Loading...Just got an e-mail with a .p7s attachment and you’re wondering if it’s safe to open it?
We’ve all been in that situation. Let’s find out what this file is and what it is for.
What is a P7S file?
A P7S file is a type of digital signature file that uses the PKCS #7 standard, which is a cryptographic standard for signing and encrypting data. The extension “.p7s” indicates that the file contains a signature that verifies the sender’s identity and ensures that the message has not been changed during transmission.
Do I need to open p7s file to see the signature?
The short answer is “no”.
Many modern e-mail clients, such as Microsoft Outlook, Mozilla Thunderbird, and Apple Mail, can automatically handle P7S files when you receive an e-mail with a P7S attachment. These clients will verify the signature and display the results directly within the e-mail interface.
The signature is reflected slightly differently depending on the e-mail client interface. For example, in Outlook you will see a red ribbon/stamp:
And if you click on it, the signature details will be reflected:
How this signature can be added to my e-mails?
You will need to obtain a Secure/Multipurpose Internet Mail Extensions, or S/MIME certificate that is issued by the Certification Authorities, such as Sectigo/Comodo or DigiCert.
After the certificate is issued, it will be required to add it to your e-mail client, such as Outlook, Apple Mail, and others. The process of signing is pretty simple, you will need just to enable a digital sign before sending an e-mail.
Example: Outlook
- Please navigate to the File tab
- Select Options and choose Trust Center
- Under Microsoft Outlook Trust Center, select Trust Center Settings
- In the Email Security directory, select Encrypted Mail tab
- Tick “Add digital signature to outgoing messages” check box
How a P7S signature works: the technical details
“Under the hood” this process is more complicated. When the signature is enabled, the e-mail client generates a hash (a fixed-size string of characters) of the message content. The signature is created by encrypting this hash using the sender’s private key.
Then, the digital signature and the sender’s public key (contained within the digital certificate) are attached to the e-mail and it is sent to the recipient.
Upon receiving the signed e-mail, the recipient validates the by decrypting the hash using the public key received from the sender and comparing it to a newly generated hash of the received message. If both hashes match, it confirms that the e-mail is authentic and has not been altered during transmission. If these do not match, an alert indicates that the message may have been tampered with.
A kind reminder that as the sender, you just need to obtain the S/MIME certificate and enable this feature before sending e-mails and, as a recipient, all you need to do is open an e-mail and see if it has a digital signature.
Sounds great, doesn’t it? Do you want to use this feature for your e-mails too?
Here you can find more detailed information regarding the S/MIME certificates and find the solution according your needs.
