SlideShare une entreprise Scribd logo

E-mail Security Guide: PGP vs. S/MIME

Télécharger en tant que PPT, PDF
T
Tania Agni

PGP and S/MIME are two standards for securing email. PGP uses asymmetric encryption and digital signatures to provide authentication, confidentiality, and compression of messages. It utilizes public/private key pairs and trust is established through signatures on public keys. S/MIME is an Internet standard that provides similar security services to MIME messages as PGP, using PKI/certificates and industry standard algorithms. Both standards encrypt messages and attach digital signatures to authenticate senders and guarantee message integrity.

Internet
1  sur  39
E-mail Security: PGP and S/MIME
2 Outline  PGP – services – message format – key management – trust management  S/MIME – services – message formats – key management
3 What is PGP?  PGP - Pretty Good Privacy  general purpose application to protect (encrypt and/or sign) files  can be used to protect e-mail messages  can be used by corporations as well as individuals  based on strong cryptographic algorithms (IDEA, RSA, SHA-1)  available free of charge at http://www.pgpi.org  first version developed by Phil Zimmermann  PGP is now on an Internet standards track (RFC 3156)
4 PGP services  messages – authentication – confidentiality – compression – e-mail compatibility – segmentation and reassembly  key management – generation, distribution, and revocation of public/private keys – generation and transport of session keys and IVs PGP/services
5 Message authentication  based on digital signatures  supported algorithms: RSA/SHA and DSS/SHA hashhash encenc hashhash decdeccomparecompare accept / reject m h σ Ksnd -1 Ksnd m h σh senderreceiver PGP/services
6 Message confidentiality  symmetric key encryption in CFB mode with a random session key and IV  session key and IV is encrypted with the public key of the receiver  supported algorithms: – symmetric: CAST, IDEA, 3DES – asymmetric: RSA, ElGamal prngprng s.encs.enc m Krcv sender a.enca.enc k, iv {m}k {k, iv}Krcv PGP/services
7 Compression  applied after the signature – enough to store clear message and signature for later verification – it would be possible to dynamically compress messages before signature verification, but … – then all PGP implementations should use the same compression algorithm – however, different PGP versions use slightly different compression algorithms  applied before encryption – compression reduces redundancy → makes cryptanalysis harder  supported algorithm: ZIP PGP/services
8 E-mail compatibility  encrypted messages and signatures may contain arbitrary octets  most e-mail systems support only ASCII characters  PGP converts an arbitrary binary stream into a stream of printable ASCII characters  radix 64 conversion: 3 8-bit blocks → 4 6-bit blocks 0 7 0 7 0 7 0 5 0 5 0 5 0 5 character encoding 6-bit value 52 0 … … 61 9 62 + 63 / (pad) = 0 A … ... 25 Z 26 a … … 51 z character encoding 6-bit value PGP/services
9 Combining services X := fileX := file signature?signature? compress X := Z(X) compress X := Z(X) encryption?encryption? radix 64 X := R64(X) radix 64 X := R64(X) generate signature X := σ(X) || X generate signature X := σ(X) || X generate envelop X := {k}Krcv || {X}k generate envelop X := {k}Krcv || {X}k yes yes no no PGP/services
10 PGP message format session key component signature message key ID of Krcv session key k timestamp key ID of Ksnd leading two octets of hash hash filename timestamp data {}Krcv{}Ksnd -1 {}k ZIP R64 PGP/messageformat
11 Key IDs  a user may have several public key – private key pairs – which private key to use to decrypt the session key? – which public key to use to verify a signature?  transmitting the whole public key would be wasteful  associating a random ID to a public key would result in management burden  PGP key ID: least significant 64 bits of the public key – unique within a user with very high probability PGP/keyandtrustmanagement
