/ˌɛs.maɪm/
noun — "locking email so only the intended reader can open it."
S/MIME, short for Secure/Multipurpose Internet Mail Extensions, is a standard for securing email messages using encryption and digital signatures. It provides confidentiality, message integrity, authentication, and non-repudiation for email communications by relying on public key cryptography.
Technically, S/MIME uses a PKI model, where each user has a public-private key pair and a digital certificate issued by a trusted Certificate Authority. Messages are encrypted with the recipient’s public key and digitally signed with the sender’s private key using a Digital Signature. The recipient verifies the signature and decrypts the message, ensuring both authenticity and confidentiality.
Unlike web-based encryption schemes, S/MIME is integrated directly into many email clients and enterprise mail systems. It works transparently once certificates are installed, making it popular in regulated environments where identity verification and message integrity are mandatory.
Key characteristics of S/MIME include:
- Email encryption: protects message contents from interception.
- Authentication: verifies the sender’s identity.
- Integrity: detects any modification of the message.
- Certificate-based trust: relies on PKI and trusted CAs.
- Client integration: supported by many enterprise email systems.
In real-world use, S/MIME is common in government, healthcare, and corporate environments where secure email exchange is required by policy or regulation. Its strength lies in strong identity binding, though certificate management can add operational overhead.
Conceptually, S/MIME turns email into a sealed, signed envelope instead of an open postcard.
See PKI, CA, Digital Signature, Cryptography.