choosing between either gpg or Apple built-in s/mime encryption

Urs Rau's Avatar

Urs Rau

27 Feb, 2012 07:54 PM

If one has communication that uses s/mime and has to work across platforms including iPhones and iPads as well as PCs and MACs( >= 10.7) , but at the same time also has to cater for some gpg secured emails, how could this be done using gpgtools? 

What's the "hoops" one would have to jump through to switch openpgp from gpgtools off and on to switch between being able to use Apple's built-in s/mime support or the gpgtools provided gpg support?

I don't suppose there are plans for gpgtools to cater for both gpg and s/mime in one tool, a bit like enigmail used to do a few years back under thunderbird? 

  1. Support Staff 1 Posted by Luke Le on 27 Feb, 2012 08:25 PM

    Luke Le's Avatar

    Hi Urs,

    you're really at luck here. We've just been working exactly on that issue.
    If you'd like to help testing the feature, I could send you a new version of GPGMail mail with support for it.

  2. 2 Posted by Urs Rau (UK) on 28 Feb, 2012 07:01 AM

    Urs Rau (UK)'s Avatar

    Hi Luke,

    On 27 Feb 2012, at 20:25, Luke Le wrote:

    Yes, please, I'd be happy to test and help. Please send me a link and i'll happily test it. Great work thanks for all the hard work.


    Urs Rau


  3. Support Staff 3 Posted by Luke Le on 28 Feb, 2012 03:42 PM

    Luke Le's Avatar

    Hi Urs,

    here's a link to the dev version build:

    Please test the S/MIME | OpenPGP support thoroughly and let us know what works and what not.
    Thank you :)!

  4. 4 Posted by Urs Rau (UK) on 28 Feb, 2012 06:08 PM

    Urs Rau (UK)'s Avatar

    Hi Luke,

    On 28 Feb 2012, at 15:43, Luke Le wrote:
    Thanks. How detailed of a report do you need, or want? I give you an overview of some tests and then ask me if you want more details or can't replicate the issues? Is that OK? I assume that some of the reports you are going to immediately know what the issue is, and won't need a debug report and for others you might need a lot more detail.

    test 1 choose s/mime encrypt and signed, choose a "to:" recipient that I have certificate for and one "cc:" that i do not have a certificate for and it gave me the expected error message about not being able to send encrypted to somebody that it does not have a certificate for. Removed the extra 'cc' recipient and hit send. Email was sent , dialog to check that it is OK to use certificate detail from keystore came up as expected, but on receiving it , it does not indicate to be either signed nor encrypted as far as indicates. ;-(
    thunderbird/enigmail also don't recognise this as being either encrypted or signed.

    test 2 choose opengpg method and only signed, choose a known gpg recipient. sent email , asked for passphrase, and then crashed. On re-opening it I found the email was sent and was actually showing as signed.
    thunderbird/enigmail does not show it as a signed email (maybe because the emial server is exchange 2007 - and has added a compnay disclaimer using transport rules on the exchange server)

    test 3 choose opengpg method and encrypted only (not signed) , email sent ok and when received indicated that it was an encrypted email.
    thunderbird/enigmail does not prompt for passpharse and shows the ascii armored email as the body (again this might be the exchange server in the background having mangled the various parts)

    test 4 choose s/mime encrypt only, sent ok, on receiving it email had no indication that it was encrypted in
    thunderbird/enigmail: don't indicate that email is encrypted but display decrypted email body (if it ever was encrypted?)

    test 5 choose s/mime sign only , sent ok, on receiving it email had no indication that it was encrypted in
    thunderbird/enigmail: don't indicate that this emial is s/mime signed (if it ever was)

    I have a number of other mail servers I can use and I will re-test some of this not using exchange . ;-)

    Do you want me to run some inter client tests sending from to Thunderbird or from Thunderbird to and test gpg and s/mime, or not, yet?

    Please let me know what helps you most os if you have specific test cases you would like me to run through?


  5. Support Staff 5 Posted by Luke Le on 28 Feb, 2012 06:53 PM

    Luke Le's Avatar

    Hi Urs,

    I've not yet completely finished reading your report, but first off, thank you so much for the heavy testing!!
    What you've pointed out already is that your mails are going through an exchange server. Unfortunately that leads to completely mangled mails Thunderbird can't deal with at the moment. We've already contacted the Enigmail developers and suggested to implement the work around we're using in GPGMail. We'll see if they're gonna add it.

    Could you forward me your test emails which don't lead to the expected result, including a short description of the test? Best if you save the mails and send the original .eml file.
    That'd be fantastic!

  6. 6 Posted by Urs Rau (UK) on 28 Feb, 2012 08:07 PM

    Urs Rau (UK)'s Avatar

    Hi Luke,

    here are the 5 test emails.

    I will create new test s/mime and gpg keys for future tests. but it won't happen today.

    hope this helps, let me know if I can do anything else.


  7. 7 Posted by urs.rau on 28 Feb, 2012 08:18 PM

    urs.rau's Avatar


    in case exchange created even more of a mess.


    Urs Rau

  8. 8 Posted by Maxi Weber on 28 Feb, 2012 08:40 PM

    Maxi Weber's Avatar


    I ran some basic tests, too. Seems to work like a charme.

    Thank you for your great work.


  9. 9 Posted by Alex on 05 Mar, 2012 03:31 PM

    Alex's Avatar

    Thanks for all the test cases. Created a ticket for them - closing this discussion:

  10. Alex closed this discussion on 05 Mar, 2012 03:31 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac