S/MIME Email is a standards-based method for sending and receiving secure, verified email messages. It involves using public/private-key based certificates to encrypt and/or sign an email message, so that only the recipient of the email can open it (if encrypted), and the recipient knows with a high degree of certainty who sent the message (if signed).
How Does S/MIME Work?
Encrypting, signing, and decrypting S/MIME email messages requires the use of certificates.
An S/MIME email message can be signed, encrypted, or both.
Encrypting a message is done using the public key certificate of the recipient of the message. This ensures that only the recipient can decrypt the message, as the encryption is done so that only the recipient's private key certificate can reverse the encryption.
Signing the message is done with the sender's private key certificate, and ensures to the recipient that the sender of the message is who they say they are. A hash of the message is also created by the signing process so that the recipient of the message knows that the message has not been changed since it was written.
As with PGP encryption/decryption, some amount of key exchange is required. In order to encrypt a message to a given recipient, the sender must have a copy of the recipient's public key certificate. This is generally accomplished by having the recipient send the sender a signed S/MIME email message. S/MIME signatures are done in such a way that the sender's public key certificate can be extracted and stored for later use.