The S/MIME Format

Like OpenPGP, S/MIME messages may be signed, encrypted, or both. This section will show how S/MIME messages are structured in all three forms.

S/MIME uses the multipart/signed MIME type for signing messages, just like OpenPGP. It uses the application/x-pkcs7-signature protocol for digital signatures and either the SHA.1 or MD5 cryptographic algorithms for message integrity checks. The micalg parameter is therefore set to either “sha1” or “md5”.

You may recall from Chapter 4, Creating MIME-Compliant Messages, that MIME messages are often constructed with a bit of text at the top of the message body that reads “This is a multi-part message in MIME format.” This is used to inform MUAs (and humans) that can’t handle MIME of the message structure. Similarly, S/MIME messages often include a comment along the lines of “This is a cryptographically signed message in MIME format”, which serves the same purpose.

The following example shows a simple textual message that has been signed with an S/MIME digital signature. The first part is the actual message content of MIME type text/plain. The second part is a (truncated) signature, which is of type application/xpkcs7-signature. Note that the MIME type of the second part and the “protocol” parameter used in the multipart/signed header must match exactly.

The signature data itself is encoded with base64, so that it may pass easily through the Internet mail system. Since signatures may not be altered by MTAs, they must be “7-bit clean”. ...

Get Programming Internet Email now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.