Summary – Secure/Multipurpose Internet Mail Extensions, or S/MIME, is used to make reference to a specific kind of open encryption and signature of MIME data, often known as email communications, to confirm a sender’s legitimacy.
Ever wondered what an average number of emails sent per day is? It’s 293.6 billion. That many numbers of emails are sent each day, on an average, and the number is going to increase each year. No, I’m not here to discuss om how to send emails but have you ever wondered how come an email sent by you is protected? How are companies like Google, Yahoo, etc. so reliable?
How can they ensure their customers that their emails will be protected? The answer to all this is S/MIME. No, don’t relate this to that street dance.
S/MIME is based on asymmetric cryptography, which employs a public key and a private key—two keys that are mathematically related—to work. The private key cannot be determined computationally from the public key.
S/MIME (s/mime certificate) is based on asymmetric cryptography, which ensures that the email is protected from third-party access. Now, you might say that you have digital certificates like SSL Inspection or SSL Checker, then what is the need for S/MIME. To be more specific, these digital certificates will ensure a safe and secure passage from the user to the webserver but this does not mean that your emails itself are encrypted.
There is a possibility that the hackers may crack into your unencrypted inbox and get access to your emails. And this is where S/MIME comes into the picture.
Firstly, let us understand the terms which are used here like Cryptography, Symmetrical Cryptography, Asymmetrical Cryptography, Encryption, and decryption.
As mentioned above, asymmetric cryptography contains 2 types of keys and they are Public and Private keys. Now the important thing to notice is that both the keys can be used to encrypt and decrypt the emails but both the keys can not be used for the same function, that is if the public key is used to encrypt the email, then the private key has to be used for the decryption of the email.
Here, the public key doesn’t require any protection and can be sent across the internet. But, the private key has to be kept with the user only and can not be shared on the internet. Asymmetric cryptography is most widely used over the internet and communication channels.
Case study: US elections 2016
The latest presidential election of the USA was held in 2016, which saw Donald Trump defeating Hilary Clinton to become the 45th president of the USA. However, a certain incident took place before the election which saw thousands of emails being stolen, which included damaging revelations of senator Bernie Sanders.
This email scam, aimed at Our Revolution in 2016, lost approximately $242,000 via an electronic funds transfer to an overseas account.
Another incident that took place was the hacking of emails from John Podesta. For those who don’t know who John Podesta is, he was the chairman of Hilary Clinton’s presidential campaign. It is said that John Podesta’s emails were hacked by a group of Russian hackers called Fancy Bear.
They sent a misleading link to the account of Podesta, which led him to a fake log-in page, where he had to enter his email credentials. This attack has been given a term named Spear- Phishing attack. Podesta’s emails were subsequently obtained by WikiLeaks, which contained about 20,000 emails. This incident is said to have an incident over Hilary Clinton’s decline in the US presidential elections.
If you’re still not convinced that the emails should be encrypted then you should have a look at this. Edward Snowden, who exposed secret NSA operations said that there is a need for encrypting emails. Several big-name companies like Google, Facebook, Microsoft, etc. have already encrypted their emails.
Signing of emails
Yes, you heard that right. S/MIME allows you to sign your emails before sending it to a recipient. Of course, you won’t require a pen for this. Every time you sign your email, the private key applies your Digital Signature to your email.
When the recipient receives your email, the public key will verify the signature and confirm whether that email was sent by you. This is a bonus feature of having s/mime encryption. Imagine this case, you receive an email from one of your co-workers blackmailing you and it asks for a ransom. But, if you can observe you will notice that the email is not signed by your co-worker.
You can simply ignore that email and prevent your account details from being disclosed to the hacker.