Thunderbird 无法解密 s/mime 电子邮件“消息无法解密”

我正在使用我通过以下 OpenSSL 命令从 .pfx 文件中提取的公钥 .pem 文件在 python 中加密（无需签名）消息：

openssl pkcs12 -in certificate.pfx -nokeys -out publickey.crt
openssl x509 -in publickey.crt -pubkey -noout > publickey.pem

但是，当我通过以下 python 代码发送电子邮件时：

import sys
import smtplib
from email.mime.text import MIMEText
from email.mime.application import MIMEApplication
import smtplib
from email.mime.base import MIMEBase
from email import encoders
from email.message import EmailMessage
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.backends import default_backend

# Replace with your email server credentials and recipient email address
smtp_server = 'smtp.sendgrid.net'
smtp_port = 587
username = 'apikey'
password = 'sendgrid apikey'
recipient = '[email protected]'
from_email = '[email protected]'

# Build the message
message = 'This text is encrypted, so you should not see it.'

# Read the public key from the file
with open('publickey.pem', 'rb') as key_file:
    public_key = serialization.load_pem_public_key(key_file.read(), backend=default_backend())

# Encrypt the message using the public key
encrypted_msg = public_key.encrypt(
    message.encode(),
    padding.OAEP(
        mgf=padding.MGF1(algorithm=hashes.SHA256()),
        algorithm=hashes.SHA256(),
        label=None
    )
)

# Use the encrypted message as the content of the email
msg = MIMEApplication(encrypted_msg, _subtype='pkcs7-mime')
msg.set_type("application/pkcs7-mime; name=smime.p7m; smime-type=enveloped-data")
msg.add_header('Content-Disposition', 'attachment', filename='smime.p7m')
msg['From'] = from_email
msg['To'] = recipient
msg['Subject'] = 'Encrypted email s/mime'

# Send the email
try:
    with smtplib.SMTP(smtp_server, smtp_port) as server:
        server.starttls()
        server.login(username, password)
        server.sendmail(from_email, recipient, msg.as_string())
        print("Email sent successfully!")
except Exception as e:
    print("Error while sending email:", e)

我在我的 Thunderbird 客户端中收到一封带有以下 S/MIME 挂锁图标的电子邮件：

我在 Thunderbird 的“管理证书设置”下安装了用于加密的公钥证书，所以我无法弄清楚发生了什么。这是上面代码生成的邮件的消息来源：

Content-Transfer-Encoding: base64
MIME-Version: 1.0
Content-Type: application/pkcs7-mime; name=smime.p7m; smime-type=enveloped-data
Content-Disposition: attachment; filename="smime.p7m"
From: [email protected]
Subject: Encrypted email s/mime
Message-ID: <2yanN0AkR5y9aZkdKl_Umg@geopod-ismtpd-2>
Date: Tue, 28 Mar 2023 06:52:59 +0000 (UTC)
X-Feedback-ID: 8137588:SG
X-SG-EID: 
 =?us-ascii?Q?nNFctdm0BWd6iTjLSzehWeQnMAXb40QT9vsis7KAAy2HyIwEYpZgT6S7yNu6sf?=
 =?us-ascii?Q?QfsDPx0iJwkBMObbzQjwXMPzUWpzqt42mNuEUvK?=
 =?us-ascii?Q?xx2sJdAb9NFhjmou4ynkknKQ6V8eKGJNhKL9KgI?=
 =?us-ascii?Q?8tcAkXP+Rf8eTiWc4WaF8mjqEAnjZBVfiyub+d7?=
 =?us-ascii?Q?Kxtn8tG3FxHOrTqQDn12wR2P0PrMnMCdhWvGUhU?=
 =?us-ascii?Q?Y5Q+=2F8KJ0WEtIzQAxjjbb3jcfc2x2ik+dhgpP0?=
To: [email protected]
X-Entity-ID: TD8cTk3vN3Zbd6Fq4hlbCQ==

gKfsZnJnEFI0Nb9UqM6aV7JYzpqjb+UOfSISazoDeEaQDdqo/piZeRrDqkGqjkOruL4N+XQTIxD3
mJSt2mffVNyEos6Yek6mlngA20Qli+lA27VVR2ihB7nA8GRN55oWe/HIYfFVgA1zA5+zAALzA3nG
oNjCcXPkAyptXw9B8Lcd2J5oOxvlXAv97PvtaqK+6QTvoj8jFkJtDvkoTEWFathHbbcLNPc9Sa53
77vQFbXXYJpOn9ds8IcAsQRmU+r0pmuQq6Hf23DmvF1Z+dMHpcNl/wR79Y6fYf8FGjavkZRS/l+U
Swp6DJb31fQuGacRukmh7wnik0+AxOM9ou+16w==

我曾尝试将不同的库 (Chilkat) 与 node.js 一起使用，传入 certificate.pem 文件而不是公钥，Thunderbird 能够使用安装在 Thunderbird 中的相同私钥解密消息，但由于 chilkat 是一个付费使用图书馆我无法使用它所以我需要我自己的 s/mime 加密实现。

我也尝试将 certificate.pem 文件传递给我的 python 代码，但也看到了相同的 s/mime 错误图标：

我还能够使用私钥和 OpenSSL 命令解密电子邮件的内容，因此密钥对匹配。

我无法使用 Gmail 或 Outlook，因为它们是付费电子邮件客户端，超出了此用例的范围。

这与我的代码或 Thunderbird 有关吗？任何建议表示赞赏。