function E2EService() {}
 
-SMIMEService.prototype = {
-  name: "smime",
+E2EService.prototype = {
+  name: "e2e",
   chromePackageName: "messenger",
   showPanel(server) {
     // don't show the panel for news, rss, or local accounts
     return (
       server.type != "nntp" &&
       server.type != "rss" &&
       server.type != "im" &&
       server.type != "none"
rename from mailnews/extensions/smime/content/am-smime.inc.xhtml
rename to mail/extensions/am-e2e/am-e2e.inc.xhtml
--- a/mailnews/extensions/smime/content/am-smime.inc.xhtml
+++ b/mail/extensions/am-e2e/am-e2e.inc.xhtml
@@ -1,100 +1,162 @@
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
-    <vbox id="smimeEditing">
+#ifdef MOZ_OPENPGP
+<script src="chrome://openpgp/content/BondOpenPGP.jsm"/>
+#endif
 
-      <stringbundle id="bundle_smime" src="chrome://messenger/locale/am-smime.properties"/>
+    <vbox id="e2eEditing">
+
+      <stringbundle id="bundle_e2e" src="chrome://messenger/locale/am-smime.properties"/>
       <stringbundle id="bundle_brand" src="chrome://branding/locale/brand.properties"/>
 
-      <label hidden="true" wsm_persist="true" id="identity.encryptionpolicy"/>
+      <label hidden="true" wsm_persist="true" id="identity_encryptionpolicy"/>
+      <label hidden="true" wsm_persist="true" id="identity_e2etechpref"/>
 
-      <description>&securityHeading.label;</description>
+      <vbox>
+        <description flex="1">&e2eIntro.description;</description>
+        <label is="text-link" id="acceptLearnMoreE2E"
+               href="https://support.mozilla.org/kb/introduction-to-e2e-encryption"
+               value="&e2eLearnMore.label;"/>
+      </vbox>
+
+#ifdef MOZ_OPENPGP
+      <html:fieldset id="openpgpOptions">
+        <html:legend>&openpgpKeys.label;</html:legend>
 
-      <html:fieldset id="signing.titlebox">
-        <html:legend>&signingGroupTitle.label;</html:legend>
+        <label id="identity_openpgp_key_nameLabel"
+               value="&openpgpKey.message;" control="identity_openpgp_key_id"/>
+        <hbox align="center" class="input-container">
+          <html:input id="identity_openpgp_key_id" type="text"
+                      class="input-inline"
+                      readonly="readonly"
+                      disabled="disabled"
+                      aria-labelledby="identity_openpgp_key_nameLabel"
+                      wsm_persist="true"
+                      prefstring="mail.identity.%identitykey%.openpgp_key_id"/>
 
-        <label id="identity.signing_cert_nameLabel"
-               value="&signingCert.message;" control="identity.signing_cert_name"
+          <button id="openpgpKeySelectButton"
+                  label="&openpgpKey.button;"
+                  accesskey="&openpgpKey.accesskey;"
+                  oncommand="pgpSelectKey('identity_openpgp_key_id')"/>
+          <button id="openpgpKeyClearButton"
+                  label="&encryption.certificate_clear.button;"
+                  oncommand="pgpClearKey('identity_openpgp_key_id')"/>
+        </hbox>
+
+        <hbox align="right">
+          <button id="openOpenPGPKeyManagerButton" oncommand="BondOpenPGP.openKeyManager(window);"
+                  label="&manageKeys.label;"/>
+        </hbox>
+      </html:fieldset>
+#endif
+
+      <html:fieldset id="smimeOptions">
+        <html:legend>&certificates2.label;</html:legend>
+
+        <label id="identity_signing_cert_nameLabel"
+               value="&signingCert2.message;" control="identity_signing_cert_name"
                prefstring="mail.identity.%identitykey%.encryptionpolicy"/>
 
         <hbox align="center" class="input-container">
-          <html:input id="identity.signing_cert_name" type="text"
+          <html:input id="identity_signing_cert_name" type="text"
                       class="input-inline"
                       readonly="readonly"
                       disabled="disabled"
-                      aria-labelledby="identity.signing_cert_nameLabel"
+                      aria-labelledby="identity_signing_cert_nameLabel"
                       wsm_persist="true"
                       prefstring="mail.identity.%identitykey%.signing_cert_name"/>
 
           <button id="signingCertSelectButton"
                   label="&digitalSign.certificate.button;"
                   accesskey="&digitalSign.certificate.accesskey;"
-                  oncommand="smimeSelectCert('identity.signing_cert_name')"/>
+                  oncommand="smimeSelectCert('identity_signing_cert_name')"/>
 
           <button id="signingCertClearButton"
                   label="&digitalSign.certificate_clear.button;"
                   accesskey="&digitalSign.certificate_clear.accesskey;"
-                  oncommand="smimeClearCert('identity.signing_cert_name')"/>
+                  oncommand="smimeClearCert('identity_signing_cert_name')"/>
         </hbox>
 
-        <separator class="thin"/>
-
-        <checkbox id="identity.sign_mail" wsm_persist="true"
-                  prefstring="mail.identity.%identitykey%.sign_mail"
-                  label="&signMessage.label;" accesskey="&signMessage.accesskey;"/>
-      </html:fieldset>
-
-      <html:fieldset id="encryption.titlebox">
-        <html:legend>&encryptionGroupTitle.label;</html:legend>
-
-        <label value="&encryptionCert.message;"
-               control="identity.encryption_cert_name"/>
+        <label value="&encryptionCert2.message;"
+               control="identity_encryption_cert_name"/>
 
         <hbox align="center" class="input-container">
-          <html:input id="identity.encryption_cert_name" type="text"
+          <html:input id="identity_encryption_cert_name" type="text"
                       class="input-inline"
                       readonly="readonly"
                       disabled="disabled"
                       wsm_persist="true"
                       prefstring="mail.identity.%identitykey%.encryption_cert_name"/>
 
           <button id="encryptionCertSelectButton"
                   label="&encryption.certificate.button;"
                   accesskey="&encryption.certificate.accesskey;"
-                  oncommand="smimeSelectCert('identity.encryption_cert_name')"/>
+                  oncommand="smimeSelectCert('identity_encryption_cert_name')"/>
 
           <button id="encryptionCertClearButton"
                   label="&encryption.certificate_clear.button;"
                   accesskey="&encryption.certificate_clear.accesskey;"
-                  oncommand="smimeClearCert('identity.encryption_cert_name')"/>
+                  oncommand="smimeClearCert('identity_encryption_cert_name')"/>
         </hbox>
 
+        <hbox align="right">
+          <button id="openCertManagerButton" oncommand="openCertManager();"
+                  label="&manageCerts3.label;" accesskey="&manageCerts3.accesskey;"/>
+          <button id="openDeviceManagerButton" oncommand="openDeviceManager();"
+                  label="&manageDevices2.label;" accesskey="&manageDevices2.accesskey;"/>
+        </hbox>
+
+      </html:fieldset>
+
+      <html:legend>&sendingDefaults.label;</html:legend>
+
+      <html:fieldset id="encryption_titlebox">
+        <description flex="1">&e2eEnc.description;</description>
+
         <separator class="thin"/>
 
-        <label value="&encryptionChoiceLabel.label;" control="encryptionChoices"/>
+        <radiogroup id="encryptionChoices">
+          <radio id="encrypt_no" wsm_persist="true" value="0"
+                 label="&doNotEncrypt.label;"
+                 accesskey="&doNotEncrypt.accesskey;"/>
+          <!--
+          <radio id="encrypt_allow" wsm_persist="true" value="1"
+                 label=""/>
+          -->
+          <radio id="encrypt_require" wsm_persist="true" value="2"
+                 label="&requireEncryptMessage.label;"
+                 accesskey="&requireEncryptMessage.accesskey;"/>
+        </radiogroup>
 
-        <radiogroup id="encryptionChoices">
-          <radio id="encrypt_mail_never" wsm_persist="true" value="0"
-                 label="&neverEncrypt.label;"
-                 accesskey="&neverEncrypt.accesskey;"/>
-
-          <radio id="encrypt_mail_always" wsm_persist="true" value="2"
-                 label="&alwaysEncryptMessage.label;"
-                 accesskey="&alwaysEncryptMessage.accesskey;"/>
-        </radiogroup>
+        <description flex="1">&e2eeReqWarning.description;</description>
       </html:fieldset>
 
-      <!-- Certificate manager -->
-      <html:fieldset id="smimeCertificateManager">
-        <html:legend>&certificates.label;</html:legend>
-        <hbox>
-          <button id="openCertManagerButton" oncommand="openCertManager();"
-                  label="&manageCerts2.label;" accesskey="&manageCerts2.accesskey;"
-                  prefstring="security.disable_button.openCertManager"/>
-          <button id="openDeviceManagerButton" oncommand="openDeviceManager();"
-                  label="&manageDevices.label;" accesskey="&manageDevices.accesskey;"
-                  prefstring="security.disable_button.openDeviceManager"/>
-        </hbox>
+      <separator/>
+      <separator/>
+
+      <html:fieldset id="signing_titlebox">
+        <description flex="1">&e2eSigning.description;</description>
+        <checkbox id="identity_sign_mail" wsm_persist="true"
+                  prefstring="mail.identity.%identitykey%.sign_mail"
+                  label="&signMessage2.label;" accesskey="&signMessage.accesskey;"/>
       </html:fieldset>
+
+#ifdef MOZ_OPENPGP
+      <separator/>
+      <html:fieldset id="technology_titlebox">
+        <description>&e2eTechPref.description;</description>
+        <radiogroup id="technologyChoices">
+          <radio id="technology_automatic" wsm_persist="true" value="0"
+                 label="&technologyAutomatic.label;"/>
+
+          <radio id="technology_prefer_openpgp" wsm_persist="true" value="2"
+                 label="&technologyOpenPGP.label;"/>
+
+          <radio id="technology_prefer_smime" wsm_persist="true" value="1"
+                 label="&technologySMIME.label;"/>
+        </radiogroup>
+      </html:fieldset>
+#endif
     </vbox>
rename from mailnews/extensions/smime/content/am-smime.js
rename to mail/extensions/am-e2e/am-e2e.js
--- a/mailnews/extensions/smime/content/am-smime.js
+++ b/mail/extensions/am-e2e/am-e2e.js
@@ -1,84 +1,112 @@
 /* -*- Mode: Java; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 var { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm");
+var { MailConstants } = ChromeUtils.import(
+  "resource:///modules/MailConstants.jsm"
+);
+
+if (MailConstants.MOZ_OPENPGP) {
+  var { EnigmailKeyRing } = ChromeUtils.import(
+    "chrome://openpgp/content/modules/keyRing.jsm"
+  );
+}
 
 var nsIX509CertDB = Ci.nsIX509CertDB;
 var nsX509CertDBContractID = "@mozilla.org/security/x509certdb;1";
 var nsIX509Cert = Ci.nsIX509Cert;
 
 var email_signing_cert_usage = 4; // SECCertUsage.certUsageEmailSigner
 var email_recipient_cert_usage = 5; // SECCertUsage.certUsageEmailRecipient
 
 var gIdentity;
-var gPref = null;
 var gEncryptionCertName = null;
 var gHiddenEncryptionPolicy = null;
 var gEncryptionChoices = null;
 var gSignCertName = null;
+var gTechChoices = null;
+var gHiddenTechPref = null;
 var gSignMessages = null;
-var gEncryptAlways = null;
-var gNeverEncrypt = null;
+var gRequireEncrypt = null;
+var gDoNotEncrypt = null;
+var gKeyId = null;
 var gBundle = null;
 var gBrandBundle;
 var gSmimePrefbranch;
-var gEncryptionChoicesLocked;
-var gSigningChoicesLocked;
-var kEncryptionCertPref = "identity.encryption_cert_name";
-var kSigningCertPref = "identity.signing_cert_name";
+var kEncryptionCertPref = "identity_encryption_cert_name";
+var kSigningCertPref = "identity_signing_cert_name";
+var kOpenPGPKeyPref = "identity_openpgp_key_id";
+
+var gTechAuto = null;
+var gTechPrefOpenPGP = null;
+var gTechPrefSMIME = null;
 
 function onInit() {
-  smimeInitializeFields();
+  e2eInitializeFields();
 }
 
-function smimeInitializeFields() {
+function e2eInitializeFields() {
   // initialize all of our elements based on the current identity values....
   gEncryptionCertName = document.getElementById(kEncryptionCertPref);
   gHiddenEncryptionPolicy = document.getElementById(
-    "identity.encryptionpolicy"
+    "identity_encryptionpolicy"
   );
+  gHiddenTechPref = document.getElementById("identity_e2etechpref");
   gEncryptionChoices = document.getElementById("encryptionChoices");
   gSignCertName = document.getElementById(kSigningCertPref);
-  gSignMessages = document.getElementById("identity.sign_mail");
-  gEncryptAlways = document.getElementById("encrypt_mail_always");
-  gNeverEncrypt = document.getElementById("encrypt_mail_never");
-  gBundle = document.getElementById("bundle_smime");
+  gSignMessages = document.getElementById("identity_sign_mail");
+  gRequireEncrypt = document.getElementById("encrypt_require");
+  gDoNotEncrypt = document.getElementById("encrypt_no");
+  gBundle = document.getElementById("bundle_e2e");
   gBrandBundle = document.getElementById("bundle_brand");
 
