S/MIME works on Public Key Infrastructure (PKI). Like the classic bank lockers where access requires a bank’s key and a client’s key, S/MIME requires a public key and private key for the recipient to be able to decrypt an S/MIME encrypted email. While the public key can be figured out, the private key can’t. The private key must always be in the sole possession of the recipient.
S/MIME uses asymmetric cryptography to encrypt the message. The encrypted message carries a digital signature of the sender, only identifiable by the intended recipient. Unlike standard email encryption where the route between two nodes is encrypted, S/MIME encrypted email can’t be read despite an interception.
Most leading clients including Apple Mail, Microsoft Outlook and Mozilla Thunderbird on Desktop support installation of S/MIME certificates. Popular mobile email clients that support S/MIME are iOS Mail, CipherMail and more.
A standard email encryption such as Secure Sockets Layer (SSL) or Transport Layer Security (TLS and even STARTTLS) encrypts the route between the two nodes. While this covers for the transmission of the email, it leaves the email as it is. In S/MIME however, the message itself is encrypted and can be decrypted and read only by the intended recipient. Brute force attacks that exploit the limitations of SSL or TLS may break into a secure connection to intercept an email, but it’ll still be impossible to read an S/MIME encrypted message.
S/MIME requires the sender and the recipient, both to have valid S/MIME certificates. These can be issued from a recognized issuing authority and must be installed in the mail clients of the users. The cost of the certificates may vary based on the class of certificate to be procured.
S/MIME is optimally used within organizations where frequent transfer of classified information happens over email. If the intended recipient doesn’t support S/MIME, the email bounces back to the sender and a repeat attempt may be made often using TLS to secure and resend the message.
© Copyright 2021 Rediff.com