Define an S/MIME encryption endpoint

Following on from the steps in Define endpoints, continue below to define an S/MIME Secure Multipurpose Internet Mail Extensions (S/MIME) is a specification for secure email messages that uses the X.509 format for digital certificates and uses various encryption algorithms such as 3DES. encryption endpoint:

1. In the Encryption and Signing Options area, select Encrypt the message using: the following certificate A digital means of proving your identity. When you send a digitally-signed message, you are sending your certificate and public key. Certificates are issued by a certification authority and can expire or be revoked..

   Use the Search button to find a particular certificate from the Certificate Store. The search operates on the certificate Details field.

2. Optionally, select Sign the messages using: the sender's key to use automatic mail signing.

   When the email message is sent, Secure Email Gateway selects an S/MIME certificate with the sender’s email address as its owner.

3. In the S/MIME Options area, click Click here to change these settings, and then follow the instructions on screen.

   Extra information

   Setting	Description
   Messages will be signed using the detached format	S/MIME signatures are usually detached signatures where the signature information is separate from the text being signed. The MIME type for this is multipart/signed with the second part having a MIME subtype of application/(x-)pkcs7-signature. It is possible, however, for mailing list software to change the textual part and invalidate the signature.
   Messages will be signed using the opaque format	The secured content in S/MIME messages is actually made up of Multipurpose Internet Mail Extension (MIME) body parts. A plain text message can, therefore, contain an attached signature. This is called a clear-signed message because the message can be read without verifying the signature. An opaque-signed message contains the message and signature combined in a single part that cannot be read except by verifying the signature.
   Messages will not be signed using RSA/PSS	RSA/PSS (Probabilistic Signature Scheme) is a cryptographic signature scheme, which is part of the Public Key Cryptography Standards. We recommend that you confirm the recipient supports this option, before enabling.
   Messages will not be encrypted using RSA/OAEP	RSA/OAEP (Optimal Asymmetric Encryption Padding) provides security against ciphertext attacks by processing plaintext prior to assymetric encryption.
   Message header protection is Enabled/Disabled	Message header protection specifies that message headers will be included in the encrypted part of the message. You can specify a replacement subject header if necessary, provided header protection is enabled.

4. Apply the configuration.

See also...

• Apply the new configuration
• Apply encryption endpoints to a mail policy route