S/MIME Encryption in Nextcloud 27 and Mail 3.2.0 does not work

Bitstream · June 13, 2023, 8:43pm

Hello,

I use Nextcloud 27 and the Mail app in version 3.2.0. I have imported my certificate from Actalis and can open old already encrypted emails. But I can not create encrypted emails, is that correct or should encrypting and signing with S/MIME also work?

Thanks in advance for your answers

ChristophWurst · June 14, 2023, 11:33am

Encryption and signing should work. But it can only work if the certificate can do it. I am not sure if this is the case for Actalis certs.

Bitstream · June 14, 2023, 1:51pm

Since the certificate works in Outlook, Thunderbird, Apple Mail (iOS / macOS) and SOGo, I assume that the necessary properties are available. Previously encrypted emails with other clients can also be opened in the Mail App. I just can’t do any signing or encryption in the Nextcloud Mail app.

The certificate is available from Actalis for free:
https://extrassl.actalis.it/portal/uapub/doProcess?reqid=&lang=en

Here the properties of the certificate without my private data:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = IT, ST = Bergamo, L = Ponte San Pietro, O = Actalis S.p.A., CN = Actalis Client Authentication CA G3
        Validity
            Not Before: May 15 16:59:43 2023 GMT
            Not After : May 15 16:59:42 2024 GMT
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Authority Key Identifier:
                BE:97:A9:AA:84:BF:80:BF:10:53:7D:09:32:F9:E1:2E:32:1B:CF:77
            Authority Information Access:
                CA Issuers - URI:http://cacert.actalis.it/certs/actalis-autclig3
                OCSP - URI:http://ocsp09.actalis.it/VA/AUTHCL-G3
            X509v3 Certificate Policies:
                Policy: 1.3.159.1.24.1
                  CPS: https://www.actalis.it/area-download
            X509v3 Extended Key Usage:
                TLS Web Client Authentication, E-mail Protection
            X509v3 CRL Distribution Points:
                Full Name:
                  URI:http://crl09.actalis.it/Repository/AUTHCL-G3/getLastCRL
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
    Signature Algorithm: sha256WithRSAEncryption

ChristophWurst · June 14, 2023, 1:54pm

That sounds like a bug then. Please report it at Sign in to GitHub · GitHub.

asmodii · August 31, 2023, 12:37pm

Hello! Are you getting any closer to solving the problem? I am asking because 7 weeks have already passed. We are currently evaluating whether to switch to Nextcloud and it is very unfortunate that one of the most important tools has an issue.

I see version 3.3.1 is out now.

Bitstream · August 31, 2023, 2:30pm

The error has not been fixed yet.

NextCloud Mail: S/Mime certificate does not encrypte/sign messages #8552