You can use the SMIME Sign filter to digitally sign a multipart message as it passes through the API Gateway core pipeline. The recipient of the message can then verify the integrity of the SMIME message by validating the Public Key Cryptography Standards (PKCS) #7 signature.


Complete the following fields to configure this filter:


Enter an appropriate name for the filter.

Sign Using Key:

Select the checkbox next to the certificate that contains the public key associated with the private signing key that you wish to use to sign the message.

Create Detached Signature in Attachment:

Specifies whether to create a detached digital signature in the message attachment. This is selected by default. For example, this is useful when the software reading the message does not understand the PKCS#7 binary structure, because it can still display the signed content, but without verifying the signature.

If this is unselected, the message content is embedded with the PKCS#7 binary signature. This means that user agents that do not understand PKCS#7 can not display the signed content. Intermediate systems between the sender and final recipient may modify the text content slightly (for example, line wrapping, whitespace, or text encoding). This may cause the message to fail signature validation due to changes in the signed text that are not malicious, nor necessarily affecting the meaning of the text.