[MlMt] S/MIME Encryption

[Benny Kjær Nielsen]

On 17 Feb 2017, at 10:16, Robert M. Münch wrote:

>> No, but when you sign a message then the recipient gains the ability 
>> to encrypt messages to you if they add your certificate to the 
>> keychain.
>
> I think in S/MIME exist different types of certificates as I own one 
> for signing but that can't be used for encryption. Not sure how this 
> is handled.

This is not a problem when signing, but when encrypting then the message 
also needs to be encrypted for you (since otherwise you cannot view the 
message later on). MailMate cannot do this without a certificate 
available for doing encryption.

> What is strange is this: I received an email where MM stated that it 
> was successfully S/MIME decrypted. But I don't have any S/MIME 
> encrypting certificate.

Your signing certificate must have been used to encrypt the message by 
the sender (I don't think this is technically a problem, but I don't 
think it is strictly correct behavior).

MailMate has also not been very good at checking whether or not 
certificates were marked for use for signing/encryption, but *I think* 
the latest releases do respect this.

> So I'm wondering why MM displays this message. Further I don't have a 
> clue how the one who send me the email would have gained access to my 
> S/MIME certificates.

They get your certificate if you have sent a signed message to him/her.

>> I think this happens automatically in Apple Mail. In MailMate you 
>> have to explicitly add it to the keychain.
>
> How do I add this to the keychain? Can I access the certificate 
> anyhow?

Click on “Show Details” and then “Add to Keychain”.

>>> 2. Answering the email with encryption & signing doesn't work. I 
>>> get: "Failed to find valid certificate to encrypt for 
>>> xyz.xyz at abc.com. The specified item could not be found in the 
>>> keychain. Error code: -25300" (Note: This text is shown twice). But 
>>> I can see the certificate for the recipient in one of my keychains.
>>
>> The error code means that it couldn't find a valid certificate.
>
> For whom? For me or the guy I'm going to send an email to?

For the one with the email address `xyz.xyz at abc.com`.

>> S/MIME and OpenPGP users should update to the latest test release 
>> (r5346). I've made several changes which I would like to have tested 
>> including an important bug fix for S/MIME (which I would like to 
>> release soon).
>
> Ok, will do.

Thanks!

-- 
Benny
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freron.com/pipermail/mailmate/attachments/20170217/a70e076d/attachment.html>