-  gEncryptionChoicesLocked = false;
-  gSigningChoicesLocked = false;
+  if (MailConstants.MOZ_OPENPGP) {
+    gTechChoices = document.getElementById("technologyChoices");
+    gKeyId = document.getElementById(kOpenPGPKeyPref);
+    gTechAuto = document.getElementById("technology_automatic");
+    gTechPrefOpenPGP = document.getElementById("technology_prefer_openpgp");
+    gTechPrefSMIME = document.getElementById("technology_prefer_smime");
+  }
 
   if (!gIdentity) {
     // The user is going to create a new identity.
     // Set everything to default values.
     // Do not take over the values from gAccount.defaultIdentity
     // as the new identity is going to have a different mail address.
 
     gEncryptionCertName.value = "";
     gEncryptionCertName.displayName = "";
     gEncryptionCertName.dbKey = "";
 
     gSignCertName.value = "";
     gSignCertName.displayName = "";
     gSignCertName.dbKey = "";
 
-    gEncryptAlways.setAttribute("disabled", true);
-    gNeverEncrypt.setAttribute("disabled", true);
-    gSignMessages.setAttribute("disabled", true);
+    gKeyId.value = "";
+
+    gRequireEncrypt.disabled = true;
+    gDoNotEncrypt.disabled = true;
+    gSignMessages.disabled = true;
 
     gSignMessages.checked = false;
     gEncryptionChoices.value = 0;
+    if (MailConstants.MOZ_OPENPGP) {
+      gTechChoices.value = 0;
+    }
   } else {
     var certdb = Cc[nsX509CertDBContractID].getService(nsIX509CertDB);
     var x509cert = null;
 
+    if (MailConstants.MOZ_OPENPGP) {
+      gKeyId.value = gIdentity.getUnicharAttribute("openpgp_key_id");
+    }
     gEncryptionCertName.value = gIdentity.getUnicharAttribute(
       "encryption_cert_name"
     );
     gEncryptionCertName.dbKey = gIdentity.getCharAttribute(
       "encryption_cert_dbkey"
     );
     // If we succeed in looking up the certificate by the dbkey pref, then
     // append the serial number " [...]" to the display value, and remember the
@@ -91,23 +119,24 @@ function smimeInitializeFields() {
       ) {
         gEncryptionCertName.value =
           x509cert.displayName + " [" + x509cert.serialNumber + "]";
         gEncryptionCertName.displayName = x509cert.displayName;
       }
     } catch (e) {}
 
     gEncryptionChoices.value = gIdentity.getIntAttribute("encryptionpolicy");
+    if (MailConstants.MOZ_OPENPGP) {
+      gTechChoices.value = gIdentity.getIntAttribute("e2etechpref");
+    }
 
-    if (!gEncryptionCertName.value) {
-      gEncryptAlways.setAttribute("disabled", true);
-      gNeverEncrypt.setAttribute("disabled", true);
-    } else {
-      enableEncryptionControls(true);
-    }
+    let enableEnc = gEncryptionCertName.value || gKeyId.value;
+    gRequireEncrypt.disabled = !enableEnc;
+    gDoNotEncrypt.disabled = !enableEnc;
+    enableEncryptionControls(enableEnc);
 
     gSignCertName.value = gIdentity.getUnicharAttribute("signing_cert_name");
     gSignCertName.dbKey = gIdentity.getCharAttribute("signing_cert_dbkey");
     x509cert = null;
     // same procedure as with gEncryptionCertName (see above)
     try {
       if (
         certdb &&
@@ -116,48 +145,53 @@ function smimeInitializeFields() {
       ) {
         gSignCertName.value =
           x509cert.displayName + " [" + x509cert.serialNumber + "]";
         gSignCertName.displayName = x509cert.displayName;
       }
     } catch (e) {}
 
     gSignMessages.checked = gIdentity.getBoolAttribute("sign_mail");
-    if (!gSignCertName.value) {
-      gSignMessages.setAttribute("disabled", true);
-    } else {
-      enableSigningControls(true);
-    }
+
+    let enableSig = gSignCertName.value || gKeyId.value;
+    gSignMessages.disabled = !enableSig;
+    enableSigningControls(enableSig);
   }
 
-  // Always start with enabling signing and encryption cert select buttons.
+  // Always start with enabling select buttons.
   // This will keep the visibility of buttons in a sane state as user
   // jumps from security panel of one account to another.
-  enableCertSelectButtons();
-
-  // Disable all locked elements on the panel
-  if (gIdentity) {
-    onLockPreference();
-  }
+  enableSelectButtons();
+  updateTechPref();
 }
 
 function onPreInit(account, accountValues) {
   gIdentity = account.defaultIdentity;
 }
 
 function onSave() {
-  smimeSave();
+  e2eSave();
   window.dispatchEvent(new CustomEvent("prefchange"));
 }
 
-function smimeSave() {
+function e2eSave() {
   // find out which radio for the encryption radio group is selected and set that on our hidden encryptionChoice pref....
   var newValue = gEncryptionChoices.value;
   gHiddenEncryptionPolicy.setAttribute("value", newValue);
   gIdentity.setIntAttribute("encryptionpolicy", newValue);
+
+  if (MailConstants.MOZ_OPENPGP) {
+    newValue = gTechChoices.value;
+    gHiddenTechPref.setAttribute("value", newValue);
+    gIdentity.setIntAttribute("e2etechpref", newValue);
+  }
+
+  if (MailConstants.MOZ_OPENPGP) {
+    gIdentity.setUnicharAttribute("openpgp_key_id", gKeyId.value);
+  }
   gIdentity.setUnicharAttribute(
     "encryption_cert_name",
     gEncryptionCertName.displayName || gEncryptionCertName.value
   );
   gIdentity.setCharAttribute(
     "encryption_cert_dbkey",
     gEncryptionCertName.dbKey
   );
@@ -165,82 +199,18 @@ function smimeSave() {
   gIdentity.setBoolAttribute("sign_mail", gSignMessages.checked);
   gIdentity.setUnicharAttribute(
     "signing_cert_name",
     gSignCertName.displayName || gSignCertName.value
   );
   gIdentity.setCharAttribute("signing_cert_dbkey", gSignCertName.dbKey);
 }
 
-function smimeOnAcceptEditor(event) {
-  smimeSave();
-}
-
-function onLockPreference() {
-  var initPrefString = "mail.identity";
-  var finalPrefString;
-
-  var allPrefElements = [
-    { prefstring: "signingCertSelectButton", id: "signingCertSelectButton" },
-    {
-      prefstring: "encryptionCertSelectButton",
-      id: "encryptionCertSelectButton",
-    },
-    { prefstring: "sign_mail", id: "identity.sign_mail" },
-    { prefstring: "encryptionpolicy", id: "encryptionChoices" },
-  ];
-
-  finalPrefString = initPrefString + "." + gIdentity.key + ".";
-  gSmimePrefbranch = Services.prefs.getBranch(finalPrefString);
-
-  disableIfLocked(allPrefElements);
-}
-
-// Does the work of disabling an element given the array which contains xul id/prefstring pairs.
-// Also saves the id/locked state in an array so that other areas of the code can avoid
-// stomping on the disabled state indiscriminately.
-function disableIfLocked(prefstrArray) {
-  for (let i = 0; i < prefstrArray.length; i++) {
-    var id = prefstrArray[i].id;
-    var element = document.getElementById(id);
-    if (gSmimePrefbranch.prefIsLocked(prefstrArray[i].prefstring)) {
-      // If encryption choices radio group is locked, make sure the individual
-      // choices in the group are locked. Set a global (gEncryptionChoicesLocked)
-      // indicating the status so that locking can be maintained further.
-      if (id == "encryptionChoices") {
-        document
-          .getElementById("encrypt_mail_never")
-          .setAttribute("disabled", "true");
-        document
-          .getElementById("encrypt_mail_always")
-          .setAttribute("disabled", "true");
-        gEncryptionChoicesLocked = true;
-      }
-      // If option to sign mail is locked (with true/false set in config file), disable
-      // the corresponding checkbox and set a global (gSigningChoicesLocked) in order to
-      // honor the locking as user changes other elements on the panel.
-      if (id == "identity.sign_mail") {
-        document
-          .getElementById("identity.sign_mail")
-          .setAttribute("disabled", "true");
-        gSigningChoicesLocked = true;
-      } else {
-        element.setAttribute("disabled", "true");
-        if (id == "signingCertSelectButton") {
-          document
-            .getElementById("signingCertClearButton")
-            .setAttribute("disabled", "true");
-        } else if (id == "encryptionCertSelectButton") {
-          document
-            .getElementById("encryptionCertClearButton")
-            .setAttribute("disabled", "true");
-        }
-      }
-    }
-  }
+function e2eOnAcceptEditor(event) {
+  e2eSave();
 }
 
 function alertUser(message) {
   Services.prompt.alert(
     window,
     gBrandBundle.getString("brandShortName"),
     message
   );
@@ -308,16 +278,58 @@ function checkOtherCert(
   if (userWantsSameCert) {
     otherCertInfo.value = cert.displayName + " [" + cert.serialNumber + "]";
     otherCertInfo.displayName = cert.displayName;
     otherCertInfo.dbKey = cert.dbKey;
     enabler(true);
   }
 }
 
+function pgpSelectKey(pgp_key) {
+  if (!MailConstants.MOZ_OPENPGP) {
+    return;
+  }
+
+  var keyInfo = document.getElementById(pgp_key);
+  if (!keyInfo) {
+    return;
+  }
+
+  let result = {};
+  EnigmailKeyRing.getAllSecretKeysByEmail(gIdentity.email, result);
+
+  let params = {
+    keys: result.all,
+    identity: gIdentity.fullAddress,
+    canceled: true,
+    index: -1,
+  };
+
+  window.docShell.rootTreeItem.domWindow.openDialog(
+    "chrome://openpgp/content/ui/keyPicker.xhtml",
+    "",
+    "dialog,close,titlebar,modal,resizable",
+    params
+  );
+
+  if (params.canceled) {
+    return;
+  }
+
+  keyInfo.value = result.all[params.index].keyId;
+  keyInfo.displayName = result.all[params.index].keyId;
+
+  enableEncryptionControls(true);
+  enableSigningControls(true);
+
+  updateTechPref();
+  enableSelectButtons();
+  onSave();
+}
+
 function smimeSelectCert(smime_cert) {
   var certInfo = document.getElementById(smime_cert);
   if (!certInfo) {
     return;
   }
 
   var picker = Cc["@mozilla.org/user_cert_picker;1"].createInstance(
     Ci.nsIUserCertPicker
@@ -364,17 +376,17 @@ function smimeSelectCert(smime_cert) {
       } else {
         alertUser(
           gBundle.getString(
             selectEncryptionCert ? "NoEncryptionCert" : "NoSigningCert"
           )
         );
       }
     } else {
-      certInfo.removeAttribute("disabled");
+      certInfo.disabled = false;
       certInfo.value =
         x509cert.displayName + " [" + x509cert.serialNumber + "]";
       certInfo.displayName = x509cert.displayName;
       certInfo.dbKey = x509cert.dbKey;
 
       if (selectEncryptionCert) {
         enableEncryptionControls(true);
 
@@ -398,105 +410,131 @@ function smimeSelectCert(smime_cert) {
           "encryption_wantSame",
           "encryption_needCertWantToSelect",
           enableEncryptionControls
         );
       }
     }
   }
 
