User Guide
CHAPTER
19-1
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
19
S/MIME Security Services
• Overview of S/MIME Security Services, page 19-1
• Signing, Encrypting, or Signing and Encrypting Outgoing Messages using S/MIME, page 19-4
• Verifying, Decrypting, or Decrypting and Verifying Incoming Messages using S/MIME, page 19-14
• S/MIME Certificate Requirements, page 19-20
Overview of S/MIME Security Services
Secure/Multipurpose Internet Mail Extensions (S/MIME) is a standards-based method for sending and
receiving secure, verified email messages. S/MIME uses public/private key pair to encrypt or sign
messages. This way,
• If the message is encrypted, only the message recipient can open the encrypted message.
• If the message is signed, the message recipient can validate the identity of the sender’s domain and
can be assured that the message has not been altered while in transit.
For more information about S/MIME, review the following RFCs:
• RFC 5750: Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 - Certificate
Handling
• RFC 5751: Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 - Message
Specification
• RFC 3369: Cryptographic Message Syntax
S/MIME Security Services in Email Security Appliance
Organizations may want to communicate securely using S/MIME without requiring that all end users
possess their own certificates. For such organizations, Email Security appliance supports S/MIME
security services (signing, encryption, verification, and decryption) at the gateway level using
certificates that identify the organization rather than the individual user.
Email Security appliance provides the following S/MIME security services for Business-to-Business
(B2B) and Business-to-Consumer (B2C) scenarios:
• Sign, encrypt, or sign and encrypt messages using S/MIME. See Signing, Encrypting, or Signing
and Encrypting Outgoing Messages using S/MIME, page 19-4.