What Is S/MIME (Secure/Multipurpose Internet Mail Extensions)?
S/MIME (Secure/Multipurpose Internet Mail Extensions) is a protocol for sending digitally signed and encrypted email messages. It uses asymmetric encryption to protect emails from tampering and unwanted access.
A Brief History of S/MIME
As email communication grew, so did the need for a robust and reliable security protocol. In the 1990s, email was fast becoming the go-to communication method, and organizations found themselves facing an entirely new range of security threats.
So, S/MIME was developed and introduced to tackle these new problems. It protects institutions and individuals from phishing, email tampering, and unauthorized access to confidential data.
How Does S/MIME Work?
S/MIME uses two primary mechanisms to protect email communication – encryption and digital signatures:
Email encryption:
An encrypted email means that the email content is obscured and inaccessible to the public. Essentially, the encryption algorithms turn readable text into indecipherable code. And, only those with the decryption keys can read the content.
S/MIME uses a mechanism called “key cryptography” to secure email communication. The process functions similarly to a physical lock and key. The email is “locked” using a public key, rendering the content unreadable. The recipient of the email is granted a private key, which “unlocks” the content, allowing them to read it.
If the email is intercepted using hacking mechanisms, the hacker will only see code, rather than the email message.
Digital Signatures:
A digital signature verifies the sender and authenticates the message. The signature is attached to the email at the point of send. This enables the recipient to verify that the message they receive is precisely the one that the sender sent to them.
The S/MIME Process
The process works as follows:
-
Certificate Distribution:
The recipient and the sender are issued a digital certificate by a trusted authority. This certificate contains the public key and is used to verify the owner’s identity.
-
Message Encryption:
The sender’s email client encrypts the message using a public key, which is obtained from the certificate. The recipient receives a private key that allows them to decrypt the email content.
-
Signing the Message:
The sender’s email client also creates a digital signature. This signature is attached to the email when it’s sent, and can then be used by the recipient to verify the message.
How to enable S/MIME
Most email clients allow users to enable S/MIME in settings:
How to enable S/MIME in Gmail:
- Open your Google Admin console.
- Go to Menu > Apps > Google Workspace > Gmail > User settings.
- Under Organizations, select the domain or organization you want to configure.
- Scroll to the S/MIME setting and check the Enable S/MIME encryption for sending and receiving emails box.
How to enable S/MIME in Outlook:
- In Outlook, tap the Account control at the top left
- Select the Settings button near the bottom left.
- Tap on the specific account you want to turn S/MIME on for.
- Tap Security and you should find the toggle to turn S/MIME on for that account.