RSS Feed Click to Subscribe!

Digitally signed .p7s messages explained

A .p7s extension is associated with S/MIME (Secure/Multipurpose Internet Mail Extensions) and used to provide digital integrity during communications, it confirms origin and integrity of the message with PKCS (Public-Key Cryptography Standard) #7 used to sign and encrypt email messages. The messages do not have to be necessarily encrypted, they could be be only signed as proof of origin.

Most email clients like Microsoft Outlook, Thunderbird and Apple Mail support S/MIME, if they don’t or you read a digitally signed email in webmail the signature will show as an attachment called smime.p7s. You might encounter this file in communications with companies like Amazon. Any attached smime.p7s file can be saved to your hard drive and opened with Microsoft Management Console double clicking on it or using a special p7s viewer to read details like issuing entity and expire date.

P7S digital signature viewed with Microsoft Console
P7S digital signature viewed with Microsoft Console

Dettached digital signatures are often mangled by Mail Transfer Agents in mailing lists and they will not be readable, or they could be automatically dropped so that they do not appear in messages.

If you wish to digitally sign your email messages yourself, the best is to obtain a digital certificates, some companies provide digital certificates for personal use. After registration with the Certificate Authority you will be given a download link to obtain a .p7s file that must be added to your email client. A few specialist security email providers like Safe-Mail can interact with digital certificates using webmail , it is one of the few ways to be able to send and read digitally signed messages in your browser, another way to do that is with a browser addon that deals with OpenPGP, like Mailvelope.

Digitally signed emails attained in PGP but digital certificates are a lot easier to use, with a smaller learning curve. After importing a digital certificate into your email client you can set it up to automatically encrypt and sign messages without having to do anything before clicking the send button.

Add a Comment

Your email address will not be published. Required fields are marked *