This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Encrypted email shows up decrypted when recieved from collegues account where it was sent to, w/o his private cert installed

  • 3 replies
  • 1 has this problem
  • 7 views
  • Last reply by Matt

more options

I have 2 email accounts in Thunderbird 24.5.0. Account 1: My Account, s/mime and certs properly setup for signature/encryption Account 2: Collegues Account, no s/mime etc. set up, no private cert installed in thunderbird. He has his certificates of course.

When I send an encrypted email from my account (1) to my collegues account (2), and I receive this email from his account (2) in my Thunderbird it comes up _de_crypted in my inbox. How is that possible w/o having his private certificate installed? Also in certificate manager I only have my certificates installed. Also in the sent box the message shows up decrypted, but source only shows the encrypted message.

If I understood encryption properly I use his public key/cert (wich I automatically get from a server) to encrypt a message to him. This message can only be decrypted using his private key/cert. Without me having his private key/cert installed I, as for my understanding, should not be able to read the email I have sent to him when I receive it in my thunderbird (ir in sent items)?

Is TB somehow recognizing that I myself had the message encrypted and therefor displays it decrypted when I receive it from my collegues account? It shows the message in clear text in send objects too even though the source is encrypted. What mechanism is behind that? Again, w/o my collegues private cert/key I should, as for my understanding, not be able to read the mail, neither in sent nor inbox...

Thanks a lot, Oliver

I have 2 email accounts in Thunderbird 24.5.0. Account 1: My Account, s/mime and certs properly setup for signature/encryption Account 2: Collegues Account, no s/mime etc. set up, no private cert installed in thunderbird. He has his certificates of course. When I send an encrypted email from my account (1) to my collegues account (2), and I receive this email from his account (2) in my Thunderbird it comes up _de_crypted in my inbox. How is that possible w/o having his private certificate installed? Also in certificate manager I only have my certificates installed. Also in the sent box the message shows up decrypted, but source only shows the encrypted message. If I understood encryption properly I use his public key/cert (wich I automatically get from a server) to encrypt a message to him. This message can only be decrypted using his private key/cert. Without me having his private key/cert installed I, as for my understanding, should not be able to read the email I have sent to him when I receive it in my thunderbird (ir in sent items)? Is TB somehow recognizing that I myself had the message encrypted and therefor displays it decrypted when I receive it from my collegues account? It shows the message in clear text in send objects too even though the source is encrypted. What mechanism is behind that? Again, w/o my collegues private cert/key I should, as for my understanding, not be able to read the mail, neither in sent nor inbox... Thanks a lot, Oliver

Modified by OliverBN

All Replies (3)

more options

you are aware certificates are added automatically upon receipt? ie digitally signed mail adds the certificate when viewed. You obviously have your friends certificate installed, as you can not encrypt a message without is being already installed. The encryption uses their public key.

more options

Hi Matt,

I'm fully aware that I use my collegues public key to encrypt the message I send to him. But I would need his private key to display it decrypted. However when receive an email from his account, wich was sent from mine and encrypted with his public key from my side, it shows the decrypted message in my inbox and sent items. How does TB display the decrypted message from my collegues account w/o me having his private cert? If one could decrypt the public key encrypted message with the public key it would render the encryption system useless. So TB must store the pre-encrypted message somewhere and recognize, upon receiving it, that its actually the same message sent from the same thunderbird installation.

I assume that based on the following: When I send an email from my collegues computer from his account to his account and encrypt it, it shows the expected "message can't be decrypted"-message when I receive it on my computer. So the reason for displaying the decrypted/non-encrypted message must be that TB stored the uncrypted content somewhere and recognize it's the same email upon receive.

Greets, Oliver

more options

it would be in the sent folder.