#658 new

Unable to encrypt messages with S/MIME

Reported by jachin | March 4th, 2014 @ 11:15 PM

hi there

When I try to send an encrypted message (with S/MIME) I get the following error.

Unknown format in import. Error code: -25257

OpenGPG encryption seems to work fine. I can sign messages with S/MIME fine.

I tried turning on the logging by following the instructions here.

I set the following but I might have done it wrong.

defaults write com.freron.MailMate LoggingEnabled -bool YES
defaults write com.freron.MailMate MmDebugSecurity -bool YES

I looked at /tmp/mailmate_logs/mailmate_parser_problems.log but nothing showed up.

Do I need to run those "defaults write" command in particular directory or can I just run them from anywhere?

Any help in figuring out what's would on would be great.



Comments and changes to this ticket

  • benny

    benny March 17th, 2014 @ 01:59 PM

    @jachin: Sorry for the late reply. (I'm quite a bit behind on answering emails and some fall between the cracks.)

    Do not use LoggingEnabled:

    defaults write com.freron.MailMate LoggingEnabled -bool NO  
    defaults write com.freron.MailMate MmDebugSecurity -bool YES

    To answer your other question, it does not matter where you are when you use the defaults commands. It writes values to ~/Library/Preferences/com.freron.MailMate.plist in any case.

    Then launch MailMate from the Terminal:

  • benny

    benny March 26th, 2014 @ 03:19 PM

    I haven't been able to look into the details of this problem yet. Is there any chance that MailMate picks up the wrong S/MIME certificate? That is, does any of you have more than 1 certificate for any of the given email addresses (both sender and recipient). I believe it would fail as you have described if MailMate can access the public key, but then cannot locate the private key of the certificate.

  • benny

    benny June 9th, 2014 @ 01:56 PM

    No, I definitely do not think GPGTools plays any role in this. I use two completely different “API”'s and GPGTools does not store its keys in the OS X keychain.

    I suggest you all fetch the latest test version (hold down ⌥ when clicking “Check Now” in the Software Update preferences pane). The only change is that I now output the serial number of the certificates found. This provides an extra way to check that the correct certificate is used.

    Also, it seems the problem might be related to specific certificates. I would appreciate if one of you could send me a public key for which encryption fails. Just so I can check if I can reproduce the issue. Use “Help ▸ Send Feedback” for that.

  • fnurl

    fnurl June 1st, 2015 @ 12:19 PM

    Hi, I was getting the same problem as @MikeC. I have not been able to sign my messages for some time, but now I took another look at the problem. The problem was that my private key was missing from my Keychain for some reason. I am guessing it disappeared during my Yosemite upgrade - migrated from a Time Machine, or during some other iCloud sync process.

    I had already tried downloading my certificate again, but that did not work, what I had to do was to use the password protected .p12 file I had on my secure backup (which I googled and found out contains both the certificate and the private key).

    Now signing and encryption in MailMate works again!

  • benny

    benny November 2nd, 2015 @ 01:49 PM

    @Paul: This happens when encrypting for a specific recipient? Or for any recipient?

    @Philip: Sorry about the late response. If I understand correctly then this happens when encrypting for a specific recipient?

    For both of you, I would assume that I should be able to reproduce the issue if you provide me with the public certificate for one of these recipients and the email address you are trying to send to (I won't send anything to them). You can send that to me using “Help ▸ Send Feedback” within MailMate.

  • benny

    benny September 16th, 2016 @ 08:11 AM

    @TomEck: Sorry about the late reply. As discussed by email then in your case it appears the problem is that OS X does not know the intermediate certificate needed to verify the certificate of the recipient. In this particular case, it could be located here and added to the keychain to resolve the issue. I found the information needed by viewing the certificate and then noting the “Issued by” part at the top of the certificate. This might also be helpful for other users in this ticket.

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Mac OS X email client.

Shared Ticket Bins

People watching this ticket

Referenced by