12 Random number generation  true random numbers – used to generate public key – private key pairs – provide the initial seed for the pseudo-random number generator (PRNG) – provide additional input during pseudo-random number generation  pseudo-random numbers – used to generate session keys and IVs PGP/keyandtrustmanagement
13 True random numbers  PGP maintains a 256-byte buffer of random bits  each time PGP expects a keystroke from the user, it records – the time when it starts waiting (32 bits) – the time when the key was pressed (32 bits) – the value of the key stroke (8 bits)  the recorded information is used to generate a key  the generated key is used to encrypt the current value of the random-bit buffer PGP/keyandtrustmanagement
14 Pseudo-random numbers  based on the ANSI X9.17 PRNG standard 3DES3DES 3DES3DES 3DES3DES + + DTi Vi Vi+1 K1, K2 Ri PGP/keyandtrustmanagement
15 Pseudo-random numbers EE EE EE+ + EE EE+ + EE EE+ + + + + dtbuf rseed rseed’ IV[0..7] K[8..15] K[0..7] true random bits  CAST-128 is used instead of 3DES with key rkey PGP/keyandtrustmanagement
16 Pseudo-random numbers  dtbuf[0..3] = current time, dtbuf[4..7] = 0  pre-wash – take the hash of the message • this has already been generated if the message is being signed • otherwise the first 4K of the message is hashed – use the result as a key, use a null IV, and encrypt (rkey, rseed)previous in CFB mode • if (rkey, rseed)previous is empty, it is filled up with true random bits – set (rkey, rseed)current to the result of the encryption  post-wash – generate 24 more bytes as before but without XORing in true random bytes – encrypt the result in CFB mode using K and IV – set (rkey, rseed)previous to the result of the encryption PGP/keyandtrustmanagement
17 Private-key ring  used to store the public key – private key pairs owned by a given user  essentially a table, where each row contains the following entries: – timestamp – key ID (indexed) – public key – encrypted private key – user ID (indexed) encencpassphrase hashhash private key encrypted private key PGP/keyandtrustmanagement
18 Public-key ring  used to store public keys of other users  a table, where each row contains the following entries: – timestamp – key ID (indexed) – public key – user ID (indexed) – owner trust – signature(s) – signature trust(s) – key legitimacy PGP/keyandtrustmanagement
19 Trust management  owner trust – assigned by the user – possible values: • unknown user • usually not trusted to sign • usually trusted to sign • always trusted to sign • ultimately trusted (own key, present in private key ring)  signature trust – assigned by the PGP system – if the corresponding public key is already in the public-key ring, then its owner trust entry is copied into signature trust – otherwise, signature trust is set to unknown user PGP/keyandtrustmanagement
20 Trust management  key legitimacy – computed by the PGP system – if at least one signature trust is ultimate, then the key legitimacy is 1 (complete) – otherwise, a weighted sum of the signature trust values is computed • always trusted signatures has a weight of 1/X • usually trusted signatures has a weight of 1/Y • X, Y are user-configurable parameters – example: X=2, Y=4 • 1 ultimately trusted, or • 2 always trusted, or • 1 always trusted and 2 usually trusted, or • 4 usually trusted signatures are needed to obtain full legitimacy PGP/keyandtrustmanagement
21 Example – key legitimacy X = 1, Y = 2       user A B C D E F G H I J K M L  untrusted / usually untrusted usually trusted always trusted ultimately trusted (you) signature legitimate PGP/keyandtrustmanagement
