Cisco Cisco Email Security Appliance C160 Mode D'Emploi
20-5
User Guide for AsyncOS 9.7 for Cisco Email Security Appliances
Chapter 20 S/MIME Security Services
Signing, Encrypting, or Signing and Encrypting Outgoing Messages using S/MIME
3.
Create a PKCS7 signature with the encrypted message digest and public key of the appliance’s
S/MIME certificate.
S/MIME certificate.
4.
Sign the message by attaching the PKCS7 signature to the message.
5.
Send the signed message to the recipient.
S/MIME Encryption Workflow
The following process describes how Email Security appliance performs S/MIME encryption.
1.
Create a pseudo-random session key.
2.
Encrypt the message body using the session key.
3.
Encrypt the session key using the public key of the recipient's (gateway or consumer) S/MIME
certificate.
certificate.
4.
Attach the encrypted session key to the message.
5.
Send the encrypted message to the recipient.
Note
If PXE and S/MIME encryption is enabled on the appliance, Email Security appliance encrypts messages
using S/MIME first, and then using PXE.
using S/MIME first, and then using PXE.