.p7s vs .p7m

In practice, the .p7s file extension is sometimes used even when .p7m would be more appropriate, though this is technically incorrect.

Difference Between `.p7s` and `.p7m`

Extension	Meaning	Content Included?	Use Case
`.p7s`	PKCS#7 detached signature	No	Signature-only; original content is separate
`.p7m`	PKCS#7 enveloped/opaque signature	Yes	Signature and content in one file

Why `.p7s` May Be Misused

Developers or systems may default to .p7s for any PKCS#7 signature, even when it contains the data (i.e., it's an opaque or enveloping signature).
Some software may not enforce the distinction and treat either as valid, leading to extension confusion.

Consequences of Misuse

Incorrect expectations: A .p7s file may be assumed to contain only a signature, but actually includes data.
Software compatibility issues: Tools expecting .p7m may not handle a mislabeled .p7s properly, especially in email clients or verification tools.
Forensics/confusion: Difficult to distinguish if the content is present without inspecting the structure.

Best Practice

Use:
- .p7s for detached signatures
- .p7m for opaque/enveloped signatures
Validate content structure, not just the file extension.

Privacy Statement. Copyright Chilkat Software, Inc. All rights reserved.
(Regarding the usage of the Android logo) Portions of this page are reproduced from work created and shared by Google and used according to terms
described in the Creative Commons 3.0 Attribution License.

Send feedback to info@chilkatsoft.com
Software APIs, modules, components, and libraries for Windows, Linux, MacOS, iOS, Android™, Alpine Linux, MinGW, ...