How to send encrypted emails - how to obtain the keys from signed emails
I ask a person to send me a signed email so that i can send them an encrypted email. How is this process supposed to work in thunderbird? I receive a signed email, what next? Clearly, thunderbird sees the signature but does not add the public key to the contact. This is in contradiction with [page] that states: The standard way of distributing a person's certificate is to send a digitally signed email. If you have received a signed email from your correspondent, click the email to view it. If Thunderbird considers the email's signature and the sender's certificate valid, it will automatically be imported and available when you attempt to encrypt an email to that correspondent using the S/MIME technology. If you don't have a signed email from your correspondent yet, you could ask them to send a digitally signed email to you.
Note that certificates issued by CAs may have a short validity period. Certificates are no longer usable after the validity period has expired. In that case your correspondent will have to obtain a new certificate. Once that happened they will be able to send you a new digitally signed email with a valid certificate.
Organizations that operate an LDAP server may configure their server to store S/MIME certificates. If an LDAP server is configured, Thunderbird may automatically query the LDAP server if it needs to obtain a S/MIME certificate.
To review the list of S/MIME certificates that you already have, you can use Thunderbird's Certificate Manager.
The certificate shows that it is valid, yet, clicking reply gives "key issues" which shows no key available. Similarly, if I sign an email with pgp key and send it, thunderbird sees that it is signed but tells me that i need to obtain public pgp key. So it seems that signatures and encryption are completely unusable.
All Replies (3)
PGP and s/mime are not interchangeable you have to your one or the other.
Do you have an S/MIME certificate with which to encrypt your message? If not you will also have to have one. a PGP certificate will not do it in this instance.
I have been hearing for more than 20 years how PGP is going to make encryption simple and accessible. I have yet to see anything simple about PGP.
Matt said
PGP and s/mime are not interchangeable you have to your one or the other. Do you have an S/MIME certificate with which to encrypt your message? If not you will also have to have one. a PGP certificate will not do it in this instance. I have been hearing for more than 20 years how PGP is going to make encryption simple and accessible. I have yet to see anything simple about PGP.
I am not sure that i understand what you mean by "Do you have an S/MIME certificate with which to encrypt your message?". I have a signed email from the user to whom I need to send an encrypted email. Signed email (we are not talking only s/mime, not pgp) contains a public key of the user. I should not need anything else to encrypt the message but this public key, specifically, I do not need to have my own s/mime since it is not used at all during the encryption process.
I am fairly sure you do not understand at all. The senders public key is not used to encrypt anything, it is something you can use to decrypt encrypted messages they send you.
The person can send you an encrypted email as you now have their public key to decrypt it with. You do not have an s/mime certificate so you can encrypt nothing to send to anyone. Your private key is what is used to encrypt messages. Not the public key of an email sender that you are corresponding with.
PGP has nothing to do with s/mime, but both work on the same basic principle of you encrypt with your private key and the recipient decrypts with your public key which has been passed to them prior to anything being encrypted.
You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.