What is MIME type "application/pkcs7-signature"?

A MIME type is a string that tells browsers and other tools how to handle a particular kind of file.

The MIME type application/pkcs7-signature is used for files that carry a digital signature made under the PKCS #7 standard. It contains cryptographic data that proves a message or document comes from a trusted source and has not been altered.
It works with systems that use public key cryptography. When a file is signed, it shows that the sender’s digital certificate validates the content. This process helps protect data integrity and authenticity.
Files using this MIME type often appear in secure communications and document exchanges. For example, secure email systems use it to verify that a message is genuine. Digital documents and software updates may include such signatures to show they are safe.

Authentication: Confirms the data’s origin.
Integrity Check: Ensures the content remains unchanged.
Email Security: Supports S/MIME, a protocol for secure email.
Document Signing: Validates the authenticity of signed files.

Files built on this standard include those with the container formats P7M and P7B, as well as standalone signature files like P7S.
For more technical details, see the PKCS #7 article on Wikipedia.

Associated file extensions

.p7m, .p7b, .p7s

Usage Examples

HTTP Header

When serving content with this MIME type, set the Content-Type header:


    Content-Type: application/pkcs7-signature

HTML

In HTML, you can specify the MIME type in various elements:


    <a href="file.dat" type="application/pkcs7-signature">Download file</a>

Server-side (Node.js)

Setting the Content-Type header in Node.js:


    const http = require('http');    
    
    http.createServer((req, res) => {    
      res.setHeader('Content-Type', 'application/pkcs7-signature');    
      res.end('Content here');    
    }).listen(3000);

Associated file extensions

.p7m, .p7b, .p7s

FAQs

What is the application/pkcs7-signature MIME type used for?

This MIME type is primarily used for detached digital signatures within the S/MIME protocol. It indicates that a file (often named smime.p7s) contains cryptographic data to verify the sender's identity and ensure the message has not been tampered with. It is distinct from enveloped data, which typically uses application/pkcs7-mime.

Why do I see an attachment named 'smime.p7s' in my email?

An smime.p7s attachment appears when a sender digitally signs an email, but your email client (or webmail interface) does not natively support or recognize S/MIME verification. Instead of displaying a "Verified" badge, the client treats the signature data as a generic file attachment with the MIME type application/pkcs7-signature.

How do I configure Apache to serve .p7s files correctly?

To ensure browsers and email clients handle digital signatures correctly, add the MIME type directive to your Apache configuration or .htaccess file. Use the line: AddType application/pkcs7-signature .p7s. This ensures the server sends the correct header for .p7s files.

What is the difference between application/pkcs7-signature and application/pkcs7-mime?

application/pkcs7-signature is generally used for detached signatures where the content is separate from the signature data. In contrast, application/pkcs7-mime is used for "enveloped" data, where the content is encrypted or fully encapsulated within the CMS structure, often seen with .p7m files.

Can I open a file with this MIME type in a text editor?

No, files with the application/pkcs7-signature type are typically binary files (DER encoded) or Base64 encoded text blocks. Opening them in a text editor will reveal unreadable characters or a block of random text. You should use tools like OpenSSL or a certificate management utility to inspect the signature details.

Is application/x-pkcs7-signature the same thing?

Yes, application/x-pkcs7-signature is the legacy or non-standard version of this MIME type. While modern applications prefer the standard application/pkcs7-signature (without the x-), many servers and clients still support the legacy version for backward compatibility.

How do I verify a file served as application/pkcs7-signature?

Verification requires the sender's public key and a tool capable of parsing PKCS #7 structures, such as Microsoft Outlook, Mozilla Thunderbird, or the OpenSSL command line. For example, you can verify a detached signature using: openssl smime -verify -in signature.p7s -content original_file.txt.

General FAQ

What is a MIME type?

A MIME (Multipurpose Internet Mail Extensions) type is a standard that indicates the nature and format of a document, file, or assortment of bytes. MIME types are defined and standardized in IETF's RFC 6838.

MIME types are important because they help browsers and servers understand how to process a file. When a browser receives a file from a server, it uses the MIME type to determine how to display or handle the content, whether it's an image to display, a PDF to open in a viewer, or a video to play.

MIME types consist of a type and a subtype, separated by a slash (e.g., text/html, image/jpeg, application/pdf). Some MIME types also include optional parameters.

How do I find the MIME type for a file?

You can check the file extension or use a file identification tool such as file --mime-type on the command line. Many programming languages also provide libraries to detect MIME types.

Why are multiple MIME types listed for one extension?

Different applications and historical conventions may use alternative MIME identifiers for the same kind of file. Showing them all helps ensure compatibility across systems.