I ask a person to send me a signed email so that i can send them an encrypted email. How is this process supposed to work in thunderbird? I receive a signed email, what next? Clearly, thunderbird sees the signature but does not add the public key to the contact. This is in contradiction with [[https://support.mozilla.org/en-US/kb/thunderbird-help-cannot-encrypt#w_obtaining-smime-certificates-of-correspondents|this page]] that states: ''The standard way of distributing a person's certificate is to send a digitally signed email. If you have received a signed email from your correspondent, click the email to view it. If Thunderbird considers the email's signature and the sender's certificate valid, it will automatically be imported and available when you attempt to encrypt an email to that correspondent using the S/MIME technology. If you don't have a signed email from your correspondent yet, you could ask them to send a digitally signed email to you. Note that certificates issued by CAs may have a short validity period. Certificates are no longer usable after the validity period has expired. In that case your correspondent will have to obtain a new certificate. Once that happened they will be able to send you a new digitally signed email with a valid certificate. Organizations that operate an LDAP server may configure their server to store S/MIME certificates. If an LDAP server is configured, Thunderbird may automatically query the LDAP server if it needs to obtain a S/MIME certificate. To review the list of S/MIME certificates that you already have, you can use Thunderbird's Certificate Manager. '' The certificate shows that it is valid, yet, clicking reply gives "key issues" which shows no key available. Similarly, if I sign an email with pgp key and send it, thunderbird sees that it is signed but tells me that i need to obtain public pgp key. So it seems that signatures and encryption are completely unusable.