-  enableCertSelectButtons();
+  updateTechPref();
+  enableSelectButtons();
+  onSave();
 }
 
 function enableEncryptionControls(do_enable) {
-  if (gEncryptionChoicesLocked) {
-    return;
-  }
-
-  if (do_enable) {
-    gEncryptAlways.removeAttribute("disabled");
-    gNeverEncrypt.removeAttribute("disabled");
-    gEncryptionCertName.removeAttribute("disabled");
-  } else {
-    gEncryptAlways.setAttribute("disabled", "true");
-    gNeverEncrypt.setAttribute("disabled", "true");
-    gEncryptionCertName.setAttribute("disabled", "true");
+  gRequireEncrypt.disabled = !do_enable;
+  gDoNotEncrypt.disabled = !do_enable;
+  if (!do_enable) {
     gEncryptionChoices.value = 0;
   }
 }
 
 function enableSigningControls(do_enable) {
-  if (gSigningChoicesLocked) {
-    return;
-  }
-
-  if (do_enable) {
-    gSignMessages.removeAttribute("disabled");
-    gSignCertName.removeAttribute("disabled");
-  } else {
-    gSignMessages.setAttribute("disabled", "true");
-    gSignCertName.setAttribute("disabled", "true");
+  gSignMessages.disabled = !do_enable;
+  if (!do_enable) {
     gSignMessages.checked = false;
   }
 }
 
-function enableCertSelectButtons() {
-  document
-    .getElementById("signingCertSelectButton")
-    .removeAttribute("disabled");
+function enableSelectButtons() {
+  gSignCertName.disabled = !gSignCertName.value;
+  document.getElementById(
+    "signingCertClearButton"
+  ).disabled = !gSignCertName.value;
+
+  gEncryptionCertName.disabled = !gEncryptionCertName.value;
+  document.getElementById(
+    "encryptionCertClearButton"
+  ).disabled = !gEncryptionCertName.value;
 
-  if (document.getElementById("identity.signing_cert_name").value.length) {
-    document
-      .getElementById("signingCertClearButton")
-      .removeAttribute("disabled");
-  } else {
-    document
-      .getElementById("signingCertClearButton")
-      .setAttribute("disabled", "true");
+  if (MailConstants.MOZ_OPENPGP) {
+    gKeyId.disabled = !gKeyId.value;
+    document.getElementById("openpgpKeyClearButton").disabled = !gKeyId.value;
+  }
+}
+
+function pgpClearKey(pgp_key) {
+  if (!MailConstants.MOZ_OPENPGP) {
+    return;
+  }
+  var keyInfo = document.getElementById(pgp_key);
+  if (!keyInfo) {
+    return;
   }
 
-  document
-    .getElementById("encryptionCertSelectButton")
-    .removeAttribute("disabled");
+  keyInfo.disabled = true;
+  keyInfo.value = "";
+
+  let stillHaveOtherSigning = gSignCertName && gSignCertName.value;
+  let stillHaveOtherEncryption =
+    gEncryptionCertName && gEncryptionCertName.value;
 
-  if (document.getElementById("identity.encryption_cert_name").value.length) {
-    document
-      .getElementById("encryptionCertClearButton")
-      .removeAttribute("disabled");
-  } else {
-    document
-      .getElementById("encryptionCertClearButton")
-      .setAttribute("disabled", "true");
+  if (!stillHaveOtherEncryption) {
+    enableEncryptionControls(false);
   }
+  if (!stillHaveOtherSigning) {
+    enableSigningControls(false);
+  }
+  updateTechPref();
+  enableSelectButtons();
   onSave();
 }
 
 function smimeClearCert(smime_cert) {
   var certInfo = document.getElementById(smime_cert);
   if (!certInfo) {
     return;
   }
 
-  certInfo.setAttribute("disabled", "true");
+  certInfo.disabled = true;
   certInfo.value = "";
   certInfo.displayName = "";
   certInfo.dbKey = "";
 
-  if (smime_cert == kEncryptionCertPref) {
-    enableEncryptionControls(false);
-  } else if (smime_cert == kSigningCertPref) {
-    enableSigningControls(false);
+  let stillHaveOther = gKeyId && gKeyId.value;
+
+  if (!stillHaveOther) {
+    if (smime_cert == kEncryptionCertPref) {
+      enableEncryptionControls(false);
+    } else if (smime_cert == kSigningCertPref) {
+      enableSigningControls(false);
+    }
   }
 
-  enableCertSelectButtons();
+  updateTechPref();
+  enableSelectButtons();
+  onSave();
+}
+
+function updateTechPref() {
+  if (!MailConstants.MOZ_OPENPGP) {
+    return;
+  }
+
+  let haveSigCert = gSignCertName && gSignCertName.value;
+  let haveEncCert = gEncryptionCertName && gEncryptionCertName.value;
+  let havePgpkey = gKeyId && gKeyId.value;
+
+  let enable = (haveSigCert || haveEncCert) && havePgpkey;
+
+  gTechAuto.disabled = !enable;
+  gTechPrefOpenPGP.disabled = !enable;
+  gTechPrefSMIME.disabled = !enable;
+
+  if (!enable) {
+    gIdentity.setIntAttribute("e2etechpref", 0);
+    gHiddenTechPref.setAttribute("value", 0);
+    gTechChoices.value = 0;
+  }
 }
 
 function openCertManager() {
   parent.gSubDialog.open("chrome://pippki/content/certManager.xhtml");
 }
 
 function openDeviceManager() {
   parent.gSubDialog.open("chrome://pippki/content/device_manager.xhtml");
 }
 
-function smimeOnLoadEditor() {
-  smimeInitializeFields();
+function e2eOnLoadEditor() {
+  e2eInitializeFields();
 }
rename from mailnews/extensions/smime/content/am-smime.xhtml
rename to mail/extensions/am-e2e/am-e2e.xhtml
--- a/mailnews/extensions/smime/content/am-smime.xhtml
+++ b/mail/extensions/am-e2e/am-e2e.xhtml
@@ -4,24 +4,24 @@
    - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
 
 <?xml-stylesheet href="chrome://messenger/skin/accountManage.css" type="text/css"?>
 
 <!DOCTYPE window SYSTEM "chrome://messenger/locale/am-smime.dtd">
 
 <window xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" xmlns:html="http://www.w3.org/1999/xhtml"
         class="color-dialog"
-        onload="parent.onPanelLoaded('am-smime.xhtml');">
+        onload="parent.onPanelLoaded('am-e2e.xhtml');">
 
   <script src="chrome://global/content/globalOverlay.js"/>
   <script src="chrome://global/content/editMenuOverlay.js"/>
   <script src="chrome://messenger/content/AccountManager.js"/>
-  <script src="chrome://messenger/content/am-smime.js"/>
+  <script src="chrome://messenger/content/am-e2e.js"/>
 
   <vbox flex="1" style="overflow: auto;">
     <hbox class="dialogheader">
-      <label class="dialogheader-title" value="&securityTitle.label;"/>
+      <label class="dialogheader-title" value="&e2eTitle.label;"/>
     </hbox>
 
-#include am-smime.inc.xhtml
+#include am-e2e.inc.xhtml
   </vbox>
 
 </window>
rename from mailnews/extensions/smime/src/components.conf
rename to mail/extensions/am-e2e/components.conf
--- a/mailnews/extensions/smime/src/components.conf
+++ b/mail/extensions/am-e2e/components.conf
@@ -1,15 +1,15 @@
 # -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
 # vim: set filetype=python:
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 Classes = [
   {
-    'cid': '{f2809796-1dd1-11b2-8c1b-8f15f007c699}',
-    'contract_ids': ['@mozilla.org/accountmanager/extension;1?name=smime'],
-    'jsm': 'resource:///modules/SMIMEService.jsm',
-    'constructor': 'SMIMEService',
-    'categories': {'mailnews-accountmanager-extensions': 'smime-account-manager-extension'},
+    'cid': '{d7aad508-991c-401a-8b3f-7e4e055e1e2b}',
+    'contract_ids': ['@mozilla.org/accountmanager/extension;1?name=e2e'],
+    'jsm': 'resource:///modules/AME2E.jsm',
+    'constructor': 'E2EService',
+    'categories': {'mailnews-accountmanager-extensions': 'e2e-account-manager-extension'},
   },
 ]
new file mode 100644
--- /dev/null
+++ b/mail/extensions/am-e2e/moz.build
@@ -0,0 +1,16 @@
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+EXTRA_JS_MODULES += [
+    'AME2E.jsm',
+]
+
+XPCOM_MANIFESTS += [
+    'components.conf',
+]
+
+JS_PREFERENCE_FILES += [
+    'prefs/e2e-prefs.js',
+]
rename from mail/extensions/openpgp/prefs/openpgp-prefs.js
rename to mail/extensions/am-e2e/prefs/e2e-prefs.js
--- a/mail/extensions/openpgp/prefs/openpgp-prefs.js
+++ b/mail/extensions/am-e2e/prefs/e2e-prefs.js
@@ -1,19 +1,35 @@
 /* global pref: false */
 /*
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at https://mozilla.org/MPL/2.0/.
  */
 
 /**
- * Default pref values for Enigmail
+ * Prefs shared by OpenPGP and S/MIME
  */
 
+pref("mail.identity.default.encryptionpolicy", 0);
+pref("mail.identity.default.sign_mail", false);
+
+/**
+ * S/MIME prefs
+*/
+
+pref("mail.identity.default.encryption_cert_name", "");
+pref("mail.identity.default.signing_cert_name", "");
+
+/**
+ * OpenPGP prefs
+ */
+
+pref("mail.identity.default.openpgp_key_id", "");
+
 
 // the last configured Enigmail version
 pref("temp.openpgp.configuredVersion", "");
 
 // Hide prefs and menu entries from non-advanced users
 pref("temp.openpgp.advancedUser", false);
 
 // ** enigmail keySel preferences:
@@ -244,23 +260,16 @@ pref("mail.identity.default.defaultSigni
 pref("mail.identity.default.defaultEncryptionPolicy", 0);
 pref("mail.identity.default.openPgpUrlName", "");
 pref("mail.identity.default.pgpMimeMode", true);
 pref("mail.identity.default.attachPgpKey", false);
 pref("mail.identity.default.autoEncryptDrafts", true);
 pref("mail.identity.default.protectSubject", true);
 pref("mail.identity.default.warnWeakReply", false);
 
-/*
-   Default pref values for the enigmail per-account
-   settings
-*/
-pref("mail.server.default.enableAutocrypt", false); // see https://autocrypt.org
-pref("mail.server.default.acPreferEncrypt", 0);
-
 // prefer S/MIME or PGP/MIME (0: S/MIME, 1: PGP/MIME)
 pref("mail.identity.default.mimePreferOpenPGP", 1);
 
 /*
    Other settings (change Mozilla behaviour)
 */
 
 // disable flowed text by default
new file mode 100644
--- /dev/null
+++ b/mail/extensions/jar.mn
@@ -0,0 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+messenger.jar:
+*  content/messenger/am-e2e.xhtml                                 (am-e2e/am-e2e.xhtml)
+   content/messenger/am-e2e.js                                    (am-e2e/am-e2e.js)
--- a/mail/extensions/moz.build
+++ b/mail/extensions/moz.build
@@ -1,14 +1,20 @@
 # vim: set filetype=python:
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
+JAR_MANIFESTS += ['jar.mn']
+
 DIRS += [
     'mailviews',
     'smime',
 ]
 
+DIRS += [
+    'am-e2e',
+]
+
 if CONFIG['MOZ_OPENPGP']:
   DIRS += [
       'openpgp',
   ]
--- a/mail/extensions/openpgp/content/BondOpenPGP.jsm
+++ b/mail/extensions/openpgp/content/BondOpenPGP.jsm
@@ -19,20 +19,16 @@ const { EnigmailLazy } = ChromeUtils.imp
   "chrome://openpgp/content/modules/lazy.jsm"
 );
 
 const getEnigmailApp = EnigmailLazy.loader("enigmail/app.jsm", "EnigmailApp");
 const getEnigmailCore = EnigmailLazy.loader(
   "enigmail/core.jsm",
   "EnigmailCore"
 );
-const getEnigmailAmPrefsService = EnigmailLazy.loader(
-  "enigmail/amPrefsService.jsm",
-  "EnigmailAmPrefsService"
-);
 const getEnigmailPgpmimeHander = EnigmailLazy.loader(
   "enigmail/pgpmimeHandler.jsm",
   "EnigmailPgpmimeHander"
 );
 const getRNP = EnigmailLazy.loader("enigmail/rnp.jsm", "RNP");
 const getEnigmailWindows = EnigmailLazy.loader(
   "enigmail/windows.jsm",
   "EnigmailWindows"
@@ -56,17 +52,16 @@ var BondOpenPGP = {
     }
     this.initDone = true;
     console.log("loading OpenPGP");
     try {
       getRNP().init({});
       //TODO: check RNP.libLoaded
 
       getEnigmailApp().initAddon();
-      getEnigmailAmPrefsService().startup(0);
       getEnigmailCore().startup(0);
       getEnigmailPgpmimeHander().startup(0);
 
