S/MIME AES support

I am trying out the free version of Em client before buying and email signing and encryption are very important.  So I noticed that Em client 6 still only support SHA-1 and 3DES, which are both weak algorithm by today’s standard.  I looked in the forum and saw that a year ago it was said the request to implement AES and stronger signing alhorithm was sent to developers.

Is it being worked on? 


Hi, officially we support SHA1 and MD5 for signing and 3DES, RC2 and DES for encrypting. Although unofficially we support more algorithms (means if someone sends you an email with a different encryption and you have the right certificate, it’s actually quite possible it will work).
We only support the above mentioned officially for compatibility reasons.

I hope this was a helpful answer, thank you,

Thanks for the reply.

I was hoping for more support since s/mime 3.1(RFC 3651 from 2003) mention AES should be supported

Sending and receiving agents MUST support encryption and decryption with DES EDE3 CBC, hereinafter called “tripleDES” [CMSALG]. Receiving agents SHOULD support encryption and decryption using the RC2 [CMSALG] or a compatible algorithm at a key size of 40 bits, hereinafter called “RC2/40”. Sending and receiving agents SHOULD support encryption and decryption with AES [CMSAES] at a key size of 128, 192, and 256 bits.

and s/mime RFC 5751(January 2010) goes further, saying AES-128 MUST be supported, and downgrade 3DES to SHOULD be supported

Sending and receiving agents: - MUST support encryption and decryption with AES-128 CBC [CMSAES]. - SHOULD+ support encryption and decryption with AES-192 CBC and AES-256 CBC [CMSAES]. - SHOULD- support encryption and decryption with DES EDE3 CBC, hereinafter called “tripleDES” [CMSALG].

It’s clear that AES is the current standard while 3DES is being depreciated.  Only being supported for legacy purpose. 

I hope this feature gets updated as I really like the mail client, it’s speed and it’s UI. 
Hopefully you’ll get enough request for this feature to be worth your development time :slight_smile:

I’m still leaning strongly toward buying the pro version though.   I admit that for signing purposes, which is my main requirement, SHA-1 is still good enough.  And I need to replace my slugish outlook 2010(which, incidentaly,  does support AES encryption and SHA-256 :stuck_out_tongue: ).


Hi, thank you for your input on this, we appreciate it and will keep that in mind for improving this in future releases. Security and privacy of our users are of course very important to us as well.

Thank you again for the suggestion and your notes on this feature,

Guys, you are working on v7, now is the time to redo your security too.  Here is another article explaining why SHA1 has to die NOW.  


Yes, I realize that s/mime are not on the usual web user mind, but I don’t think the usual web user buys em client either.  They use gmail, outlook.com, etc.

Fix s/mime insecurity in em client in v7 and I’ll upgrade for sure when it comes out.

Hi Sylvain, as I stated above, security is very important to us, and we’d like to improve the security standards and options for encrypting your messages as soon as possible.
But please be patient.

Thank you for understanding,


Any news on SHA512 and AES256?

Hello AES is currently supported by the application, however the UI is out of track a little, we’ll be working on improvements to include AES in the list of possible algorithms - however if you add the certificate to the application with specified algorithm (AES) to use, eM client should be able to use the certificate and the specific method.

Are you using these encryption methods with your certificate, as this kind of security is kind of unusual. Note that 3DES encryption is considered as secure as AES, however AES is considered to be a little bit faster.


Hi Paul,


I have already responded in https://forum.emclient.com/emclient/topics/s_mime_algorithms