22 Public-key revocation  why to revoke a public key? – suspected to be compromised (private key got known by someone) – re-keying  the owner issues a revocation certificate … – has a similar format to normal public-key certificates – contains the public key to be revoked – signed with the corresponding private key  and disseminates it as widely and quickly as possible  if a key is compromised: – e.g., Bob knows the private key of Alice – Bob can issue a revocation certificate to revoke the public key of Alice – even better for Alice PGP/keyandtrustmanagement
23 What is S/MIME?  Secure / Multipurpose Internet Mail Extension  a security enhancement to MIME  provides similar services to PGP  based on technology from RSA Security  industry standard for commercial and organizational use  RFC 2630, 2632, 2633
24 RFC 822  defines a format for text messages to be sent using e-mail  Internet standard  structure of RFC 822 compliant messages – header lines (e.g., from: …, to: …, cc: …) – blank line – body (the text to be sent)  example Date: Tue, 16 Jan 1998 10:37:17 (EST) From: “Levente Buttyan” <buttyan@hit.bme.hu> Subject: Test To: afriend@otherhost.bme.hu Blablabla S/MIME/introduction
25 Problems with RFC 822 and SMTP  executable files must be converted into ASCII – various schemes exist (e.g., Unix UUencode) – a standard is needed  text data that includes special characters (e.g., Hungarian text)  some servers – reject messages over a certain size – delete, add, or reorder CR and LF characters – truncate or wrap lines longer than 76 characters – remove trailing white space (tabs and spaces) – pad lines in a message to the same length – convert tab characters into multiple spaces S/MIME/introduction
26 MIME  defines new message header fields  defines a number of content formats (standardizing representation of multimedia contents)  defines transfer encodings that protects the content from alteration by the mail system S/MIME/introduction
27 MIME - New header fields  MIME-Version  Content-Type – describes the data contained in the body – receiving agent can pick an appropriate method to represent the content  Content-Transfer-Encoding – indicates the type of the transformation that has been used to represent the body of the message  Content-ID  Content-Description – description of the object in the body of the message – useful when content is not readable (e.g., audio data) S/MIME/introduction
28 MIME – Content types and subtypes  text/plain, text/enriched  image/jpeg, image/gif  video/mpeg  audio/basic  application/postscript, application/octet-stream  multipart/mixed, multipart/parallel, multipart/alternative, multipart/digest (each part is message/rfc822)  message/rfc822, message/partial, message/external-body S/MIME/introduction
29 MIME – Transfer encodings  7bit – short lines of ASCII characters  8bit – short lines of non-ASCII characters  binary – non-ASCII characters – lines are not necessarily short  quoted-printable – non-ASCII characters are converted into hexa numbers (e.g., =EF)  base64 (radix 64) – 3 8-bit blocks into 4 6-bit blocks  x-token – non-standard encoding S/MIME/introduction
30 MIME – Example MIME-Version: 1.0 From: Nathaniel Borenstein <nsb@nsb.fv.com> To: Ned Freed <ned@innosoft.com> Date: Fri, 07 Oct 1994 16:15:05 -0700 (PDT) Subject: A multipart example Content-Type: multipart/mixed; boundary=unique-boundary-1 This is the preamble area of a multipart message. Mail readers that understand multipart format should ignore this preamble. If you are reading this text, you might want to consider changing to a mail reader that understands how to properly display multipart messages. --unique-boundary-1 Content-type: text/plain; charset=US-ASCII … Some text … --unique-boundary-1 Content-Type: multipart/parallel; boundary=unique-boundary-2 --unique-boundary-2 Content-Type: audio/basic Content-Transfer-Encoding: base64 ... base64-encoded 8000 Hz single-channel mu-law-format audio data goes here ... --unique-boundary-2 Content-Type: image/jpeg Content-Transfer-Encoding: base64 ... base64-encoded image data goes here ... --unique-boundary-2-- S/MIME/introduction
