Thunderbird 1.5.x S/MIME setup

Update: November 16, 2006

There are two articles in mozillaZine

Getting an SMIME certificate -


Installing an SMIME certificate -

that give information on how to set up certificates in Thunderbird in case you are not using Enigmail instead.

It looks like the instructions may be for Thunderbird 1.0.x, some of them don't work the same in 1.5.x

" ... Thunderbird, go to "Tools -> Options... -> Advanced -> Certificates -> Manage Certificates..." ..."

You actually need to go to Tools | Options | Privacy | Security | View Certificates instead.

TB Security

TB certificate manager

The self-signed certificates portion seems to work slightly different also.

After you created the certificate

keychain access self-signed

It does not seem to be possible to export .cer if you selected "My Certificates" in the left pane of Keychain Access. You can only export Personal Information Exchange .p12 file.

keychain access export

You have to choose "Certificates" in the left pane, before you can export .cer file to be used for Certificate Authority import in Thunderbird.

keychain access export cer

Once all is done,

set master password

TB Master Password

import CA


TB Certificate Manager Authorities

You should haved your and other's certificate (their "authorities")

TB certificate manager

choose the certificate (if you have more than one identities), encryption and digital signature should work.

TB select certificate

TB use same certificate for encrypt and decrypt

TB security

TB compose security

TB encrypted emailTB digital signatureTB encrypted and digital signed

Under the hood, the digital signed message would have something like this inside

Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"  
Content-Description: S/MIME Cryptographic Signature    

The encrypted message would be like this

Content-Type: application/x-pkcs7-mime; name="smime.p7m"  
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7m"
Content-Description: S/MIME Encrypted Message

Otherwise you get those invalid or unknow messages

TB invalid digital signature

TB digital signature not valid

TB digital signature unknown

TB digital signature mismatch