S/MIME and Enigmail interaction leads to visual confirmation email will be encrypted but is sent in the clear



3 years ago
3 years ago


(Reporter: Steven Galgano, Unassigned)


31 Branch

Firefox Tracking Flags

(Not tracked)




3 years ago
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:32.0) Gecko/20100101 Firefox/32.0
Build ID: 20140918134209

Steps to reproduce:

I have both Enigmail and S/MIME configured. Enigmail is configured to use PGP/MIME, sign messages by default, encrypt drafts, and encrypt messages if possible by default. S/MIME is configured to not sign or encrypt by default. I start drafting a new email and disable Enigmail PGP signature since I will be using my S/MIME cert. I then enable S/MIME 'Digitally Sign This Message' and optionally 'Encrypt This Message'. The email is addressed to an address for an individual with a valid S/MIME certificate and no PGP public key. Status bar icons and S/MIME message security dialog verify the message is set to be signed and encrypted, if 'Encrypt This Message was selected'.

Actual results:

Sometimes, not always the message will be sent unsigned and unencrypted even though every visual indication shows the message will be S/MIME signed and encrypted. I've tried to come up with steps to reliably reproduce the issue but I can't. It does appear to happen more often when I am drafting emails that take longer to write.

Expected results:

If an email is marked to be signed and/or encrypted it must be sent that way. I have had this happen enough times now where I am no longer comfortable sending encrypted S/MIME messages.
You need to log in before you can comment on or make changes to this bug.