Home>The Introduction to Publicly Trusted S/MIME Certificate and MeSign Trusted S/MIME Certificate

The Introduction to Publicly Trusted S/MIME Certificate and MeSign Trusted S/MIME Certificate

In 1995, RSA and other companies proposed the S/MIME (Secure/Multipurpose Internet Mail Extension) protocol V1 version, which improved the functions of email security. In 1998 and 1999, S/MIME V2/V3 versions were successively introduced and submitted to the IETF to form a series of RFC standards. The S/MIME standard is to encrypt the email with a digital certificate, that is, using the recipient's public key to encrypt the cleartext message into a ciphertext, and send emails in ciphertext to the recipients' email server. After the recipients receive the ciphertext emails, they can decrypt with their own private key to read the email.

The core part of S/MIME is to implement digital signature and encryption with email certificate. Therefore, if users want to use certificate to encrypt email, they must apply for email certificate from a CA, and then install and configure it into a used email client software which supports S/MIME standard. In addition, they need to export certificate’s backup and import it into other devices for using the certificate. It can be said that this whole process is cumbersome and error-prone for users, this is something that most email users can do. This is also the only reason why S/MIME email encryption technology has not been applied popularly over the decades. MeSign has completely solved these headache issues, so that users do not need to apply for an email certificate from any CA, just use the MeSign APP to log in to their email account. After logging in, the MeSign APP will automatically apply for the certificate from the MeSign CA and install and configure the certificate automatically. By default, the auto-applied and auto-configured signing certificate and encrypting certificate are completely free. If the user applies for individual validation or organization validation, MeSign APP will auto-configure the signing certificate with user’s identity such as Personal Identity Certificate, Organization Email Certificate and Organization Employee Certificate, which are all trusted by MeSign, these certificates are the MeSign trusted email certificate.

However, the free auto-configured email certificate is only trusted by the MeSign APP. If you use this certificate to send signed emails to the recipients who use other email client software, the other email client software will display and indicate that 'There is a problem with the signature, the digital signature is invalid', this is because the MeSign root certificate that issued the email certificate is not trusted by these email clients.

If MeSign users care about the certificate trusted compatibility with other email client, users can buy the Starter Edition or Pro Edition service, MeSign APP will auto-configure the publicly trusted Vp Email Certificate as default signing certificate and encrypting certificate. The MeSign APP will use this certificate to sign emails by default. All other email client software will not indicate the prompt "digital signature is invalid", when receiving the signed emails; instead, the information of the signer’s signing certificate will be displayed normally as "This digital signature is trusted".

As shown in the picture below, the left shows the certificate chain of MeSign trusted email certificate that its root CA is MeSign (MeSign Identity CA); the middle shows the certificate chain of the publicly trusted Vp Email Certificate that its root CA is Sectigo (USERTrust RSA Certification Authority) (The global second largest CA), and the right shows the certificate chain of MeSign intermediate root certificate (MeSince Secure Email CA) that it is issued by Sectigo (USERTrust RSA Certification Authority).

MeSign APP has automatically combined the publicly trusted email certificate signature and MeSign trusted email signature with user identity information to perfectly realize the dual signature of email. The signed email can be viewed and displayed the digital signature information correctly by other email client such as Outlook, and MeSign APP will display the MeSign validated identity information, so that the recipient can easily identify the sender’s trusted identity and completely solve the problem of email fraud.

As shown in the left figure below, once a MeSign APP user receive a signed and encrypted email sent by another MeSign APP user, MeSign APP will validate the identity information signed with the signing certificate in the email and display the sender’s validated identity information. However, if the recipient uses an email client such as Outlook to view it, the identity information signed with the Vp Email Certificate in the email is validated and the digital signature of the user is trusted in Outlook, as shown in the right figure below. This solution solves the problem that signed emails sent by MeSign APP are displayed warning as invalid digital signatures in other email client and helps MeSign APP users to effectively identify the sender's true identity and completely solve email fraud problem.