31 MIME – Example cont’d --unique-boundary-1 Content-type: text/enriched This is <bold><italic>enriched.</italic></bold><smaller>as defined in RFC 1896</smaller> Isn’t it <bigger><bigger>cool?</bigger></bigger> --unique-boundary-1 Content-Type: message/rfc822 From: (mailbox in US-ASCII) To: (address in US-ASCII) Subject: (subject in US-ASCII) Content-Type: Text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: Quoted-printable ... Additional text in ISO-8859-1 goes here ... --unique-boundary-1-- S/MIME/introduction
32 S/MIME services  enveloped data (application/pkcs7-mime; smime-type = enveloped-data) – standard digital envelop  signed data (application/pkcs7-mime; smime-type = signed-data) – standard digital signature (“hash and sign”) – content + signature is encoded using base64 encoding  clear-signed data (multipart/signed) – standard digital signature – only the signature is encoded using base64 – recipient without S/MIME capability can read the message but cannot verify the signature  signed and enveloped data – signed and encrypted entities may be nested in any order S/MIME/services
33 Cryptographic algorithms  message digest – must: SHA-1 – should (receiver): MD5 (backward compatibility)  digital signature – must: DSS – should: RSA  asymmetric-key encryption – must: ElGamal – should: RSA  symmetric-key encryption – sender: • should: 3DES, RC2/40 – receiver: • must: 3DES • should: RC2/40 S/MIME/services
34 Securing a MIME entity  MIME entity is prepared according to the normal rules for MIME message preparation  prepared MIME entity is processed by S/MIME to produce a PKCS object  the PKCS object is treated as message content and wrapped in MIME S/MIME/services
35 PKCS7 “signed data” Version (Set of) Digest Algorithms Content Info Set of certificates Set of CRLs Signer Info Version Signer ID (issuer and ser. no.) Digest Algorithm Authenticated Attributes Digest Encryption Alg. Encrypted digest (signature) Content type Content S/MIME/messageformats
36 PKCS7 “enveloped data” Version Encrypted Content Info Recipient Info Version Recipient ID (issuer and s.no.) Key Encryption Algorithm Encrypted Key Content Encryption Alg. Content type Encrypted Content Originator Info S/MIME/messageformats
37 Enveloped data – Example Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name=smime.p7m Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7m rfvbnj756tbBghyHhHUujhJhjH77n8HHGT9HG4VQpfyF467GhIGfHfYT6 7n8HHGghyHhHUujhJh4VQpfyF467GhIGfHfYGTrfvbnjT6jH7756tbB9H f8HHGTrfvhJhjH776tbB9HG4VQbnj7567GhIGfHfYT6ghyHhHUujpfyF4 0GhIGfHfQbnj756YT64V S/MIME/messageformats
38 Clear-signed data – Example Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary=boundary42 --boundary42 Content-Type: text/plain This is a clear-signed message. --boundary42 Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7s ghyHhHUujhJhjH77n8HHGTrfvbnj756tbB9HG4VQpfyF467GhIGfHfYT6 4VQpfyF467GhIGfHfYT6jH77n8HHGghyHhHUujhJh756tbB9HGTrfvbnj n8HHGTrfvhJhjH776tbB9HG4VQbnj7567GhIGfHfYT6ghyHhHUujpfyF4 7GhIGfHfYT64VQbnj756 --boundary42-- S/MIME/messageformats
39 Key management  S/MIME certificates are X.509 conformant  key management scheme is between strict certification hierarchy and PGP’s web of trust – certificates are signed by certification authorities (CA) – key authentication is based on chain of certificates – users/managers are responsible to configure their clients with a list of trusted root keys K S/MIME/keymanagement

