Identity Management - S/MIME, Secure Multipurpose Internet Mail Extensions

S/MIME is the standard for public key encryption and the signing of MIME data.

S/MIME provides confidentiality and authentication by using the RSA asymmetric key system, digital signatures, and X.509 digital certificates. S/MIME complies with the Public Key Cryptography Standard (PKCS) #7 format and has been proposed as a standard to the Internet Engineering Task Force (IETF).


By using public key encryption, a message sender has assurance that only the recipient will be able to read the message. The sender uses the public key of the recipient to encrypt the message. The recipient uses the private key to decrypt the message. The public key is available for everybody within the information system; the private is only available for the key pair holder.

Figure 01 - S/Mime Encryption

Digital Signature

In addition to providing data confidentiality through encryption, you can use the public key in the X.509 certificate to verify digital signatures created by a message sender. A digital signature is a value produced by the message sender to bind message data to the sender's identity and to provide a means of verifying the integrity of the message to detect tampering. In this case, the private key of the message sender is used to create the digital signature. The corresponding public key, which is found in the sender's X.509 certificate, is used to verify the signature. Digital signatures are used to assure the message recipient that the message originated from the identified sender, and that the message contents have not been altered since they were signed by the sender.

Note   With digital signatures that use public key cryptography, the origin of the signed message can be traced to the sender's identity, thereby satisfying nonrepudiation requirements. This differs from symmetric key integrity, where a message may have been signed by either party with knowledge of the shared secret key.

The public key can be distributed openly to encrypt messages and to verify digital signatures, but the private key in a key pair should be carefully guarded by its owner. This is necessary because it is used to prove the identity of the certificate subject and to decrypt messages that are intended for that subject.

Figure 02 - process of using public keys to sign a message

Please enter a search term !