1014433 - S/MIME encrypt-only does not work unless I have a personal key pair for myself

Status: RESOLVED DUPLICATE of bug 937022

(Thunderbird :: Security, defect)

Description

[Dominik Herrmann]

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:29.0) Gecko/20100101 Firefox/29.0 (Beta/Release)
Build ID: 20140506152807

Steps to reproduce:

Intention: I want to be able to send encrypted mails to people, whose S/MIME public key I have received previously, without having to generate my own S/MIME key pair.

Steps to reproduce:
0. Ask my friend X to send an S/MIME signed e-mail to me.
1. Set up a new empty Thunderbird profile.
2. Set up my e-mail account.
3. Open the S/MIME signed e-mail from Step 0.
4. Compose an e-mail to my friend X
5. Click on "Options" menu and select entry "Encrypt this message".



Actual results:

Upon receiving the mail in Step 3, the public key certificate of friend X is automatically imported to the Thunderbird key store.

In Step 5, Thunderbird opens a dialogue box and informs me that in order to use this security feature I will have to install my S/MIME key pair. From a cryptography perspective, encryption to friend X only needs the public key of friend X. I do not understand why Thunderbird would need my private key for that purpose.

Background: I want to be able to send mails to friend X with encryption. Authenticity is explicitly not desired (for some reasons).


Expected results:

Thunderbird should allow users to send encrypted mails without requiring the sender to have a S/MIME key pair.

Comment 1

[Martin]

Hello,

I think that this behavior is very good, because Thunderbird (in default configuration) needs a key pair of the sender to encrypt (decrypt) the copy of the email in the "SENT" folder.

If the copy of the sent email in the folder "SENT" would not be encrypted this would IMHO be irresponsible.