Recommandé

Random Oracle Model & Hashing - Cryptography & Network Security
Random Oracle Model & Hashing - Cryptography & Network SecurityRandom Oracle Model & Hashing - Cryptography & Network Security
Random Oracle Model & Hashing - Cryptography & Network SecurityMahbubur Rahman
 
Authentication Application in Network Security NS4
Authentication Application in Network Security NS4Authentication Application in Network Security NS4
Authentication Application in Network Security NS4koolkampus
 
SHA 1 Algorithm
SHA 1 AlgorithmSHA 1 Algorithm
SHA 1 AlgorithmShiva RamDam
 
SHA- Secure hashing algorithm
SHA- Secure hashing algorithmSHA- Secure hashing algorithm
SHA- Secure hashing algorithmRuchi Maurya
 
Double DES & Triple DES
Double DES & Triple DESDouble DES & Triple DES
Double DES & Triple DESHemant Sharma
 
Electronic mail security
Electronic mail securityElectronic mail security
Electronic mail securityDr.Florence Dayana
 
Cs8792 cns - unit v
Cs8792 cns - unit vCs8792 cns - unit v
Cs8792 cns - unit vArthyR3
 
Information and network security 35 the chinese remainder theorem
Information and network security 35 the chinese remainder theoremInformation and network security 35 the chinese remainder theorem
Information and network security 35 the chinese remainder theoremVaibhav Khanna
 

Recommandé

Random Oracle Model & Hashing - Cryptography & Network Security
Random Oracle Model & Hashing - Cryptography & Network SecurityRandom Oracle Model & Hashing - Cryptography & Network Security
Random Oracle Model & Hashing - Cryptography & Network SecurityMahbubur Rahman
 
Authentication Application in Network Security NS4
Authentication Application in Network Security NS4Authentication Application in Network Security NS4
Authentication Application in Network Security NS4koolkampus
 
SHA 1 Algorithm
SHA 1 AlgorithmSHA 1 Algorithm
SHA 1 AlgorithmShiva RamDam
 
SHA- Secure hashing algorithm
SHA- Secure hashing algorithmSHA- Secure hashing algorithm
SHA- Secure hashing algorithmRuchi Maurya
 
Double DES & Triple DES
Double DES & Triple DESDouble DES & Triple DES
Double DES & Triple DESHemant Sharma
 
Electronic mail security
Electronic mail securityElectronic mail security
Electronic mail securityDr.Florence Dayana
 
Cs8792 cns - unit v
Cs8792 cns - unit vCs8792 cns - unit v
Cs8792 cns - unit vArthyR3
 
Information and network security 35 the chinese remainder theorem
Information and network security 35 the chinese remainder theoremInformation and network security 35 the chinese remainder theorem
Information and network security 35 the chinese remainder theoremVaibhav Khanna
 
Hash Function
Hash Function Hash Function
Hash Function ssuserdfb2da
 
Hash function
Hash functionHash function
Hash functionHarry Potter
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacyPawan Arya
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distributionRiya Choudhary
 
Digital signature schemes
Digital signature schemesDigital signature schemes
Digital signature schemesravik09783
 
Message authentication
Message authenticationMessage authentication
Message authenticationCAS
 
Modern Block Cipher- Modern Symmetric-Key Cipher
Modern Block Cipher- Modern Symmetric-Key CipherModern Block Cipher- Modern Symmetric-Key Cipher
Modern Block Cipher- Modern Symmetric-Key CipherMahbubur Rahman
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic EncryptionVipin Tejwani
 
Secure Hash Algorithm
Secure Hash AlgorithmSecure Hash Algorithm
Secure Hash AlgorithmVishakha Agarwal
 
Ch12
Ch12Ch12
Ch12Joe Christensen
 
Transport layer security
Transport layer securityTransport layer security
Transport layer securityHrudya Balachandran
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithmSunita Kharayat
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementationajeet singh
 
DES
DESDES
DESNaga Srimanyu Timmaraju
 
IP Security
IP SecurityIP Security
IP SecurityKeshab Nath
 
MD5 ALGORITHM.pptx
MD5 ALGORITHM.pptxMD5 ALGORITHM.pptx
MD5 ALGORITHM.pptxRajapriya82
 
Message digest 5
Message digest 5Message digest 5
Message digest 5Tirthika Bandi
 
Cryptographic hash function md5
Cryptographic hash function md5Cryptographic hash function md5
Cryptographic hash function md5Khulna University, Khulna, Bangladesh
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5koolkampus
 
MD5 - Hash Functions & RIPEMD160
MD5 - Hash Functions & RIPEMD160MD5 - Hash Functions & RIPEMD160
MD5 - Hash Functions & RIPEMD160chuxuantinh
 
