What Is a .P7S File?

By Stephen Byron Cooper

The P7S file is part of an email security system. A file with the name smime.p7s can be found attached to emails operating the digital signature security method. The data the file contains is called a PKCS #7 Signature. This method is implemented by Apple Mail, Mozilla Thunderbird and Microsoft Outlook 2010.

Digital Signature

The concept of a digital signature for email is meant to compensate for insecure transmission methods. If the connection over which emails travel is not routinely encrypted, the digital signature offers a “per email” security program. The method that employs the P7S file extension is called S/MIME, which stands for Secure/Multipurpose Internet Mail Extensions. The S/MIME email is encrypted following the PKCS #7 encryption system.


It is necessary to get a certificate before S/MIME security can be applied to email messages. The certificate provides proof of identity, and it includes the digital signature. When a user gets a certificate, a program is downloaded onto the computer, which automatically integrates authentication procedures into the email application. The certificate proves the sender's identity with the digital signature and can be applied either to all emails sent from that email client or just to selected emails.


The certificate also includes a unique public encryption key. This key is applied as part of an algorithm that scrambles the email message. The encryption system that S/MIME uses is called Public-Key Cryptography Standard number seven, or PKCS # 7. The encryption system operates in two ways: It forms part of the confirmation of the digital signature, and it can also encrypt and decrypt the entire message.


Certificates are an essential part of the digital signature process of S/MIME, because the recipient's email system needs to refer to the certificate details contained in the signature file. It then refers to the third-party issuer of the certificate and retrieves the public key part of the encryption key. The email system re-performs the encryption of the digital signature. If the two are the same, the email is confirmed as coming from the holder of the certificate. The database also records the email address of the sender against that certificate number.


The digital signature contained in the smime.p7s file provides verification of the sender's identity. It also provides “non-repudiation.” That means that the sender cannot pretend that someone else faked a similar sounding email address and sent that email. The email could only have come from the sender's account. The composition of the digital signature includes a checksum on the contents of the email. If a recalculation of the checksum results in a different number, then the recipient will know that the email was tampered with in transit. If the checksum works out the same, the the recipient is assured that this is the email that was sent by the sender.