We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

S/MIME messages not decrypting

  • 5 回覆
  • 1 有這個問題
  • 18 次檢視
  • 最近回覆由 waiwaing

more options

I have a work email address which forwards some of my emails to my personal email account. Thunderbird is setup to access my personal account, but not my work account. Because some of my emails (e.g. payslips) are encrypted using S/MIME, I imported my PFX file into Thunderbird. Historically, Thunderbird has then decrypted the encrypted S/MIME emails.

Recently, Thunderbird has stopped decrypting any of these emails, including emails that it used to decrypt without a problem. The certificate is still in the Certificate Manager, so I'm not sure as to what has happened.

The only thing I can imagine is that the certificate is for my work email address (not my personal email address), and for some reason, Thunderbird is now comparing the recipient email address and the certificate email address, realises that they don't match, and is thus not attempting to decrypt.

Does anyone know if (1) this is in fact the case, (2) if so, if there are any recommended workarounds, or (3) if not, what might be the real problem here?

I have a work email address which forwards some of my emails to my personal email account. Thunderbird is setup to access my personal account, but not my work account. Because some of my emails (e.g. payslips) are encrypted using S/MIME, I imported my PFX file into Thunderbird. Historically, Thunderbird has then decrypted the encrypted S/MIME emails. Recently, Thunderbird has stopped decrypting any of these emails, including emails that it used to decrypt without a problem. The certificate is still in the Certificate Manager, so I'm not sure as to what has happened. The only thing I can imagine is that the certificate is for my work email address (not my personal email address), and for some reason, Thunderbird is now comparing the recipient email address and the certificate email address, realises that they don't match, and is thus not attempting to decrypt. Does anyone know if (1) this is in fact the case, (2) if so, if there are any recommended workarounds, or (3) if not, what might be the real problem here?

所有回覆 (5)

more options

Perhaps you need to forward your messages in an unencrypted form. It sounds like a bug to me that it ever worked at all.

more options
I have a work email address which forwards some of my emails to my personal email account.

Presumably you're using a different email client than Thunderbird to forward the message. How do you do that? When you have the message open for editing it obviously must be in the clear. To which cert do you encrypt when forwarding it? Or do you attach the encrypted message as is to an otherwise clear text email? Please elaborate.

Thunderbird has stopped decrypting any of these emails, including emails that it used to decrypt without a problem.

I'd assume there's some sort of error message?

more options

It's forwarded as an attachment to an unencrypted email. Because it's done as an Exchange rule, I don't believe there's a way to decrypt before forwarding (as the Exchange server won't have access to the certificate).

There isn't an error message, it just presents the attachment as it would any other attachment, whereas it used to decrypt the attached email inline.

more options

I have never tried that. Nor do I have any idea what format the Exchange server uses to forward the message as an attachment. There may have been changes on the Exchange server causing the behavior you see. For encrypted attachments you'd typically right-click the attachment, and then use 'Decrypt and Save'. In any case, you'd need the private key to decrypt the message.

more options

Exchange forwards the email as an application/pkcs7-mime attachment.

It doesn't seem to be an Exchange problem, as Thunderbird no longer decrypts messages it used to (i.e. a message received months ago, which Thunderbird used to successfully decrypt, now remains encrypted).

There also isn't a "Decrypt and Save" option--I only have "Open" (which prompts me to choose an application), "Save As...", "Detach..." and "Delete".

I appreciate that the old behavior may have been a bug (though I'm hoping it's not as it was quite useful); I'm just a little surprised that if it was, there aren't any obvious release notes pointing it out.