Known Compatibility Issues with S/MIME

General Issues with Multiparts

As of JavaMail 1.4.1 and later caching was introduced for Multipart objects, this can cause some issues for signature verification as occasionally the cache does not produce exactly the same message as was read in.

If you are having issues with signature verification and you are using JavaMail 1.4.1 or later, try setting:


in either the session properties for the message, or the VM properties.

Outlook and Outlook Express Issues with Signed Email and Nested Multiparts

As outlined in RFC 2049 the area between a multipart header and the first boundary can also have preamble text in it. This is for mail readers that are unable to interpret the multipart and is supposed to be ignored when a signature is calculated. Outlook and Outlook express correctly handle the initial preamble text but will add later preamble text to the calculation if nested multiparts are used. This is significant as BC prior to 1.35 would also do the same. If you run into problems with invalid signatures in these circumstances in BC 1.35 or later with Outlook and Outlook Express it is because BC 1.35 no longer has the same bug. The best solution here is to take care to not to include anything that can be interpreted as preamble text in internal multiparts - this should produce a signature you will be able to verify on any platform.

Outlook Express Issues with Signed Email

Actual signed email does not include the To:, From:, etc... headers in it. The reason being that the signature relates to the content of the email, rather than the recipient. Normally, this changes if the MIME message is embedded in another MIME object which is then signed and sent on, however people have reported that Outlook Express always ignores the To:, From:, etc.., headers in signature calculation no matter where they appear.

Consequently if you are signing a MimeMessage or MimeBodyPart that contains the mail headers in it you do need to remove the headers. The following code fragment, from Armin Häberling, will do this, given that the message to be signed is a MimeMessage based on an original email message:

MimeMessage  msg = ...;
MimeBodyPart body = new MimeBodyPart();

Enumeration e = msg.getAllHeaders();
while (e.hasMoreElements()) 
    Header hdr = (Header) e.nextElement();
    if (hdr.getName().toLowerCase().startsWith("content-")) 

MimeMultipart multipart = generator.generate(body,"BC");