Combining Security and MIME

In order for OpenPGP and S/MIME to fit nicely into email messages, they need to make use of MIME structures. This allows the various parts of an OpenPGP message or an S/MIME message, such as signatures, encrypted content, and control information, to exist as MIME entities. This, in turn, allows OpenPGP and S/MIME messages to look just like any other messages when passing through MTAs.

Two MIME content types have been created to allow this, multipart/signed and multipart/encrypted. The first is used to facilitate digital signatures and the second as the basis for encrypted content. These MIME types are described in RFC 1847, a proposed Internet standard.

OpenPGP uses both multipart/signed and multipart/encrypted. S/MIME, however, only uses multipart/signed, preferring to use its own MIME type for encrypted messages.

Each of these MIME types consists of exactly two body parts. MIME nesting can be used to include either of these types within a mail message or, indeed, within each other.

Get Programming Internet Email now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.