LKBEN11130: What is S/MIME (Secure / Multipurpose Internet Mail Extensions)


This article has not been checked!

LKB | Created: 02/04/2020 | Version: 1 | Language: EN | Rating: 0 | Outdated: False | Marked for deletion: False

Author: Wim Peeters - Keskon GmbH & Co. KG

Latest update: 05/10/2020 | Comment:


Symptom

You want to know S/MIME.

Cause

You want to know what S/MIME is.

Solution

S/MINE is a standard for public key encryption and signing of e-mail encapsulated in MIME.
S/MIME functionality is built into most modern e-mail software and interoperates between them. S/MIME provides the following cryptographic security services for electronic messaging applications: authentication, message integrity and non-repudiation of origin (using digital signatures) and privacy and data security (using encryption).

Before S/MIME can be used in any application, one must obtain and install an individual key/certificate either from a certificate authority (CA). S/MINE needs X.509 based certificates for functioning.

The best option is to use separate private keys (and associated certificates) for Signature and for Encryption, as this permits escrow of the encryption key without compromise to the non-repudiation property of the signature key.

Encryption requires having the destination party's certificate on store (which is normally automatic upon receiving a message from the party with a valid signing certificate). While it is technically possible to send a message encrypted (using the destination party certificate) without having one's own certificate to digitally sign, in practice, the S/MIME clients will require the installatoin of your own certificate before they allow encrypting to others. A typical basic personal certificate verifies the owner's identity only in terms of binding them to an email address. It does not verify the person's name or business.

Any messages that an S/MIME client stores in their encrypted form will not be decryptable if the certificate/private key used for encryption has been deleted or is not available, independent from whether that certificate has expired or not.

About the Author

Wim Peeters is electronics engineer with an additional master in IT and over 30 years of experience including time spent in support, development, consulting, training and database administration. Wim has worked with SQL Server since version 6.5. He has developed in C/C++, Java and C# on Windows and Linux in different European countries and different European languages. He writes knowledge base articles to solve IT problems and publishes them on the Lubby Knowledge Platform where he is one of the most important contributors and the main developer.

Disclaimer:

The information provided in this document is intended for your information only. Lubby makes no claims to the validity of this information. Use of this information is at own risk!