This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

S/MIME messages not decrypting

  • 5 replies
  • 1 has this problem
  • 3 views
  • Last reply by waiwaing

more options

I have a work email address which forwards some of my emails to my personal email account. Thunderbird is setup to access my personal account, but not my work account. Because some of my emails (e.g. payslips) are encrypted using S/MIME, I imported my PFX file into Thunderbird. Historically, Thunderbird has then decrypted the encrypted S/MIME emails.

Recently, Thunderbird has stopped decrypting any of these emails, including emails that it used to decrypt without a problem. The certificate is still in the Certificate Manager, so I'm not sure as to what has happened.

The only thing I can imagine is that the certificate is for my work email address (not my personal email address), and for some reason, Thunderbird is now comparing the recipient email address and the certificate email address, realises that they don't match, and is thus not attempting to decrypt.

Does anyone know if (1) this is in fact the case, (2) if so, if there are any recommended workarounds, or (3) if not, what might be the real problem here?

I have a work email address which forwards some of my emails to my personal email account. Thunderbird is setup to access my personal account, but not my work account. Because some of my emails (e.g. payslips) are encrypted using S/MIME, I imported my PFX file into Thunderbird. Historically, Thunderbird has then decrypted the encrypted S/MIME emails. Recently, Thunderbird has stopped decrypting any of these emails, including emails that it used to decrypt without a problem. The certificate is still in the Certificate Manager, so I'm not sure as to what has happened. The only thing I can imagine is that the certificate is for my work email address (not my personal email address), and for some reason, Thunderbird is now comparing the recipient email address and the certificate email address, realises that they don't match, and is thus not attempting to decrypt. Does anyone know if (1) this is in fact the case, (2) if so, if there are any recommended workarounds, or (3) if not, what might be the real problem here?

All Replies (5)

more options

Perhaps you need to forward your messages in an unencrypted form. It sounds like a bug to me that it ever worked at all.

more options
I have a work email address which forwards some of my emails to my personal email account.

Presumably you're using a different email client than Thunderbird to forward the message. How do you do that? When you have the message open for editing it obviously must be in the clear. To which cert do you encrypt when forwarding it? Or do you attach the encrypted message as is to an otherwise clear text email? Please elaborate.

Thunderbird has stopped decrypting any of these emails, including emails that it used to decrypt without a problem.

I'd assume there's some sort of error message?

more options

It's forwarded as an attachment to an unencrypted email. Because it's done as an Exchange rule, I don't believe there's a way to decrypt before forwarding (as the Exchange server won't have access to the certificate).

There isn't an error message, it just presents the attachment as it would any other attachment, whereas it used to decrypt the attached email inline.

more options

I have never tried that. Nor do I have any idea what format the Exchange server uses to forward the message as an attachment. There may have been changes on the Exchange server causing the behavior you see. For encrypted attachments you'd typically right-click the attachment, and then use 'Decrypt and Save'. In any case, you'd need the private key to decrypt the message.

more options

Exchange forwards the email as an application/pkcs7-mime attachment.

It doesn't seem to be an Exchange problem, as Thunderbird no longer decrypts messages it used to (i.e. a message received months ago, which Thunderbird used to successfully decrypt, now remains encrypted).

There also isn't a "Decrypt and Save" option--I only have "Open" (which prompts me to choose an application), "Save As...", "Detach..." and "Delete".

I appreciate that the old behavior may have been a bug (though I'm hoping it's not as it was quite useful); I'm just a little surprised that if it was, there aren't any obvious release notes pointing it out.