The S/MIME format is the IETF RFC 2311 specification for encrypting and signing message data. This format creates one-way hash algorithms that ensure data integrity by verifying that no modifications are made to a message while in transit. The sender’s identity is validated using a digital signature. S/MIME is the encryption-supported version of the MIME protocol, based on Public Key Cryptography Standards (PKCS).
PKCS standards specify how RSA Data Security public-key cryptographic algorithms are used to implement enveloped encryption and digital signatures. The RSA public-key system uses two related keys to perform the mathematical algorithms that encrypt and decrypt data: a public key, which may be made available to any prospective correspondent, and a private key known only to the key’s owner, for example:
A public key can be published openly, allowing anyone to send secure messages that can only be decrypted by the owner of the private key. Public keys are stored as certificates that comply with the X.509 standard. In addition to the public key, a certificate also contains information about the key owner’s identity, the key’s validity, and the CA that issued the certificate.
Private key encryption can be decrypted with a corresponding public key. This encryption method creates a digital signature, which guarantees that the signed message is authentic and came from the originator.
Digital signatures provide data integrity, authentication and nonrepudiation of electronic documents. Digital signature verification ensures that:
The document received is identical to the document sent.
There is authentication of the identity of the sender.
No subsequent repudiation of the document by the originator occurs.