Crypto 101: Secure Mail and S/MIME

Secure Multipurpose Internet Mail Extensions (S/MIME) is a de facto standard developed by RSA Data Security, Inc, for sending secure mail based on public-key cryptography. MIME is the industry standard format for electronic mail, which defines the structure of the message's body. S/MIME-supporting e-mail applications add digital signatures and encryption capabilities to that format to ensure message integrity, data origin authentication and confidentiality of electronic mail.

When a signed message is sent, a detached signature in the PKCS #7 format is sent along with the message as an attachment. The signature attachment contains the hash of the original message signed with the sender's private key, as well as the signer certificate.

Enveloped (encrypted) mail is generated using a recipient's public key. The message is actually encrypted using a random symmetric key, and it is that symmetric key that is encrypted using the recipient's public key and sent along with the message. If a message is being sent to multiple recipients, the symmetric key is encrypted separately by every recipient's public key. The enveloped message and all encrypted symmetric keys are packaged together using the PKCS#7 format.

S/MIME also supports messages that are first signed with the sender's private key and then enveloped using the recipients' public keys.

The AspEmail component, when used in conjunction with AspEncrypt, is capable of sending S/MIME-compliant mail. The S/MIME Enabled logo indicates that the component has passed RSA's S/MIME Interoperability Test and is included into the S/MIME Interoperability Master Matrix.