       Services.console.logStringMessage("OpenPGP bootstrap completed");
     } catch (ex) {
       this.logException(ex);
     }
   },
deleted file mode 100644
--- a/mail/extensions/openpgp/content/am-enigprefs.xhtml
+++ /dev/null
@@ -1,166 +0,0 @@
-<?xml version="1.0"?>
-
-<!--
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at https://mozilla.org/MPL/2.0/.
--->
-
-<?xml-stylesheet href="chrome://messenger/skin/accountManage.css" type="text/css"?>
-
-<!DOCTYPE page SYSTEM "chrome://openpgp/content/strings/enigmail.dtd">
-
-<page xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
-      xmlns:html="http://www.w3.org/1999/xhtml"
-      class="color-dialog"
-      title="&enigmail.amPrefTitle.label;"
-      onload="parent.onPanelLoaded('am-enigprefs.xhtml');"
-      orient="vertical">
-
-  <script type="application/x-javascript" src="chrome://messenger/content/AccountManager.js"/>
-  <script type="application/x-javascript" src="chrome://openpgp/content/ui/enigmailEditIdentity.js"/>
-  <script type="application/x-javascript" src="chrome://openpgp/content/ui/am-enigprefs.js"/>
-
-  <broadcasterset>
-    <broadcaster id="enigmail_bcEnablePgp" disabled="false"/>
-    <broadcaster id="enigmail_bcUseKeyId" disabled="false"/>
-    <broadcaster id="enigmail_bcUseUrl" disabled="true"/>
-  </broadcasterset>
-
-  <vbox flex="1" style="overflow: auto;">
-
-    <dialogheader title="&enigmail.amPrefTitle.label;"/>
-
-    <description>&enigmail.amPrefDesc.label;</description>
-
-    <vbox id="enigmail_IdentityEdit">
-      <checkbox id="enigmail_enablePgp"
-                prefstring="mail.identity.%identitykey%.enablePgp"
-                preftype="bool" prefattribute="value"
-                label="&enigmail.amPrefEnablePgp.label;"
-                oncommand="Enigmail.edit.toggleEnable();"/>
-      <vbox>
-        <vbox class="enigmailGroupbox" id="enigmail_encryption.titleBox">
-          <radiogroup id="enigmail_pgpKeyMode" aria-labelledby="enablePgp">
-            <radio id="enigmail_keymode_useFromAddress"
-                   label="&enigmail.amPrefUseFromAddr.label;"
-                   value="0"
-                   observes="enigmail_bcEnablePgp"
-                   oncommand="Enigmail.edit.enableKeySel(false);"/>
-            <vbox>
-              <radio id="enigmail_keymode_usePgpkeyId"
-                     label="&enigmail.amPrefUseKeyId.label;"
-                     observes="enigmail_bcEnablePgp"
-                     value="1"
-                     oncommand="Enigmail.edit.enableKeySel(true);"/>
-              <hbox flex="1">
-                <textbox id="enigmail_identity.pgpkeyId" aria-labelledby="keymode_usePgpkeyId"
-                         prefstring="mail.identity.%identitykey%.pgpkeyId"
-                         observes="enigmail_bcUseKeyId"
-                         readonly="true"
-                         flex="1"
-                         preftype="wstring" prefattribute="value"/>
-                <button id="enigmail_selectPgpKey" label="&enigmail.amPrefSelectKey.label;"
-                        observes="enigmail_bcUseKeyId"
-                        oncommand="Enigmail.edit.selectKeyId()"/>
-              </hbox>
-            </vbox>
-          </radiogroup>
-
-          <tabbox flex="1" id="enigmail_tabs">
-            <tabs id="enigmail_tabBox">
-              <tab id="enigmail_msgCompTab"   label="&enigmail.amPrefMsgComp.label;"/>
-              <tab id="enigmail_autocryptTab" label="&enigmail.autocrypt.label;"/>
-            </tabs>
-
-            <tabpanels flex="1" id="enigmail_tabPanels">
-              <!-- Message Composition -->
-              <vbox flex="1">
-                <caption label="&enigmail.amPrefDefaultEncrypt.label;"/>
-
-                <checkbox id="enigmail_encrypt_ifPossible"
-                          checked="false"
-                          observes="enigmail_bcEnablePgp"
-                          label="&enigmail.defaultEncryption.label;"/>
-                <checkbox id="enigmail_sign_ifPossible"
-                          checked="false"
-                          observes="enigmail_bcEnablePgp"
-                          label="&enigmail.defaultSigning.label;"/>
-                <checkbox id="enigmail_pgpMimeMode"
-                          checked="false"
-                          observes="enigmail_bcEnablePgp"
-                          label="&enigmail.usePGPMimeAlways.label;"/>
-
-                <separator/>
-
-                <label value="&enigmail.afterDefaultsAndRules.label;"/>
-                <hbox flex="1">
-                  <checkbox id="enigmail_sign_notEncrypted"
-                            checked="false"
-                            observes="enigmail_bcEnablePgp"
-                            label="&enigmail.finallySignNotEncrypted.label;"/>
-                  <checkbox id="enigmail_sign_encrypted"
-                            checked="false"
-                            observes="enigmail_bcEnablePgp"
-                            label="&enigmail.finallySignEncrypted.label;"/>
-                </hbox>
-
-                <separator/>
-
-                <checkbox id="enigmail_autoEncryptDrafts" checked="false"
-                          label="&enigmail.autoEncryptDrafts.label;"/>
-
-                <separator/>
-
-                <label id="mimePreferOpenPGP" value="&enigmail.amPrefMimePreferProto.label;"/>
-                <radiogroup id="enigmail_mimePreferOpenPGP" aria-labelledby="mimePreferOpenPGP">
-                  <hbox flex="1">
-                    <radio id="enigmail_mime_preferSMime"
-                           label="&enigmail.amPrefMimePreferSMime.label;"
-                           value="0"
-                           observes="enigmail_bcEnablePgp"/>
-                    <radio id="enigmail_mime_preferEnigmail"
-                           label="&enigmail.amPrefMimePreferEnigmail.label;"
-                           value="1"
-                           observes="enigmail_bcEnablePgp"/>
-                  </hbox>
-                </radiogroup>
-
-                <separator/>
-
-                <checkbox id="openpgp.sendKeyWithMsg"
-                            label="&enigmail.amPrefPgp.sendKeyWithMsg.label;"
-                            checked="false"/>
-              </vbox>
-
-              <!-- Autocrypt tab -->
-              <vbox flex="1" align="start">
-                <checkbox id="enigmail_enableAutocrypt"
-                    prefstring="mail.server.%serverkey%.enableAutocrypt"
-                    preftype="bool" prefattribute="value"
-                    observes="enigmail_bcEnablePgp"
-                    oncommand="Enigmail.edit.enableAcSettings()"
-                    label="&enigmail.enableAutocrypt.label;"/>
-
-                <checkbox id="enigmail_acPreferEncrypt"
-                    prefstring="mail.server.%serverkey%.acPreferEncrypt"
-                    preftype="bool" prefattribute="value"
-                    label="&enigmail.acPreferEncrypt.label;"/>
-              </vbox>
-            </tabpanels>
-          </tabbox>
-
-          <hbox autostretch="never" id="enigmail_PrefsBox">
-            <spacer flex="1"/>
-            <button class="dialog"
-                    id="enigmail_openpgpPrefsButton"
-                    observes="enigmail_bcEnablePgp"
-                    label="&enigmail.openpgpPrefsButton.label;"
-                    oncommand="EnigmailWindows.openPrefWindow(window, true, 'sendingTab');"/>
-          </hbox>
-        </vbox>
-      </vbox>
-    </vbox>
-
-  </vbox>
-</page>
deleted file mode 100644
--- a/mail/extensions/openpgp/content/modules/amPrefsService.jsm
+++ /dev/null
@@ -1,94 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
-
-"use strict";
-
-const { manager: Cm } = Components;
-Cm.QueryInterface(Ci.nsIComponentRegistrar);
-
-const { EnigmailCompat } = ChromeUtils.import(
-  "chrome://openpgp/content/modules/compat.jsm"
-);
-const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm");
-
-const CATEGORY = "mailnews-accountmanager-extensions";
-const CATEGORY_ENTRY = "openpgp-account-manager-extension";
-const PREF_SERVICE_NAME =
-  "@mozilla.org/accountmanager/extension;1?name=enigprefs";
-
-var EXPORTED_SYMBOLS = ["EnigmailAmPrefsService"];
-
-var EnigmailAmPrefsService = {
-  startup(reason) {
-    try {
-      Services.catMan.addCategoryEntry(
-        CATEGORY,
-        CATEGORY_ENTRY,
-        PREF_SERVICE_NAME,
-        false,
-        true
-      );
-      this.factory = new Factory(EnigmailPrefService);
-    } catch (ex) {}
-  },
-
-  shutdown(reason) {
-    Services.catMan.deleteCategoryEntry(CATEGORY, CATEGORY_ENTRY, false);
-
-    if (this.factory) {
-      this.factory.unregister();
-    }
-  },
-};
-
-function EnigmailPrefService() {}
-
-EnigmailPrefService.prototype = {
-  name: "enigprefs",
-  chromePackageName: "openpgp",
-  classID: Components.ID("{f2be6d32-ff3c-11e9-8e8b-00163e5e6c00}"),
-  classDescription: "OpenPGP Account Manager Extension Service",
-  contractID: PREF_SERVICE_NAME,
-  QueryInterface: EnigmailCompat.generateQI(["nsIMsgAccountManagerExtension"]),
-
-  showPanel(server) {
-    // show Enigmail panel for POP3, IMAP, NNTP and "movemail" (unix) account types
-    switch (server.type) {
-      case "nntp":
-      case "imap":
-      case "pop3":
-      case "movemail":
-        return true;
-    }
-    return false;
-  },
-};
-
-class Factory {
-  constructor(component) {
-    this.component = component;
-    this.register();
-    Object.freeze(this);
-  }
-
-  createInstance(outer, iid) {
-    if (outer) {
-      throw Cr.NS_ERROR_NO_AGGREGATION;
-    }
-    return new this.component();
-  }
-
-  register() {
-    Cm.registerFactory(
-      this.component.prototype.classID,
-      this.component.prototype.classDescription,
-      this.component.prototype.contractID,
-      this
-    );
-  }
-
-  unregister() {
-    Cm.unregisterFactory(this.component.prototype.classID, this);
-  }
-}
--- a/mail/extensions/openpgp/content/modules/keyObj.jsm
+++ b/mail/extensions/openpgp/content/modules/keyObj.jsm
@@ -346,17 +346,17 @@ class EnigmailKeyObj {
             );
           }
         } else {
           retVal.keyValid = true;
         }
       }
     }
 
-    console.debug("getSigningValidity retVal: %o", retVal);
+    //console.debug("getSigningValidity retVal: %o", retVal);
     return retVal;
   }
 
   /**
    * Check whether a key can be used for encryption and return a description of why not
    *
    * @return Object:
    *   - keyValid: Boolean (true if key is valid)
@@ -425,17 +425,17 @@ class EnigmailKeyObj {
             );
           }
         } else {
           retVal.keyValid = true;
         }
       }
     }
 
-    console.debug("getEncryptionValidity retVal: %o", retVal);
+    //console.debug("getEncryptionValidity retVal: %o", retVal);
     return retVal;
   }
 
   /**
    * Determine the next expiry date of the key. This is either the public key expiry date,
    * or the maximum expiry date of a signing or encryption subkey. I.e. this returns the next
    * date at which the key cannot be used for signing and/or encryption anymore
    *
--- a/mail/extensions/openpgp/content/modules/keyRing.jsm
+++ b/mail/extensions/openpgp/content/modules/keyRing.jsm
@@ -194,103 +194,108 @@ var EnigmailKeyRing = {
 
     let res = [];
 
     this.getAllKeys(); // ensure keylist is loaded;
 
     if (searchTerm === "") {
       return res;
     }
-    console.debug(gKeyListObj.keyList);
     for (let i in gKeyListObj.keyList) {
       let k = gKeyListObj.keyList[i];
 
       for (let j in k.userIds) {
         if (k.userIds[j].type === "uid" && k.userIds[j].userId.search(s) >= 0) {
-          console.debug("found " + k.userIds[j].userId);
           if (
             !onlyValidUid ||
             !EnigmailTrust.isInvalid(k.userIds[j].keyTrust)
           ) {
             res.push(k);
             continue;
           }
         }
       }
     }
-    console.debug("getKeysByUserId result: %o", res);
     return res;
   },
 
