Secure Multipurpose Internet Mail Extensions (S/MIME) provides a secure method of sending e-mail and is incorporated into many popular e-mail applications. S/MIME provides confidentiality and authentication by using the RSA asymmetric key system, digital signatures, and X.509 digital certificates. S/MIME complies with the Public Key Cryptography Standard (PKCS) #7 format and has been proposed as a standard to the Internet Engineering Task Force (IETF).
With S/MIME, the sender of an e-mail can provide a guarantee to the recipient that the e-mail is in fact sent from the sender, and that the content of the e-mail has not been tampered with on the way to the recipient. S/MIME relies on a system of public/private keys and trust authorities.
To be able to send a signed e-mail (that is, provide a digital signature to the e-mail, ensuring that the e-mail was in fact sent from the person in question), you need to take contact with a trust authority, such as Verisign, Thawte, or a national trust authority (such as TDC in Denmark). The trust authority establishes your identity and issues a private key and an X.509 certificate to you. These keys are sent to you in a password-protected PKCS12 file. The X.509 certificate may contain various information about you, but certainly contains the e-mail address to which the keys are bound. Your public key is included in the X.509 certificate. It has now been established that the trust authority vouches for your identity.
When you send an e-mail to another person, you can now sign the message. When the recipient receives the signed e-mail, he/she needs to be in possession of your public key to verify the signature (some messaging applications automatically attach your public key when you send a signed message). Using your public key, the messaging application will check if the certificate is trusted by an authority that it also trusts, and the application will then often prompt to store the certificate.
Now that the recipient has your public key, he/she can receive signed e-mail from you and send encrypted mail to you.
To send encrypted e-mail, you need the public key of the person you want to send to. You can obtain the public key of the recipient by asking him or her to send you a signed e-mail.