What is a S/MIME.p7s File and How Do You Open It?

Updated: August 9, 2023 by Renée Christian | Leave a comment

You can never be too careful with strange attachments in the emails you receive. If you have received a S/MIME.p7s file, you may be wondering what it is and if it is safe to open. The good news is the S/MIME.p7s files are not harmful and show that the email you have received is especially secure. In this article, we’ll explain what a S/MIME.p7s file is and how you can open it.

What is a S/MIME.p7s File?

S/MIME.p7s files are a type of attachment that is sent with email messages that contain a S/MIME digital signature. Some organizations choose to use this form of security on their internal emails. Emails that contain S/MIME.p7s files are encrypted and secured to ensure that only the intended recipient reads the message. The file data also can be used to confirm that the email has come from who it says it is from, without interference or modification during sending.

Leading email software like MS Outlook, Mozilla, and Apple Mail supports the S/MIME digital signature. However, if your email service does not support digital signatures, it will be attached to the message as a S/MIME.p7s file. That may be why this unusual attachment may be showing up in your emails.

What Does a S/MIME.p7s File Contain?

S/MIME.p7s files are easy to overlook, but they may contain important information. Once you open them, the data in these files is easy-to-read plain text. You’ll usually find the following information, that is automatically presented by compatible email clients:

The email subject, e.g. Digital Signature
The name of the person the email is from
The digital signature of the sender (usually their email address)
A statement that the email is valid and trusted

What is S/MIME?

S/MIME stands for Secure and Multipurpose Internet Mail Extensions. It is a standard that is used for the encryption and signing of email messages that include non-ASCII text, images, and multimedia content. S/MIME email content is composite and can be transmitted with the more well-known email standards and protocols like:

Post Office Protocol (POP)
Internet Message Access Protocol (IMAP)
Simple Mail Transfer Protocol (SMTP)

Because S/MIME content tags along with other protocols used in message content, it isn’t that noticeable or distinct unless you encounter specific files or parts of the email content that use this standard. Its functionality is built into modern web ad software-based email services, with high interoperability. This means S/MIME files aren’t usually forwarded as attachments unless used explicitly for an advanced digital signature.

S/MIME for Email Authentication, Certifications, and Security

The cryptographic functionality of S/MIME means that it can also be used for security aspects of email including digital signatures, authentication, and data privacy and security. Specific data can be enveloped and packaged into files that may appear as attachments with an email.

S/MIME functionality requires individual encryption keys or certificates, with varying levels of identification and authentication, held by the sender and recipient of the email. S/MIME.p7s uses the Public-Key Cryptography Standard #7 for transmitted digital signatures. This is usually automatically set up when the email is received.

How Do You Open S/MIME Files?

S/MIME.p7s files show up in your inbox because the S/MIME standard is not universally supported by mail clients. S/MIME files are simply digital signatures and don’t contain anything more than the sender’s credentials, including the email address you should already have.

Senders often don’t know that they are sending this digital signature because the email signing certificate is installed and active in their email software. There is no need to use file converters or other complex software to convert the attachment.

S/MIME in Outlook

S/MIME in Outlook is available with Internet Explorer 9 and later versions. Outlook users can only send digitally signed or encrypted messages to other Outlook users within an organization. If encrypted emails are sent to external recipients they cannot be decrypted because they do not have the key.

You can send digitally signed emails to external recipients. They should be able to read the email but the digital signature usually is a S/MIME.p7s attachment. They won’t be able to verify the sender’s credentials, and may not even see them.

In Microsoft Outlook, digitally signed emails will be sent with the verified name of the sender using the S/MIME extension if it is activated in the email settings. If you open a digitally signed email, you’ll find that the sender’s credentials can be verified by clicking on the ribbon icon in the reading pane or message list.

This brings up a window with the sender credentials which would be the contents of a S/MIME.p7s file:

Open S/MIME.p7s File — *In Microsoft Outlook, click on the ribbon icon to see the sender’s credentials.*
©History-Computer.com

S/MIME in Gmail

S/MIME is an advanced security setting in Gmail that allows users with an organization to send each other signed and encrypted emails. Large organizations that use Google Workspace add S/MIME to increase the security of their communications and uniquely identify senders and recipients. S/MIME is only available with certain supported editions of Google Workspace which include:

Enterprise
Education Fundamentals
Education Plus
Education Standard
Teaching and Learning Upgrade

S/MIME can only be enabled via the Google Admin console. The administrator can then upload the necessary certificates to Gmail. For S/MIME encryption to work, both the sender and recipient must have it enabled. Once the administrator has set it up it should be active after Gmail is reloaded.

Final thoughts

A S/MIME.p7s file sounds ominous, but it is simply a digital signature with a negligible amount of plain text and does not need to be opened. If you receive a message from outside an organization that uses the S/MIME security standard, or you use an email service provider that does not routinely use S/MIME, you may see this attachment.

If you want to send and receive S/MIME-enabled messages, both you and your email recipients need to have hosted S/MIME set up on your email accounts. This is usually only done within large organizations to secure their internal communications.

Frequently Asked Questions

Can anyone enable hosted S/MIME on a Gmail account?

S/MIME implementation and other advanced controls can only be managed using an Administrator account for Google Workspace. S/MIME is for organizations, rather than personal email accounts.

What is a digital signature?

A digital signature is an electronic signature (e-signature) or code that can be used to verify the authenticity and integrity of a digital message. These signatures use a mathematical scheme to demonstrate to a mail server that a verified sender created the message and that there is a high probability that the message has not been intercepted or tampered with.

Is all email encrypted?

No. Depending on the email service provider, emails may be unencrypted as they travel between mail servers. This makes them vulnerable to phishing or hacking attacks. Encryption secures your data by scrambling it as it is transferred. Only a recipient with an encryption key can unscramble the message.

Transport Layer Security (TLS) is the leading encryption standard used by Gmail, Outlook, and other email service providers. Email senders and recipients are equipped with public encryption keys to encrypt and decrypt emails. Organizations can implement end-to-end encryption using S/MIME, though this requires complex configuration.

Can you implement S/MIME in Mozilla Thunderbird?

Mozilla Thunderbird does support basic S/MIME functionality. With an organization, S/MIME can be configured on a per-email basis, and users can send and receive emails that are signed and encrypted using the S/MIME standard.

Who is responsible for implementing S/MIME in an organization?

Advanced email security configuration for an organization can only be implemented by competent IT professionals with suitable administration privileges. Problems with S/MIME should be handled by the IT helpdesk in the first instance.