   /**
    * Specialized function for getSecretKeyByUserId() that takes into account
    * the specifics of email addresses in UIDs.
    *
    * @param emailAddr: String - email address to search for without any angulars
    *                            or names
    *
    * @return KeyObject with the found key, or null if no key found
    */
   getSecretKeyByEmail(emailAddr) {
+    let result = {};
+    this.getAllSecretKeysByEmail(emailAddr, result);
+    return result.best;
+  },
+
+  getAllSecretKeysByEmail(emailAddr, result) {
     // sanitize email address
     emailAddr = emailAddr.replace(/([\.\[\]\-\\])/g, "\\$1");
 
     let searchTerm =
       "(<" + emailAddr + ">| " + emailAddr + "$|^" + emailAddr + "$)";
 
-    return this.getSecretKeyByUserId(searchTerm);
+    this.getAllSecretKeysByUserId(searchTerm, result);
   },
 
   /**
    * get the "best" possible secret key for a given user ID
    *
    * @param searchTerm   - String: a regular expression to match against all UIDs of the keys.
    *                               The search is always performed case-insensitively
    * @return KeyObject with the found key, or null if no key found
    */
   getSecretKeyByUserId(searchTerm) {
+    let result = {};
+    this.getAllSecretKeysByUserId(searchTerm, result);
+    return result.best;
+  },
+
+  getAllSecretKeysByUserId(searchTerm, result) {
     EnigmailLog.DEBUG(
       "keyRing.jsm: getSecretKeyByUserId: '" + searchTerm + "'\n"
     );
     let keyList = this.getKeysByUserId(searchTerm, true);
-    console.debug(
-      "getSecretKeyByUserId, got result from getKeysByUserId: %o",
-      keyList
-    );
 
-    let foundKey = null;
+    result.all = [];
+    result.best = null;
 
     for (let key of keyList) {
       if (
         key.secretAvailable &&
         key.getEncryptionValidity().keyValid &&
         key.getSigningValidity().keyValid
       ) {
-        if (!foundKey) {
-          foundKey = key;
+        result.all.push(key);
+        if (!result.best) {
+          result.best = key;
         } else if (
-          foundKey.algoSym === key.algoSym &&
-          foundKey.keySize === key.keySize
+          result.best.algoSym === key.algoSym &&
+          result.best.keySize === key.keySize
         ) {
-          if (key.expiryTime > foundKey.expiryTime) {
-            foundKey = key;
+          if (key.expiryTime > result.best.expiryTime) {
+            result.best = key;
           }
         } else if (
-          foundKey.algoSym.search(/^(DSA|RSA)$/) < 0 &&
+          result.best.algoSym.search(/^(DSA|RSA)$/) < 0 &&
           key.algoSym.search(/^(DSA|RSA)$/) === 0
         ) {
           // prefer RSA or DSA over ECC (long-term: change this once ECC keys are widely supported)
-          foundKey = key;
-        } else if (key.getVirtualKeySize() > foundKey.getVirtualKeySize()) {
-          foundKey = key;
+          result.best = key;
+        } else if (key.getVirtualKeySize() > result.best.getVirtualKeySize()) {
+          result.best = key;
         }
       }
     }
-    console.debug("getSecretKeyByUserId, foundKey: %o", foundKey);
-    return foundKey;
   },
 
   /**
    * get a list of keys for a given set of (sub-) key IDs
    *
    * @param keyIdList: Array of key IDs
                        OR String, with space-separated list of key IDs
    */
@@ -439,22 +444,16 @@ var EnigmailKeyRing = {
    * @param errorMsgObj       Object   - o.value will contain error message from GnuPG
    *
    * @return String - if outputFile is NULL, the key block data; "" if a file is written
    */
   extractKey(includeSecretKey, id, outputFile, exitCodeObj, errorMsgObj) {
     EnigmailLog.DEBUG("keyRing.jsm: EnigmailKeyRing.extractKey: " + id + "\n");
     exitCodeObj.value = -1;
 
-    console.debug(
-      "keyRing.jsm: EnigmailKeyRing.extractKey: type of parameter id:"
-    );
-    console.debug(typeof id);
-    console.debug(id);
-
     if (includeSecretKey) {
       throw new Error("extractKey with secret key not implemented");
     }
 
     if (!id.length) {
       return "";
     }
 
deleted file mode 100644
--- a/mail/extensions/openpgp/content/strings/am-enigprefs.properties
+++ /dev/null
@@ -1,2 +0,0 @@
-# Strings used in the Mozill AccountManager
-prefPanel-enigprefs=OpenPGP Security
--- a/mail/extensions/openpgp/content/strings/enigmail.dtd
+++ b/mail/extensions/openpgp/content/strings/enigmail.dtd
@@ -316,44 +316,30 @@
 <!ENTITY enigmail.detailsHdrButton.label            "Details">
 <!ENTITY enigmail.revealAttachmentsButton.label     "The names of the files attached are hidden. Press the 'Reveal' button to retrieve the original file names.">
 <!ENTITY enigmail.revealAttachments.button          "Reveal">
 
 <!ENTITY enigmail.exchangeGarbage.desc              "This is a broken PGP/MIME message from MS-Exchange. If you cannot access the attachments or have problems with replying or forwarding, press the 'Repair message' button to fix the message">
 <!ENTITY enigmail.exchangeGarbage.fixButton.label   "Repair message">
 <!ENTITY enigmail.exchangeGarbage.waitMessage       "Please wait ...">
 
-<!ENTITY enigmail.amPrefTitle.label                 "Signing/Encryption Options...">
-<!ENTITY enigmail.amPrefDesc.label                  "Support for OpenPGP encryption and signing messages is provided by Gine-Liam. You need to have GnuPG (gpg) installed in order to use this feature.">
-<!ENTITY enigmail.amPrefEnablePgp.label             "Enable OpenPGP support (Gine-Liam) for this identity">
-<!ENTITY enigmail.amPrefUseFromAddr.label           "Use email address of this identity to identify OpenPGP key">
-<!ENTITY enigmail.amPrefUseKeyId.label              "Use specific OpenPGP key ID:">
-<!ENTITY enigmail.amPrefSelectKey.label             "Select Key">
-<!ENTITY enigmail.amPrefMsgComp.label               "Message Composition">
-<!ENTITY enigmail.amPrefDefaultEncrypt.label        "Message Composition Default Options">
 <!ENTITY enigmail.encryptionDlg.label               "Gine-Liam Encryption &amp; Signing Settings">
 <!ENTITY enigmail.encDlgProtocol.label              "Encryption/Signing Standard">
 <!ENTITY enigmail.encDlgEncrypt.label               "Encrypt Message">
 <!ENTITY enigmail.encDlgEncrypt.accesskey           "E">
 <!ENTITY enigmail.encDlgSign.label                  "Sign Message">
 <!ENTITY enigmail.encDlgSign.accesskey              "S">
 <!ENTITY enigmail.encDlgPgpMime.label               "Use PGP/MIME">
 <!ENTITY enigmail.encDlgPgpMime.accesskey           "P">
 <!ENTITY enigmail.encDlgInlinePgp.label             "Use Inline PGP">
 <!ENTITY enigmail.encDlgInlinePgp.accesskey         "I">
 <!ENTITY enigmail.encDlgSMime.label                 "Use S/MIME">
 <!ENTITY enigmail.encDlgSMime.accesskey             "M">
 <!ENTITY enigmail.encDlgReset.label                 "Reset to Defaults">
 <!ENTITY enigmail.encDlgReset.accesskey             "R">
-<!ENTITY enigmail.amPrefPgpHeader.label             "Send 'OpenPGP' Header">
-<!ENTITY enigmail.amPrefPgpHeader.id.label          "Send OpenPGP Key ID">
-<!ENTITY enigmail.amPrefPgpHeader.url.label         "Send URL for key retrieval:">
-<!ENTITY enigmail.amPrefMimePreferProto.label       "If both, Gine-Liam and S/MIME encryption are possible, then:">
-<!ENTITY enigmail.amPrefMimePreferEnigmail.label    "Prefer Gine-Liam (OpenPGP)">
-<!ENTITY enigmail.amPrefMimePreferSMime.label       "Prefer S/MIME">
 
 <!ENTITY enigmail.progressText.label               "Progress:">
 
 <!ENTITY enigmail.openPgpSecurity.label            "OpenPGP Security">
 
 <!ENTITY enigmail.pgpSecurityInfo.label            "Gine-Liam Security Info ...">
 <!ENTITY enigmail.copySecurityInfo.label           "Copy Gine-Liam Security Info">
 <!ENTITY enigmail.showPhoto.label                  "View OpenPGP Photo ID">
@@ -665,17 +651,16 @@
 <!ENTITY enigmail.setupWiz.useImportKeys             "Alternatively, you can import your keys using the 'Import Keys' button below.">
 <!ENTITY enigmail.setupWiz.existingEncryptedMsg      "We found that you have encrypted messages in your mail folders. We recommend that you export your keys on your existing device, and import them here. (Hint: you may use the 'Import Keys' multiple times, for example to import public and secret keys).">
 <!ENTITY enigmail.setupWiz.existingKeysFound         "We found that you already have OpenPGP keys. We recommend that we set up Gine-Liam for you so that you can continue to work with these keys.">
 <!ENTITY enigmail.setupWiz.applyExistingKeysBtn      "Apply my Keys">
 <!ENTITY enigmail.setupWiz.rescanInboxBtn            "Rescan Inbox">
 <!ENTITY enigmail.setupWiz.importKeysBtn             "Import Keys">
 
 <!ENTITY enigmail.advancedIdentityDlg.title          "Advanced Gine-Liam Identity Settings">
-<!ENTITY enigmail.amPrefPgp.sendKeyWithMsg.label     "Attach my public key to messages">
 
 <!ENTITY enigmail.addPhoto.question.label            "Do you want to add the following picture to the key?">
 <!ENTITY enigmail.addPhoto.title                     "Add Photo to Key">
 <!ENTITY enigmail.msgViewColumn.tooltip              "Sort by the OpenPGP status">
 <!ENTITY enigmail.addToRule.title                    "Add Key to Per-Recipient Rule">
 <!ENTITY enigmail.addToRule.useRuleButton.label      "Add Key to Selected Rule">
 <!ENTITY enigmail.addToRule.useRuleButton.accesskey  "A">
 <!ENTITY enigmail.addToRule.newRuleButton.label      "Create New Rule">
--- a/mail/extensions/openpgp/content/strings/enigmail.properties
+++ b/mail/extensions/openpgp/content/strings/enigmail.properties
@@ -381,21 +381,16 @@ userSel.problemMultipleKeys=Multiple key
 # should be same as thunderbird ENTITY sendLaterCmd.label:
 sendLaterCmd.label=Send Later
 
 # Strings used in enigmailAttachmentDialog.js
 pgpMimeNote=NOTE: PGP/MIME is not supported by all email clients. If you are unsure, select the %S option.
 first=first
 second=second
 
-# Strings used in am-enigprefs.js / enigmailEditIdentity.js
-encryptKeyHeader=Select OpenPGP Key for Encryption
-identityName=Identity: %S
-
-
 # Strings used in enigmailSingleRcptSettings.js
 noEncryption=You have activated encryption, but you did not select a key. In order to encrypt emails sent to %1$S, you need to specify one or several valid key(s) from your key list. Do you want to disable encryption for %2$S?
 noKeyToUse=(none - no encryption)
 noEmptyRule=The Rule may not be empty! Please set an email address in the Rule field.
 invalidAddress=The email address(es) you have entered are not valid. You should not set the names of the recipients, just the email addresses. E.g.:\nInvalid: Some Name <some.name@address.net>\nValid:   some.name@address.net
 noCurlyBrackets=The curly brackets {} have a special meaning and should not be used in an email address. If you want to modify the matching behavior for this rule, use the 'Apply rule if recipient ...' option.\nMore information is available from the Help button.
 
