[MlMt] S/MIME (expired) certificate handling

[Robert M. Münch]

06-Jan-2026 -- 12:29 -- Sebastian Hagedorn:

>> 1. How does MM handle old emails sent to me? Are those decrypted on receive and then stored unencrypted? Does MM need to have access to the expired certificate?
>
> The latter.

Thanks for confirming, that's what I expected.

>> 2. How does MM select the appropriate certificate? Do I have to delete the old one? Does MM only search for a valid one?
>
> There a multiple ways. You can use Keychain Access to choose the valid one, or you can enter it into MailMate's Security.plist:
>
> {
>     map = (
>     	{
>     		address = "xxx at test.de";
>     		serial = "25 0E 3A 33 6D 11 4C 0E A2 FD F6 AD 6A 36 A5 FB";
>     	},
>     );
> }

Thanks again.

I used the Keychain Access way (for reference: right-click certificate, New Identity Preference). So, this email should already use my newer certificate.

One question regarding the .plist file. I see some use the format as you posted, and some are XML files. Is there any rule that format MM expects, or are both valid?

--

Robert M. Münch
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freron.com/pipermail/mailmate/attachments/20260106/eefa9382/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4076 bytes
Desc: S/MIME digital signature
URL: <http://lists.freron.com/pipermail/mailmate/attachments/20260106/eefa9382/attachment-0001.bin>