Posteo Help Help categories Article

How do I set up end-to-end encryption with S/MIME in Thunderbird?


Step 1: Importing the S/MIME key pair in Thunderbird

  1. Open the “Preferences” of Thunderbird. Click “Advanced”, then “Certificates” and then the “Certificates” button.
  2. Click the “Your certificates” tab and then click the “Import” button.
  3. Open and import the file which is the security copy of your key pair. Follow the instructions and enter the password for your security copy.

Step 2. Connect the S/MIME key pair with your email account in Thunderbird

  1. Click “Tools” and then “Account settings”.
  2. Choose “Security” for your Posteo account.
  3. In the “Digital Signing” section, click “Select”. Select the key pair you have just imported and confirm with “OK”.
  4. You will now be asked whether you would also like to encrypt using the key pair – confirm this with “Yes”.
  5. Place a tick next to “Digitally sign messages (by default).” Finished.

From now on, emails sent from your Posteo address with Thunderbird will be automatically signed with your S/MIME key. Your public key will also be attached to each email. Your public key will thus be disseminated to your contacts. If your contacts would like to send you encrypted emails, they can use your public key to do so.

Step 3: Encrypting with S/MIME

When sending an email using Thunderbird, you can now encrypt it as follows:

Manual encryption

  1. Create a new email as usual.
  2. Click the down arrow to the right of the “Security” button. In the drop-down menu, choose “Encrypt message”, for example.
  3. You can tell that your email will be signed due to the envelope symbol at the bottom right in the status line of the email view.

Automatic encryption

If you would like to be automatically asked whether an email should be encrypted each time you create one, you can use the Thunderbird add-on “Encrypt if possible”. If the recipient’s public key is saved in your Thunderbird, you will always be asked when creating an email whether you would like to encrypt. This is very convenient.

  1. Install the plug-in Encrypt if possible in Thunderbird.
  2. Finished. In future, if Thunderbird knows your recipient’s public key, you will automatically be asked if you would like to encrypt with S/MIME.

Related help articles