 # Strings used in enigmailRulesEditor.js
deleted file mode 100644
--- a/mail/extensions/openpgp/content/ui/am-enigprefs.js
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at https://mozilla.org/MPL/2.0/.
- */
-
-"use strict";
-
-var { EnigmailLog } = ChromeUtils.import(
-  "chrome://openpgp/content/modules/log.jsm"
-);
-var EnigmailCore = ChromeUtils.import(
-  "chrome://openpgp/content/modules/core.jsm"
-).EnigmailCore;
-
-if (!Enigmail) {
-  var Enigmail = {};
-}
-
-var gPref = null;
-
-function onInit() {
-  EnigmailLog.DEBUG("am-enigprefs.js: onInit()\n");
-
-  try {
-    performInit();
-  } catch (ex) {
-    EnigmailLog.ERROR("am-enigprefs.js: onInit: error: " + ex.message + "\n");
-  }
-}
-
-function performInit() {
-  EnigmailLog.DEBUG("am-enigprefs.js: performInit()\n");
-
-  Enigmail.edit.onInit();
-}
-
-function onAcceptEditor() {
-  EnigmailLog.DEBUG("am-enigprefs.js: onAcceptEditor()\n");
-  Enigmail.edit.onSave();
-  saveChanges();
-  return true;
-}
-
-function onPreInit(account, accountValues) {
-  EnigmailLog.DEBUG("am-enigprefs.js: onPreInit()\n");
-
-  if (!EnigmailCore.getService()) {
-    return;
-  }
-
-  Enigmail.edit.identity = account.defaultIdentity;
-  Enigmail.edit.account = account;
-}
-
-function onSave() {
-  EnigmailLog.DEBUG("am-enigprefs.js: onSave()\n");
-
-  Enigmail.edit.onSave();
-  saveChanges();
-  return true;
-}
-
-function onLockPreference() {
-  // do nothing
-}
-
-// Does the work of disabling an element given the array which contains xul id/prefstring pairs.
-// Also saves the id/locked state in an array so that other areas of the code can avoid
-// stomping on the disabled state indiscriminately.
-function disableIfLocked(prefstrArray) {
-  // do nothing
-}
-
-function enigmailOnAcceptEditor() {
-  EnigmailLog.DEBUG("am-enigprefs.js: enigmailOnAcceptEditor()\n");
-
-  Enigmail.edit.onSave();
-
-  return true; // allow to close dialog in all cases
-}
-
-function saveChanges() {}
-
-document.addEventListener("dialogaccept", function(event) {
-  Enigmail.edit.onAcceptEditor();
-});
--- a/mail/extensions/openpgp/content/ui/commonWorkflows.js
+++ b/mail/extensions/openpgp/content/ui/commonWorkflows.js
@@ -1,17 +1,17 @@
 /*
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at https://mozilla.org/MPL/2.0/.
  */
 
 "use strict";
 
-const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm");
+var { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm");
 var EnigmailDialog = ChromeUtils.import(
   "chrome://openpgp/content/modules/dialog.jsm"
 ).EnigmailDialog;
 var EnigmailLocale = ChromeUtils.import(
   "chrome://openpgp/content/modules/locale.jsm"
 ).EnigmailLocale;
 var { EnigmailKey } = ChromeUtils.import(
   "chrome://openpgp/content/modules/key.jsm"
--- a/mail/extensions/openpgp/content/ui/enigmailEditIdentity.js
+++ b/mail/extensions/openpgp/content/ui/enigmailEditIdentity.js
@@ -50,38 +50,27 @@ Enigmail.edit = {
     this.enablePgp = document.getElementById("enigmail_enablePgp");
     this.pgpKeyMode = document.getElementById("enigmail_pgpKeyMode");
     this.pgpKeyId = document.getElementById("enigmail_identity.pgpkeyId");
     this.signingPolicy = document.getElementById("enigmail_sign_ifPossible");
     this.encryptionPolicy = document.getElementById(
       "enigmail_encrypt_ifPossible"
     );
     this.pgpMimeMode = document.getElementById("enigmail_pgpMimeMode");
-    this.pgpSignEncPolicy = document.getElementById("enigmail_sign_encrypted");
-    this.pgpSignPlainPolicy = document.getElementById(
-      "enigmail_sign_notEncrypted"
-    );
     this.autoEncryptDrafts = document.getElementById(
       "enigmail_autoEncryptDrafts"
     );
     this.mimePreferOpenPGP = document.getElementById(
       "enigmail_mimePreferOpenPGP"
     );
-    this.enableAc = document.getElementById("enigmail_enableAutocrypt");
-    this.acPreferEncrypt = document.getElementById("enigmail_acPreferEncrypt");
     this.isSingleIdEditor = !!document.getElementById("enigmail_singleId");
     this.openPgpSendKeyWithMsg = document.getElementById(
       "openpgp.sendKeyWithMsg"
     );
 
-    if (this.isSingleIdEditor) {
-      let acTab = document.getElementById("enigmail_autocryptTab");
-      acTab.setAttribute("collapsed", "true");
-    }
-
     if (this.identity) {
       this.enablePgp.checked = this.identity.getBoolAttribute("enablePgp");
       this.cryptoChoicesEnabled = this.enablePgp.checked;
 
       var selectedItemId = null;
       var keyPolicy = this.identity.getIntAttribute("pgpKeyMode");
       switch (keyPolicy) {
         case 1:
@@ -124,26 +113,16 @@ Enigmail.edit = {
     } else {
       this.enablePgp.checked = false;
       this.cryptoChoicesEnabled = false;
       this.pgpMimeMode.checked = true;
       this.pgpSignEncPolicy.checked = true;
       this.autoEncryptDrafts.checked = true;
     }
 
-    if (this.account) {
-      this.enableAc.checked = this.account.incomingServer.getBoolValue(
-        "enableAutocrypt"
-      );
-      this.acPreferEncrypt.checked =
-        this.account.incomingServer.getIntValue("acPreferEncrypt") > 0;
-    } else {
-      this.enableAc.checked = true;
-    }
-
     // Disable all locked elements on the panel
     //onLockPreference();
     this.enableAllPrefs();
   },
 
   onLoadEditor() {
     if (typeof gAccount == "object") {
       this.account = gAccount;
@@ -221,27 +200,16 @@ Enigmail.edit = {
         "pgpSignPlain",
         this.pgpSignPlainPolicy.checked
       );
       this.identity.setBoolAttribute(
         "autoEncryptDrafts",
         this.autoEncryptDrafts.checked
       );
     }
-
-    if (!this.isSingleIdEditor) {
-      this.account.incomingServer.setBoolValue(
-        "enableAutocrypt",
-        this.enableAc.checked
-      );
-      this.account.incomingServer.setIntValue(
-        "acPreferEncrypt",
-        this.acPreferEncrypt.checked ? 1 : 0
-      );
-    }
   },
 
   toggleEnable() {
     let newCryptoEnabled = !this.cryptoChoicesEnabled;
 
     this.cryptoChoicesEnabled = newCryptoEnabled;
     this.enableAllPrefs();
   },
@@ -252,39 +220,30 @@ Enigmail.edit = {
       if (elem) {
         elem.removeAttribute("disabled");
       }
     } else if (elem) {
       elem.setAttribute("disabled", "true");
     }
 
     this.enableKeySel(this.cryptoChoicesEnabled && this.pgpKeyMode.value == 1);
-    this.enableAcSettings();
   },
 
   enableKeySel(enable) {
     if (enable) {
       document
         .getElementById("enigmail_bcUseKeyId")
         .removeAttribute("disabled");
     } else {
       document
         .getElementById("enigmail_bcUseKeyId")
         .setAttribute("disabled", "true");
     }
   },
 
-  enableAcSettings() {
-    if (this.cryptoChoicesEnabled && this.enableAc.checked) {
-      this.acPreferEncrypt.removeAttribute("disabled");
-    } else {
-      this.acPreferEncrypt.setAttribute("disabled", "true");
-    }
-  },
-
   handleClick(event) {
     if (event.target.hasAttribute("href")) {
       EnigmailWindows.openMailTab(event.target.getAttribute("href"));
     }
   },
 
   selectKeyId() {
     var resultObj = {};
new file mode 100644
--- /dev/null
+++ b/mail/extensions/openpgp/content/ui/keyPicker.css
@@ -0,0 +1,30 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+.info-name {
+  overflow: hidden; /* Allows equal sizing combined with width="0" */
+  padding-inline-start: 7px;
+  -moz-box-align: center;
+}
+
+#keyPickerDialog {
+  width: 45em;
+}
+
+#keyIDBox {
+  min-height: 18em;
+}
+
+#userID,
+#keyID,
+#keyCreated,
+#keyExpiration,
+#keyIDBox > richlistitem {
+  min-height: 35px;
+}
+
+.website-status {
+  margin: 1px;
+  margin-inline-end: 5px;
+}
new file mode 100644
--- /dev/null
+++ b/mail/extensions/openpgp/content/ui/keyPicker.ftl
@@ -0,0 +1,33 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+key-picker-button-cancel =
+    .label = Cancel
+    .accesskey = C
+
+key-picker-intro =
+    .value = Select the personal OpenPGP key that you want to use for this identity
+
+key-picker-window =
+    .title = Select a Personal OpenPGP Key
+
+key-picker-user-id =
+    .label = User ID
+
+key-picker-key-id =
+    .label = Key ID
+
+key-picker-key-created =
+    .label = Created
+
+key-picker-key-expiration =
+    .label = Expiration
+
+key-picker-button-cancel =
+    .label = Cancel
+    .accesskey = C
+
+key-picker-button-ok =
+    .label = OK
+    .accesskey = O
new file mode 100644
--- /dev/null
+++ b/mail/extensions/openpgp/content/ui/keyPicker.js
@@ -0,0 +1,88 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+var { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm");
+var { AppConstants } = ChromeUtils.import(
+  "resource://gre/modules/AppConstants.jsm"
+);
+
+var gKeyPicker = {
+  _bundle: null,
+  _list: null,
+
+  gParams: null,
+
+  onLoad() {
+    this.gParams = window.arguments[0];
+    document.mozSubdialogReady = this.init();
+  },
+
+  async init() {
+    this._list = document.getElementById("keyIDBox");
+
+    let frag = document.createDocumentFragment();
+
+    for (let key of this.gParams.keys) {
+      let richlistitem = this._createListItem(key);
+      frag.appendChild(richlistitem);
+    }
+
+    this._list.appendChild(frag);
+
+    document.getElementById("identityAddress").value = this.gParams.identity;
+  },
+
+  _createListItem(key) {
+    let richlistitem = document.createXULElement("richlistitem");
+
+    let row = document.createXULElement("hbox");
+    row.setAttribute("flex", "1");
+
+    let hbox = document.createXULElement("hbox");
+    let user = document.createXULElement("label");
+    user.setAttribute("value", key.userId);
+    hbox.setAttribute("width", "0");
+    hbox.setAttribute("class", "info-name");
+    hbox.setAttribute("flex", "3");
+    hbox.appendChild(user);
+    row.appendChild(hbox);
+
+    hbox = document.createXULElement("hbox");
+    let id = document.createXULElement("label");
+    id.setAttribute("value", key.keyId);
+    hbox.setAttribute("width", "0");
+    hbox.setAttribute("class", "info-name");
+    hbox.setAttribute("flex", "1");
+    hbox.appendChild(id);
+    row.appendChild(hbox);
+
+    hbox = document.createXULElement("hbox");
+    let created = document.createXULElement("label");
+    created.setAttribute("value", key.created);
+    hbox.setAttribute("width", "0");
+    hbox.setAttribute("class", "info-name");
+    hbox.setAttribute("flex", "1");
+    hbox.appendChild(created);
+    row.appendChild(hbox);
+
+    hbox = document.createXULElement("hbox");
+    let expiry = document.createXULElement("label");
+    expiry.setAttribute("value", key.expiry);
+    hbox.setAttribute("width", "0");
+    hbox.setAttribute("class", "info-name");
+    hbox.setAttribute("flex", "1");
+    hbox.appendChild(expiry);
+    row.appendChild(hbox);
+
+    richlistitem.appendChild(row);
+    return richlistitem;
+  },
+
+  onApplyChanges() {
+    this.gParams.canceled = false;
+    this.gParams.index = this._list.selectedIndex;
+
+    window.close();
+  },
+};
new file mode 100644
--- /dev/null
+++ b/mail/extensions/openpgp/content/ui/keyPicker.xhtml
@@ -0,0 +1,50 @@
+<?xml version="1.0"?>
+<!--
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at https://mozilla.org/MPL/2.0/.
+-->
+
+<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
+<?xml-stylesheet href="chrome://messenger/skin/dialogs.css" type="text/css"?>
+<?xml-stylesheet href="chrome://openpgp/content/ui/keyPicker.css" type="text/css"?>
+<?xml-stylesheet type="text/css" href="chrome://messenger/skin/input-fields.css"?>
+
+<window id="keyPickerDialog"
+        xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
+        xmlns:html="http://www.w3.org/1999/xhtml"
+        data-l10n-id="key-picker-window"
+        data-l10n-attrs="title, style"
+        onload="gKeyPicker.onLoad();"
+        persist="screenX screenY width height">
+
+  <linkset>
+    <html:link rel="localization" href="openpgp/content/ui/keyPicker.ftl"/>
+  </linkset>
+
+  <script src="chrome://openpgp/content/ui/keyPicker.js"/>
+
+  <vbox class="contentPane">
+    <label id="keyPickerText" data-l10n-id="key-picker-intro" flex="1" value="initial value"/>
+    <separator class="thin"/>
+    <label id="identityAddress" flex="1"/>
+    <listheader>
+      <treecol id="userID" data-l10n-id="key-picker-user-id" flex="4"/>
+      <treecol id="keyID" data-l10n-id="key-picker-key-id" flex="2"/>
+      <treecol id="keyCreated" data-l10n-id="key-picker-key-created" flex="1"
+               data-isCurrentSortCol="true"/>
+      <treecol id="keyExpiration" data-l10n-id="key-picker-key-expiration" flex="1"
+               data-isCurrentSortCol="true"/>
+    </listheader>
+    <richlistbox id="keyIDBox" flex="1" selected="true"/>
+  </vbox>
+
+
+  <spacer flex="1"/>
+  <hbox class="actionButtons" pack="end">
+    <button oncommand="window.close();" icon="close"
+            data-l10n-id="key-picker-button-cancel"/>
+    <button id="btnApplyChanges" oncommand="gKeyPicker.onApplyChanges();" icon="save"
+            data-l10n-id="key-picker-button-ok"/>
+  </hbox>
+</window>
--- a/mail/extensions/openpgp/jar.mn
+++ b/mail/extensions/openpgp/jar.mn
@@ -1,23 +1,26 @@
+#filter substitution
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 openpgp.jar:
 % content openpgp %content/openpgp/
   content/openpgp/BondOpenPGP.jsm              (content/BondOpenPGP.jsm)
   content/openpgp/modules                      (content/modules/*.js*)
   content/openpgp/modules/stdlib               (content/modules/stdlib/*.js*)
   content/openpgp/modules/cryptoAPI            (content/modules/cryptoAPI/*.js*)
   content/openpgp/strings/enigmail.properties  (content/strings/enigmail.properties)
   content/openpgp/strings/enigmail.dtd         (content/strings/enigmail.dtd)
   content/openpgp/strings/bond.dtd             (content/strings/bond.dtd)
-  content/openpgp/ui                           (content/ui/*)
+  content/openpgp/ui                           (content/ui/*.js)
+  content/openpgp/ui                           (content/ui/*.xhtml)
+  content/openpgp/ui                           (content/ui/*.css)
 % skin openpgp classic/1.0 %skin/tb-mac/ os=Darwin
 % skin openpgp classic/1.0 %skin/tb-win/ os=WINNT
 % skin openpgp classic/1.0 %skin/tb-linux/
   skin/tb-mac                                  (skin/tb-mac/*)
   skin/tb-win                                  (skin/tb-win/*)
   skin/tb-linux                                (skin/tb-linux/*)
-  am-enigprefs.properties                      (content/strings/am-enigprefs.properties)
-  content/openpgp/am-enigprefs.xhtml           (content/am-enigprefs.xhtml)
 
