Sunday, June 28, 2020

Fossa Guard Pro 1.0 S/MIME signed support

Send S/MIME signed message


  • application/pkcs7-mime with SignedData by restricting access to the signature (since G Suite uses this format to sign messages)
  • multipart/signed by rearranging MIME parts of the message converting to multipart/mixed

The following approach has been implemented to send S/MIME signed emails:

  • to *@gmail.com addresses multipart/mixed format used with smime.p7m attachment which contains original S/MIME multipart/signed message with signature due to the following reasons:
    • User will be able to see message content, files without any extension
    • User will be able to view content, files of the original message with the digital signature using of Fossa Guard
  • to all other addresses a standard S/MIME SignedData format due to the following reasons:
    • G Suite accounts use custom domains, 
    • G Suite uses SignedData format internally for S/MIME signed messages
    • Gmail doesn't mangle message to external addresses

Signature status indication

When User opens S/MIME signed message in Gmail UI Fossa Gard extension tries to verify the signature 
Once S/MIME signature verified the corresponding status is indicated. 
Fossa Guard replaces the content of the message by the original read from smime.p7m attachment. 


A new button `View Original  Message` becomes available to open the email in Fossa Guard View dialog with original message content and original attachments


Signature verification 



  • The attached certificate chain is not used in the email signature verification procedure until added to the list of trusted. 
  • Email signature verification is performed per email Sent date

No comments:

Post a Comment