Home>The Introduction to Publicly Trusted S/MIME Certificate and MeSign Trusted S/MIME Certificate

The Introduction to Publicly Trusted S/MIME Certificate and MeSign Trusted S/MIME Certificate

In 1995, RSA and other companies proposed the S/MIME (Secure/Multipurpose Internet Mail Extension) protocol V1 version, which improved the functions of email security. In 1998 and 1999, S/MIME V2/V3 versions were successively introduced and submitted to the IETF to form a series of RFC standards. The S/MIME standard is to encrypt the email with a digital certificate, that is, using the recipient's public key to encrypt the cleartext message into a ciphertext, and send emails in ciphertext to the recipients' email server. After the recipients receive the ciphertext emails, they can decrypt with their own private key to read the email.

The core part of S/MIME is to implement digital signature and encryption with email certificate. Therefore, if users want to use certificate to encrypt email, they must apply for email certificate from a CA, and then install and configure it into a used email client software which supports S/MIME standard. In addition, they need to export certificate’s backup and import it into other devices for using the certificate. It can be said that this whole process is cumbersome and error-prone for users, this is something that most email users can do. This is also the only reason why S/MIME email encryption technology has not been applied popularly over the decades. MeSign has completely solved these headache issues, so that users do not need to apply for an email certificate from any CA, just use the MeSign APP to log in to their email account. After logging in, the MeSign APP will automatically apply for the certificate from the MeSign CA and install and configure the certificate automatically. By default, the auto-applied and auto-configured V1 signing certificate and encrypting certificate are completely free. If the user applies for individual validation or organization validation, the V2 signing certificate or V3 signing certificate or V4 signing certificate will be automatically configured, which are all trusted by MeSign, these certificates are the MeSign trusted email certificate.

However, the free auto-configured email certificate is only trusted by the MeSign APP. If you use this certificate to send signed emails to the recipients who use other email client software, the other email client software will display and indicate that 'There is a problem with the signature, the digital signature is invalid', this is because the MeSign root certificate that issued the email certificate is not trusted by these email clients.

If MeSign users care about the certificate trusted compatibility with other email client, users can pay to apply for a publicly trusted email certificate (Vp Certificate). The MeSign APP will use this certificate to sign emails by default. All other email client software will not indicate the prompt "digital signature is invalid", when receiving the signed emails; instead, the information of the signer’s signing certificate will be displayed normally as "This digital signature is trusted". Users can buy Vp Email Certificate directly in the MeSign APP or buy it in MeSign website. Once the application is completed and paid, the publicly trusted email certificate will be installed and configured for use automatically in the MeSign APP. In addition, users can manually export this certificate to use it on other email client software. If you export this certificate, please keep the certificate file securely and remember this certificate protection password.

As shown in the picture below, the left shows the certificate chain of MeSign trusted email certificate that its root CA is MeSign (MeSince Identity CA); the middle shows the certificate chain of the publicly trusted Vp Email Certificate that its root CA is Sectigo (USERTrust RSA Certification Authority), and the right shows the certificate chain of MeSign intermediate root certificate (MeSign Secure Email CA) that it is issued by Sectigo (USERTrust RSA Certification Authority).

MeSign APP has automatically combined the publicly trusted email certificate signature and MeSign trusted email signature with user identity information to perfectly realize the dual signature of email. The signed email can be viewed and displayed the digital signature information correctly by other email client such as Outlook, and MeSign APP will display the MeSign validated identity information, so that the recipient can easily identify the sender’s trusted identity and completely solve the problem of email fraud.

As shown in the figure below, for the same one digitally signed email, the left is the signature information displayed by Outlook that display ”This digital signature is trusted”, and the right is the signature information displayed by MeSign APP that display the sender’s “Identity Validated and Publicly Trusted”.