There are basically two infrastructures for asymmetric cryptography, PKI and PGP. The same two infrastructures are used to digitally sign emails.

PKI is the more official and common infrastructure for all purposes (e.g HTTPS websites, personal certificates, etc.), however PGP is more common for email digital signatures (because PKI didn’t put much effort into it).

Both encryptions are End-to-End, i.e if you use GMail for email, all your emails are transferred encrypted and stored encrypted on gmail servers, in a way that only you and your target can see them.
If you receive an email that has an attachment file named smime.p7s, this is a digitally signed email using PKI. Many email clients (e.g Apple Mail, Mozilla Thunderbird) will automatically detect this, verify the signature and show it to you. Almost all web-based email clients don’t recognize it and just show the file as an attachment. The file is small and includes the signature for that specific email (plus the signer information).

If you receive an email that has an attachment file named smime.p7m, this is a digitally encrypted email using PKI. Such emails typically don’t have any content, just a single file. This file is encrypted using your signature details, i.e only you should be able to read it (and not even the sender). One can only send you an encrypted email using PKI if they have their own certificate, as well as your signature. Typically, you send a signed email to them, and then they can send encrypted emails to you afterwards.


PGP on the other hand, is the unofficial but more secure alternative. Signed emails with PGP typically contain a text block starting with —— BEGIN PGP SIGNATURE —– in the end, which contains the digital certificate, or contain a block of —– BEGIN PGP MESSAGE —– which contains the encrypted message. You have to either manually decrypt the message/verify the signature, or install PGP tools on your mail client (e.g Thunderbird).

Site Footer

Sliding Sidebar