+[localization] @AB_CD@.jar:
+  openpgp/content/ui/keyPicker.ftl             (content/ui/keyPicker.ftl)
--- a/mail/extensions/openpgp/locale/jar.mn
+++ b/mail/extensions/openpgp/locale/jar.mn
@@ -1,10 +1,6 @@
 #filter substitution
 
 #openpgp.jar:
 #% locale openpgp @AB_CD@ %
 #  locale/openpgp/enigmail.properties  (%enigmail.properties)
 #  locale/openpgp/enigmail.dtd         (%enigmail.dtd)
-
-
-#@AB_CD@.jar:
-#  locale/@AB_CD@/messenger/am-enigprefs.properties  (%am-enigprefs.properties)
--- a/mail/extensions/openpgp/moz.build
+++ b/mail/extensions/openpgp/moz.build
@@ -2,12 +2,8 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 JAR_MANIFESTS += ['jar.mn']
 
 #DIRS += [
 #    'locale',
 #]
-
-JS_PREFERENCE_FILES += [
-    'prefs/openpgp-prefs.js',
-]
--- a/mail/extensions/smime/jar.mn
+++ b/mail/extensions/smime/jar.mn
@@ -1,18 +1,16 @@
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 messenger.jar:
 % content messenger-smime %content/messenger-smime/
    content/messenger-smime/msgCompSMIMEOverlay.js                   (content/msgCompSMIMEOverlay.js)
    content/messenger-smime/msgHdrViewSMIMEOverlay.js                (content/msgHdrViewSMIMEOverlay.js)
-*  content/messenger/am-smime.xhtml                                 (../../../mailnews/extensions/smime/content/am-smime.xhtml)
-   content/messenger/am-smime.js                                    (../../../mailnews/extensions/smime/content/am-smime.js)
    content/messenger/certpicker.js                                  (../../../mailnews/extensions/smime/content/certpicker.js)
    content/messenger/certpicker.xhtml                               (../../../mailnews/extensions/smime/content/certpicker.xhtml)
    content/messenger-smime/msgReadSMIMEOverlay.js                   (../../../mailnews/extensions/smime/content/msgReadSMIMEOverlay.js)
    content/messenger-smime/msgCompSecurityInfo.js                   (../../../mailnews/extensions/smime/content/msgCompSecurityInfo.js)
    content/messenger-smime/msgCompSecurityInfo.xhtml                (../../../mailnews/extensions/smime/content/msgCompSecurityInfo.xhtml)
    content/messenger-smime/msgReadSecurityInfo.xhtml                (../../../mailnews/extensions/smime/content/msgReadSecurityInfo.xhtml)
    content/messenger-smime/msgReadSecurityInfo.js                   (../../../mailnews/extensions/smime/content/msgReadSecurityInfo.js)
    content/messenger-smime/certFetchingStatus.xhtml                 (../../../mailnews/extensions/smime/content/certFetchingStatus.xhtml)
--- a/mail/installer/package-manifest.in
+++ b/mail/installer/package-manifest.in
@@ -272,17 +272,17 @@
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
 ; default pref files
 @RESPATH@/defaults/pref/all-thunderbird.js
 @RESPATH@/defaults/pref/channel-prefs.js
 @RESPATH@/defaults/pref/composer.js
 @RESPATH@/defaults/pref/mailnews.js
 @RESPATH@/defaults/pref/mdn.js
-@RESPATH@/defaults/pref/smime.js
+@RESPATH@/defaults/pref/e2e-prefs.js
 @RESPATH@/defaults/pref/thunderbird-branding.js
 @RESPATH@/defaults/permissions
 @RESPATH@/defaults/settings/blocklists
 @RESPATH@/defaults/settings/pinning
 @RESPATH@/defaults/settings/main
 @RESPATH@/greprefs.js
 
 #ifdef MOZ_OPENPGP
deleted file mode 100644
--- a/mail/locales/en-US/chrome/messenger-smime/msgCompSMIMEOverlay.properties
+++ /dev/null
@@ -1,6 +0,0 @@
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-## S/MIME mail compose window error strings.
-NeedSetup=You need to set up one or more personal certificates before you can use this security feature. Would you like to do so now?
new file mode 100644
--- /dev/null
+++ b/mail/locales/en-US/chrome/messenger/am-e2e.properties
@@ -0,0 +1,5 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+prefPanel-e2e=End-To-End Encryption
--- a/mail/locales/en-US/chrome/messenger/am-smime.dtd
+++ b/mail/locales/en-US/chrome/messenger/am-smime.dtd
@@ -1,37 +1,57 @@
 <!-- This Source Code Form is subject to the terms of the Mozilla Public
    - License, v. 2.0. If a copy of the MPL was not distributed with this
    - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
 
-<!ENTITY securityTitle.label "Security">
-<!ENTITY securityTab.label "Security">
-<!ENTITY securityHeading.label "To send and receive signed or encrypted messages, you should specify both a digital signing certificate and an encryption certificate.">
-<!ENTITY encryptionGroupTitle.label "Encryption">
-<!ENTITY encryptionChoiceLabel.label "Default encryption setting when sending messages:">
-<!ENTITY neverEncrypt.label "Never (do not use encryption)">
-<!ENTITY neverEncrypt.accesskey "N">
-<!ENTITY alwaysEncryptMessage.label "Required (can't send message unless all recipients have certificates)">
-<!ENTITY alwaysEncryptMessage.accesskey "u">
-<!ENTITY encryptionCert.message "Use this certificate to encrypt &amp; decrypt messages sent to you:">
+<!ENTITY e2eTitle.label "End-To-End Encryption">
+<!ENTITY e2eIntro.description "To send encrypted or digitally signed messages, you need to configure an encryption technology, either OpenPGP or S/MIME.">
+<!ENTITY e2eLearnMore.label "Learn more">
+
+<!ENTITY e2eEnc.description "Without end-to-end encryption the contents of messages are easily exposed to your email provider and to mass surveillance.">
+<!ENTITY e2eeReqWarning.description "If you require encryption, to send a message you must have the public key or certificate of every recipient.">
+
+<!ENTITY e2eSigning.description "A digital signature allows recipients to verify the message was sent by you, and that the content has not been changed.">
+<!ENTITY e2eTechPref.description "Preferred encryption technology:">
+
+<!ENTITY doNotEncrypt.label "Do not enable encryption by default">
+<!ENTITY doNotEncrypt.accesskey "N">
+<!ENTITY requireEncryptMessage.label "Require encryption by default">
+<!ENTITY requireEncryptMessage.accesskey "u">
+<!ENTITY encryptionCert2.message "Personal certificate for encryption:">
 <!ENTITY digitalSign.certificate.button "Select…">
 <!ENTITY digitalSign.certificate.accesskey "S">
 <!ENTITY digitalSign.certificate_clear.button "Clear">
 <!ENTITY digitalSign.certificate_clear.accesskey "C">
 <!ENTITY encryption.certificate.button "Select…">
 <!ENTITY encryption.certificate.accesskey "t">
 <!ENTITY encryption.certificate_clear.button "Clear">
 <!ENTITY encryption.certificate_clear.accesskey "e">
 <!ENTITY signingGroupTitle.label "Digital Signing">
-<!ENTITY signMessage.label "Digitally sign messages (by default)">
+<!ENTITY signMessage2.label "Add my digital signature by default">
 <!ENTITY signMessage.accesskey "D">
-<!ENTITY signingCert.message "Use this certificate to digitally sign messages you send:">
+<!ENTITY signingCert2.message "Personal certificate for digital signing:">
+
+<!ENTITY sendingDefaults.label "Default settings for sending messages">
+
+<!ENTITY technologyAutomatic.label "Select automatically based on available keys or certificates">
 
-<!ENTITY certificates.label "Certificates">
-<!ENTITY manageCerts2.label "Manage Certificates">
-<!ENTITY manageCerts2.accesskey "M">
-<!ENTITY manageDevices.label "Security Devices">
-<!ENTITY manageDevices.accesskey "y">
+<!ENTITY certificates2.label "S/MIME">
+<!ENTITY manageCerts3.label "Manage S/MIME Certificates">
+<!ENTITY manageCerts3.accesskey "M">
+<!ENTITY manageDevices2.label "S/MIME Security Devices">
+<!ENTITY manageDevices2.accesskey "y">
+
+<!ENTITY technologySMIME.label "Prefer S/MIME">
+<!ENTITY technologyOpenPGP.label "Prefer OpenPGP">
+
+<!ENTITY openpgpKeys.label "OpenPGP">
+<!ENTITY manageKeys.label "Manage OpenPGP Keys">
+<!ENTITY manageKeys.accesskey "K">
 
 <!-- Strings for the cert picker dialog -->
 <!ENTITY certPicker.title "Select Certificate">
 <!ENTITY certPicker.info  "Certificate:">
 <!ENTITY certPicker.detailsLabel "Details of selected certificate:">
+
+<!ENTITY openpgpKey.message "Personal key for encryption and digital signing:">
+<!ENTITY openpgpKey.button "Set Personal Key…">
+<!ENTITY openpgpKey.accesskey "o">
--- a/mail/locales/en-US/chrome/messenger/am-smime.properties
+++ b/mail/locales/en-US/chrome/messenger/am-smime.properties
@@ -6,17 +6,16 @@
 ## Note to localization: %S is a placeholder
 NoSenderSigningCert=You specified that this message should be digitally signed, but the application either failed to find the signing certificate specified in your Mail & Newsgroup Account Settings, or the certificate has expired.
 NoSenderEncryptionCert=You specified encryption for this message, but the application either failed to find the encryption certificate specified in your Mail & Newsgroup Account Settings, or the certificate has expired.
 MissingRecipientEncryptionCert=You specified encryption for this message, but the application failed to find an encryption certificate for %S.
 ErrorEncryptMail=Unable to encrypt message. Please check that you have a valid email certificate for each recipient. Please check that the certificates specified in Mail & Newsgroups Account Settings for this mail account are valid and trusted for mail.
 ErrorCanNotSignMail=Unable to sign message. Please check that the certificates specified in Mail & Newsgroups Account Settings for this mail account are valid and trusted for mail.
 
