Skip to content
Secure/Multipurpose Internet Mail Extensions (S/MIME) support for ActionMailer
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Mr Smime

Secure/Multipurpose Internet Mail Extensions (S/MIME) support for ActionMailer, inspired by a blog post by Andrew White: Sending S/MIME encrypted emails with Action Mailer.


Add this line to your application's Gemfile:

gem 'mr_smime'

And then execute:

$ bundle


Setup a certificate path in your application.rb:

module MyApp
  class Application < Rails::Application


    MrSmime.configure do |config|
      config.certificate_path = Rails.root.join('config', 'certificates')


Add certificates for each of your senders (and recipients if you want encryption). We expect a .key and .pem file where @ has been replaced by . (e.g. results in and

That's it!


Option Default value Description
certificate_path Pathname to location of certificate-files
enabled true Boolean to have Mr Smime actually perform it's magic


  • Make it easy to save certificates from incoming e-mails (so we can sent encrypted mails back to them)
  • Add options to use keys with passphrases
  • Add options to enable on a per something base


0.1.0 (September 16, 2016)

  • Initial release


After checking out the repo, run bin/setup to install dependencies. Then, run rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to

Creating self signed certificates

Create a CA certificate first:

$ openssl genrsa -out ca.key 4096
$ openssl req -new -x509 -days 365 -key ca.key -out ca.crt

Then create a certificate for each of your mail addresses (I'm certain there is a better way to do this):

$ openssl genrsa -out 4096
$ openssl req -new -key -out
$ openssl x509 -req -days 365 -in -CA ca.crt -CAkey ca.key -set_serial 1 -out -setalias "Self Signed SMIME" -addtrust emailProtection -addreject clientAuth -addreject serverAuth -trustout
$ openssl pkcs12 -export -in -inkey -out
$ openssl pkcs12 -in -clcerts -nokeys -out


Bug reports and pull requests are welcome on GitHub at

You can’t perform that action at this time.