Should Thunderbird allow encrypting of S/MIME email using an ECC certificate? I can successfully sign and receive signed messages that use an ECC certificate, b
I can successfully sign and receive signed messages that use an ECC certificate, but attempts to use the same certificate for encryption get a pop-up window (during save or attempting to send) with
Unable to save your message as a draft. [Sending of the message failed.]
Unable to encrypt message. Please check that you have a valid email certificate for each recipient. Please check that the certificates specified in Mail & Newsgroups Account Settings for this mail account are valid and trusted for mail
Всички отговори (4)
just curious. Did this start after an update or after you added the certificate. I have found that with all my digital signing certificates I have had to remove them from the account settings and add them again. At which point the certificate serial number was shown beside the email address for the certificate.
This might work for you.
thank you Mr.Matt for reply..To understand my issues I will describe every steps that I did. first I installed last version of Thunderbird(68)then I created two email accounts on gmail .then I used openssl to create my own self sign certificate authority with elliptic curve key (curve name "prim 256v1")finally I create two smime certificate also with ecc (curve name "prim 256v1") the sign is work normally but the encryption is not work. - I did same steps but with RSA and every things work normally (signing and encrypt). I think Thunderbird not support all elliptic curves .I will try to use different elliptic curve.
Is there anything cert related in the error console (Ctrl-Shift-J)?
I suggest you go here. https://www.actalis.it/products/certificates-for-secure-electronic-mail.aspx
Get one of their s/mime SSL certificates and see if they work better than your self signed ones. Fundamentally s/mime operates on a certificate system that probably does not support self signed certificates, unless you are running your own revocation server.