Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Setting S/MIME as the default signature scheme in Thunderbird 102

  • 2 replies
  • 2 have this problem
  • 1 view
  • Last reply by crytolos

more options

I prefer to use S/MIME to digitally sign my email messages. Prior to Thunderbird 102.3.1, using S/MIME to digitally sign my messages was the default.

Now, for every single email I send, when I click "Send" I get the dialog box "OpenPGP Alert - Cannot digitally sign this message, because you haven’t yet configured end-to-end encryption for <email address>". I have to then select "S/MIME" from the encryption/signature menu.

It's a pain to have to remember to do this for every email I send.

I checked my account settings. "Do not use OpenPGP for this identity" is checked. The correct S/MIME certificate is selected.

How do I set the default signature method to be S/MIME instead of OpenPGP in this new version of Thunderbird?

I'm running Thunderbird 102.3.1 on Mac OS 10.14 Mojave. The Enigmail plugin is disabled. I have an OpenPGP key that I created 20 years ago on my system, and Thunderbird recognizes its presence, but I do not use it.

I prefer to use S/MIME to digitally sign my email messages. Prior to Thunderbird 102.3.1, using S/MIME to digitally sign my messages was the default. Now, for every single email I send, when I click "Send" I get the dialog box "OpenPGP Alert - Cannot digitally sign this message, because you haven’t yet configured end-to-end encryption for <email address>". I have to then select "S/MIME" from the encryption/signature menu. It's a pain to have to remember to do this for every email I send. I checked my account settings. "Do not use OpenPGP for this identity" is checked. The correct S/MIME certificate is selected. How do I set the default signature method to be S/MIME instead of OpenPGP in this new version of Thunderbird? I'm running Thunderbird 102.3.1 on Mac OS 10.14 Mojave. The Enigmail plugin is disabled. I have an OpenPGP key that I created 20 years ago on my system, and Thunderbird recognizes its presence, but I do not use it.

Chosen solution

I had not noticed that section before, because it was grayed out!

The option was set to "Select automatically based on available keys or certificates". Because it was grayed out, I could not change it.

I started randomly clicking on other buttons in the dialog, to see what might "ungray" those options. Finally, I got the options to be selectable, by turning _on_ the OpenPGP key. (That was a key I'd generated decades years ago that somehow Thunderbird detected.) Then I could select "Prefer S/MIME".

This seems to be a user-interface bug more than user error. It looks like Thunderbird is so aggressive in favor of OpenPGP keys that even if you select that you're not using it, it will pick it as an "available key or certificate".

I've filed a bug report: https://bugzilla.mozilla.org/show_bug.cgi?id=1793278

Read this answer in context 👍 1

All Replies (2)

more options

At the top right of the Thunderbird window, click the menu button > Account Settings

Select the account in the left pane - End-To-End Encryption - Preferred Encryption Technology Select 'Prefer S/MIME'.

more options

Chosen Solution

I had not noticed that section before, because it was grayed out!

The option was set to "Select automatically based on available keys or certificates". Because it was grayed out, I could not change it.

I started randomly clicking on other buttons in the dialog, to see what might "ungray" those options. Finally, I got the options to be selectable, by turning _on_ the OpenPGP key. (That was a key I'd generated decades years ago that somehow Thunderbird detected.) Then I could select "Prefer S/MIME".

This seems to be a user-interface bug more than user error. It looks like Thunderbird is so aggressive in favor of OpenPGP keys that even if you select that you're not using it, it will pick it as an "available key or certificate".

I've filed a bug report: https://bugzilla.mozilla.org/show_bug.cgi?id=1793278

Modified by crytolos