KMail and S/MIME


I cannot use s/mime with kmail in a right way. I have imported the certificate with Kleopatra and I can choose the certificate in kmail. The command

gpgsm --list-secret-keys

returns the following:

           ID: 0xIDIDIDIDI
          S/N: NUMBER
      Subject: /CN=Firstname Lastname/O=XXXXXXXXX/C=DE
          aka: EMAIL
     validity: 2016-09-21 HH:MM:SS through 2019-07-09 HH:MM:SS
     key type: 2048 bit RSA
    key usage: digitalSignature nonRepudiation keyEncipherment
ext key usage: clientAuth (suggested), emailProtection (suggested)
     policies: POLICIES
  fingerprint: FINGERPRINT

The problem is, when I send a signed mail, the recipient get a mail with an invalid signature.

What can I do?

Thanks in advance

If your friend sends you a signed message, can you open it?
Try another mail client to try to isolate if the problem is the mail client or perhaps even the certificate you’re using.


Is the issuing CA publicly recognized or, at least, recognized by the recipient’s mail client? If the receiving side does not trust the certificate chain or has not explicitly set your cert to trusted, then it will flag your signature invalid.

S-MIME does not need to be a signed certificate.
S-MIME is not asymmetric, it’s symmetric encryption which means that a certificate must be manually exchanged which is then used to encrypt/decrypt messages.
The “authoritativeness” isn’t provided by a CA, it’s provided by the trusted exchange of the certificate.


I have tested the certificate in another e-mail program. Signing works perfectly there. I also signed a file with Kleopatra and the S/MIME certificate and then verified this signature. That also worked very well. It seems as if KMail changes the mail text after signing it.

I found another interesting aspect in the error. I can encrypt and decrypt e-mails. Only the signing does not work.