 ## Strings used for in the prefs.
-prefPanel-smime=Security
 NoSigningCert=Certificate Manager can't locate a valid certificate that can be used to digitally sign your messages.
 NoSigningCertForThisAddress=Certificate Manager can't locate a valid certificate that can be used to digitally sign your messages with an address of <%S>.
 NoEncryptionCert=Certificate Manager can't locate a valid certificate that other people can use to send you encrypted email messages.
 NoEncryptionCertForThisAddress=Certificate Manager can't locate a valid certificate that other people can use to send you encrypted email messages to the address <%S>.
 
 encryption_needCertWantSame=You should also specify a certificate for other people to use when they send you encrypted messages. Do you want to use the same certificate to encrypt & decrypt messages sent to you?
 encryption_wantSame=Do you want to use the same certificate to encrypt & decrypt messages sent to you?
 encryption_needCertWantToSelect=You should also specify a certificate for other people to use when they send you encrypted messages. Do you want to configure an encryption certificate now?
--- a/mail/locales/jar.mn
+++ b/mail/locales/jar.mn
@@ -70,16 +70,17 @@
   locale/@AB_CD@/messenger/am-identity-edit.dtd                         (%chrome/messenger/am-identity-edit.dtd)
   locale/@AB_CD@/messenger/am-im.dtd                                    (%chrome/messenger/am-im.dtd)
   locale/@AB_CD@/messenger/am-serverwithnoidentities.dtd                (%chrome/messenger/am-serverwithnoidentities.dtd)
   locale/@AB_CD@/messenger/am-junk.dtd                                  (%chrome/messenger/am-junk.dtd)
   locale/@AB_CD@/messenger/prefs.properties                             (%chrome/messenger/prefs.properties)
   locale/@AB_CD@/messenger/smtpEditOverlay.dtd                          (%chrome/messenger/smtpEditOverlay.dtd)
   locale/@AB_CD@/messenger/am-smime.dtd                                 (%chrome/messenger/am-smime.dtd)
   locale/@AB_CD@/messenger/am-smime.properties                          (%chrome/messenger/am-smime.properties)
+  locale/@AB_CD@/messenger/am-e2e.properties                            (%chrome/messenger/am-e2e.properties)
   locale/@AB_CD@/messenger/removeAccount.dtd                            (%chrome/messenger/removeAccount.dtd)
   locale/@AB_CD@/messenger/removeAccount.properties                     (%chrome/messenger/removeAccount.properties)
   locale/@AB_CD@/messenger/messenger.properties                         (%chrome/messenger/messenger.properties)
   locale/@AB_CD@/messenger/newFolderDialog.dtd                          (%chrome/messenger/newFolderDialog.dtd)
   locale/@AB_CD@/messenger/newTagDialog.dtd                             (%chrome/messenger/newTagDialog.dtd)
   locale/@AB_CD@/messenger/renameFolderDialog.dtd                       (%chrome/messenger/renameFolderDialog.dtd)
   locale/@AB_CD@/messenger/folderpane.dtd                               (%chrome/messenger/folderpane.dtd)
   locale/@AB_CD@/messenger/folderProps.dtd                              (%chrome/messenger/folderProps.dtd)
@@ -236,17 +237,16 @@
 % locale messenger-mapi @AB_CD@ %locale/@AB_CD@/messenger-mapi/
   locale/@AB_CD@/messenger-mapi/mapi.properties                         (%chrome/messenger-mapi/mapi.properties)
 % locale messenger-newsblog @AB_CD@ %locale/@AB_CD@/messenger-newsblog/
   locale/@AB_CD@/messenger-newsblog/newsblog.properties                 (%chrome/messenger-newsblog/newsblog.properties)
   locale/@AB_CD@/messenger-newsblog/feed-subscriptions.dtd              (%chrome/messenger-newsblog/feed-subscriptions.dtd)
   locale/@AB_CD@/messenger-newsblog/am-newsblog.dtd                     (%chrome/messenger-newsblog/am-newsblog.dtd)
 % locale messenger-smime @AB_CD@ %locale/@AB_CD@/messenger-smime/
   locale/@AB_CD@/messenger-smime/msgCompSMIMEOverlay.dtd                (%chrome/messenger-smime/msgCompSMIMEOverlay.dtd)
-  locale/@AB_CD@/messenger-smime/msgCompSMIMEOverlay.properties         (%chrome/messenger-smime/msgCompSMIMEOverlay.properties)
   locale/@AB_CD@/messenger-smime/msgReadSMIMEOverlay.dtd                (%chrome/messenger-smime/msgReadSMIMEOverlay.dtd)
   locale/@AB_CD@/messenger-smime/msgReadSMIMEOverlay.properties         (%chrome/messenger-smime/msgReadSMIMEOverlay.properties)
   locale/@AB_CD@/messenger-smime/msgCompSecurityInfo.dtd                (%chrome/messenger-smime/msgCompSecurityInfo.dtd)
   locale/@AB_CD@/messenger-smime/msgCompSecurityInfo.properties         (%chrome/messenger-smime/msgCompSecurityInfo.properties)
   locale/@AB_CD@/messenger-smime/msgReadSecurityInfo.dtd                (%chrome/messenger-smime/msgReadSecurityInfo.dtd)
   locale/@AB_CD@/messenger-smime/certFetchingStatus.dtd                 (%chrome/messenger-smime/certFetchingStatus.dtd)
   locale/@AB_CD@/messenger-smime/msgSecurityInfo.properties             (%chrome/messenger-smime/msgSecurityInfo.properties)
 % locale messenger-region @AB_CD@ %locale/@AB_CD@/messenger-region/
--- a/mailnews/base/prefs/content/am-help.js
+++ b/mailnews/base/prefs/content/am-help.js
@@ -17,17 +17,17 @@
 var pageTagPairs = {
   "chrome://messenger/content/am-main.xhtml": "mail_account_identity",
   "chrome://messenger/content/am-server.xhtml": "mail",
   "chrome://messenger/content/am-copies.xhtml": "mail_copies",
   "chrome://messenger/content/am-addressing.xhtml": "mail_addressing_settings",
   "chrome://messenger/content/am-junk.xhtml": "mail-account-junk",
   "chrome://messenger/content/am-offline.xhtml": "mail-offline-accounts",
   "chrome://messenger/content/am-smtp.xhtml": "mail_smtp",
-  "chrome://messenger/content/am-smime.xhtml": "mail_security_settings",
+  "chrome://messenger/content/am-e2e.xhtml": "mail_security_settings",
   "chrome://messenger/content/am-serverwithnoidentities.xhtml":
     "mail_local_folders_settings",
   "chrome://messenger/content/am-mdn.xhtml": "mail-account-receipts",
 };
 
 function doHelpButton() {
   // Get the URI of the page loaded in the AccountManager's content frame.
   var pageSourceURI = top.frames.contentFrame.location.href;
--- a/mailnews/base/prefs/content/am-identity-edit.xhtml
+++ b/mailnews/base/prefs/content/am-identity-edit.xhtml
@@ -11,18 +11,18 @@
 <!ENTITY % identityEditDTD SYSTEM "chrome://messenger/locale/am-identity-edit.dtd" >
 %identityEditDTD;
 <!ENTITY % identityDTD SYSTEM "chrome://messenger/locale/am-main.dtd" >
 %identityDTD;
 <!ENTITY % copiesDTD SYSTEM "chrome://messenger/locale/am-copies.dtd">
 %copiesDTD;
 <!ENTITY % addressingDTD SYSTEM "chrome://messenger/locale/am-addressing.dtd" >
 %addressingDTD;
-<!ENTITY % smimeDTD SYSTEM "chrome://messenger/locale/am-smime.dtd" >
-%smimeDTD;
+<!ENTITY % e2eDTD SYSTEM "chrome://messenger/locale/am-smime.dtd" >
+%e2eDTD;
 ]>
 
 <window xmlns:html="http://www.w3.org/1999/xhtml"
         xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
         onload="onLoadIdentityProperties();"
         style="width: 75ch; height: 56em;">
 <dialog id="identityDialog">
   <stringbundle id="bundle_prefs"
@@ -32,32 +32,32 @@
 
   <script src="chrome://global/content/globalOverlay.js"/>
   <script src="chrome://global/content/editMenuOverlay.js"/>
   <script src="chrome://messenger/content/am-prefs.js"/>
   <script src="chrome://messenger/content/am-identity-edit.js"/>
   <script src="chrome://messenger/content/amUtils.js"/>
   <script src="chrome://messenger/content/am-copies.js"/>
   <script src="chrome://messenger/content/am-addressing.js"/>
-  <script src="chrome://messenger/content/am-smime.js"/>
+  <script src="chrome://messenger/content/am-e2e.js"/>
   <script>
   <![CDATA[
-    window.addEventListener("load", smimeOnLoadEditor, false);
+    window.addEventListener("load", e2eOnLoadEditor, false);
   ]]>
   </script>
 
   <description>&identityListDesc.label;</description>
   <separator class="thin"/>
 
   <tabbox flex="1" style="overflow: auto;">
     <tabs id="identitySettings">
       <tab label="&settingsTab.label;"/>
       <tab label="&copiesFoldersTab.label;"/>
       <tab label="&addressingTab.label;"/>
-      <tab label="&securityTab.label;"/>
+      <tab label="&e2eTitle.label;"/>
     </tabs>
 
     <tabpanels id="identityTabsPanels" flex="1">
       <!-- Identity Settings Tab -->
       <vbox flex="1" name="settings">
         <html:fieldset>
           <html:legend>&publicData.label;</html:legend>
           <html:table class="identity-table">
@@ -205,14 +205,14 @@
 
       <!-- Copies & Folders Tab -->
 #include am-copies.inc.xhtml
 
       <!-- Composition & Addressing Tab -->
 #include am-addressing.inc.xhtml
 
       <!-- Security Tab -->
-#include ../../../extensions/smime/content/am-smime.inc.xhtml
+#include ../../../../mail/extensions/am-e2e/am-e2e.inc.xhtml
 
     </tabpanels>
   </tabbox>
 </dialog>
 </window>
--- a/mailnews/extensions/smime/content/certpicker.xhtml
+++ b/mailnews/extensions/smime/content/certpicker.xhtml
@@ -1,18 +1,18 @@
 <?xml version="1.0"?>
 <!-- This Source Code Form is subject to the terms of the Mozilla Public
    - License, v. 2.0. If a copy of the MPL was not distributed with this
    - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
 
 <?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
 
 <!DOCTYPE window [
-<!ENTITY % amSMIMEDTD SYSTEM "chrome://messenger/locale/am-smime.dtd" >
-%amSMIMEDTD;
+<!ENTITY % amE2EDTD SYSTEM "chrome://messenger/locale/am-smime.dtd" >
+%amE2EDTD;
 ]>
 
 <window title="&certPicker.title;"
         xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
         xmlns:html="http://www.w3.org/1999/xhtml"
         style="width: 50em;"
         onload="onLoad();">
 <dialog id="certPicker"
deleted file mode 100644
--- a/mailnews/extensions/smime/content/smime.js
+++ /dev/null
@@ -1,12 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-/*
-   Add any default pref values we want for smime
-*/
-
-pref("mail.identity.default.encryption_cert_name", "");
-pref("mail.identity.default.encryptionpolicy", 0);
-pref("mail.identity.default.signing_cert_name", "");
-pref("mail.identity.default.sign_mail", false);
--- a/mailnews/extensions/smime/moz.build
+++ b/mailnews/extensions/smime/moz.build
@@ -3,11 +3,8 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 DIRS += [
     'public',
     'src',
 ]
 
-JS_PREFERENCE_FILES += [
-    'content/smime.js',
-]
--- a/mailnews/extensions/smime/src/moz.build
+++ b/mailnews/extensions/smime/src/moz.build
@@ -5,22 +5,14 @@
 
 SOURCES += [
     'nsCertPicker.cpp',
     'nsEncryptedSMIMEURIsService.cpp',
     'nsMsgComposeSecure.cpp',
     'nsSMimeJSHelper.cpp',
 ]
 
-EXTRA_JS_MODULES += [
-    'SMIMEService.jsm',
-]
-
-XPCOM_MANIFESTS += [
-    'components.conf',
-]
-
 FINAL_LIBRARY = 'mail'
 
 LOCAL_INCLUDES += [
     '/%s/security/manager/pki' % CONFIG['mozreltopsrcdir'],
     '/%s/security/manager/ssl' % CONFIG['mozreltopsrcdir']
 ]