We should be able to create MIME messages, that have an inner signature layer, and an outer encryption layer.

This is not a task. It is an enhancement that requires code changes.

It introduces the ability described in this bug. It enables it by default for now, so we can get more testing. We can decide later if we always want to use two MIME layers, or only for external smartcard/GnuPG sining.

In addition, the attached patch makes smartcard signing work.
Using this advanced, optional feature will require several manual configuration steps, which I will document soon in a wiki page.

Also, the patch adds more attempts to find the GPGME shared library automatically.

Tested to work with GnuPG (software key), GnuPG (hardware smartcard), Qubes split GPG

FYI: https://wiki.mozilla.org/Thunderbird:OpenPGP:Smartcards

Pushed by kaie@kuix.de:
https://hg.mozilla.org/comm-central/rev/a5b2c9c4ab88
Implement OpenPGP message creation that uses separate MIME layers for signature and encryption. r=PatrickBrunschwig DONTBUILD

Comment on attachment 9163877 [details]
Bug 1603782 - Implement OpenPGP message creation that uses separate MIME layers for signature and encryption. r=PatrickBrunschwig

Important change to support OpenPGP smarcards and Qubes OS for advanced users.
Changes how encrypted emails and signed emails are constructed. Now two separate MIME layers instead of one.
We should get this in to 78.1 to ensure wide testing, prior to enabling by default later.

Comment on attachment 9163877 [details]
Bug 1603782 - Implement OpenPGP message creation that uses separate MIME layers for signature and encryption. r=PatrickBrunschwig

Approved for beta
Approved for esr78

https://hg.mozilla.org/releases/comm-esr78/rev/a1c41c3889a719d1e54deb22fc98313a1f42d301
https://hg.mozilla.org/releases/comm-beta/rev/67ac6cde43534e7d399fb9782249a20d3ae14822