Hash function
Hash function Hash function
Hash function Salman Memon
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacyPushkar Dutt
 

Contenu connexe

Tendances

Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacyPawan Arya
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distributionRiya Choudhary
 
Digital signature schemes
Digital signature schemesDigital signature schemes
Digital signature schemesravik09783
 
Message authentication
Message authenticationMessage authentication
Message authenticationCAS
 
Modern Block Cipher- Modern Symmetric-Key Cipher
Modern Block Cipher- Modern Symmetric-Key CipherModern Block Cipher- Modern Symmetric-Key Cipher
Modern Block Cipher- Modern Symmetric-Key CipherMahbubur Rahman
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic EncryptionVipin Tejwani
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithmSunita Kharayat
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementationajeet singh
 
MD5 ALGORITHM.pptx
MD5 ALGORITHM.pptxMD5 ALGORITHM.pptx
MD5 ALGORITHM.pptxRajapriya82
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5koolkampus
 
MD5 - Hash Functions & RIPEMD160
MD5 - Hash Functions & RIPEMD160MD5 - Hash Functions & RIPEMD160
MD5 - Hash Functions & RIPEMD160chuxuantinh
 

Tendances (20)

Hash Function
Hash Function Hash Function
Hash Function
 
Hash function
Hash functionHash function
Hash function
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacy
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distribution
 
Digital signature schemes
Digital signature schemesDigital signature schemes
Digital signature schemes
 
Message authentication
Message authenticationMessage authentication
Message authentication
 
Modern Block Cipher- Modern Symmetric-Key Cipher
Modern Block Cipher- Modern Symmetric-Key CipherModern Block Cipher- Modern Symmetric-Key Cipher
Modern Block Cipher- Modern Symmetric-Key Cipher
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic Encryption
 
Secure Hash Algorithm
Secure Hash AlgorithmSecure Hash Algorithm
Secure Hash Algorithm
 
Ch12
Ch12Ch12
Ch12
 
Transport layer security
Transport layer securityTransport layer security
Transport layer security
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithm
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementation
 
DES
DESDES
DES
 
IP Security
IP SecurityIP Security
IP Security
 
MD5 ALGORITHM.pptx
MD5 ALGORITHM.pptxMD5 ALGORITHM.pptx
MD5 ALGORITHM.pptx
 
Message digest 5
Message digest 5Message digest 5
Message digest 5
 
Cryptographic hash function md5
Cryptographic hash function md5Cryptographic hash function md5
Cryptographic hash function md5
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5
 
MD5 - Hash Functions & RIPEMD160
MD5 - Hash Functions & RIPEMD160MD5 - Hash Functions & RIPEMD160
MD5 - Hash Functions & RIPEMD160
 

En vedette

Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacyPushkar Dutt
 
5. message authentication and hash function
5. message authentication and hash function5. message authentication and hash function
5. message authentication and hash functionChirag Patel
 
x.509-Directory Authentication Service
x.509-Directory Authentication Servicex.509-Directory Authentication Service
x.509-Directory Authentication ServiceSwathy T
 
Digital signature
Digital signatureDigital signature
Digital signatureAJAL A J
 

En vedette (6)

Hash function
Hash function Hash function
Hash function
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
 
5. message authentication and hash function
5. message authentication and hash function5. message authentication and hash function
5. message authentication and hash function
 
x.509-Directory Authentication Service
x.509-Directory Authentication Servicex.509-Directory Authentication Service
x.509-Directory Authentication Service
 
Hash Function
Hash FunctionHash Function
Hash Function
 
Digital signature
Digital signatureDigital signature
Digital signature
 

Similaire à E-mail Security Guide: PGP vs. S/MIME

module 4_7th sem_ Electronic Mail Security.pptx
module 4_7th sem_ Electronic Mail Security.pptxmodule 4_7th sem_ Electronic Mail Security.pptx
module 4_7th sem_ Electronic Mail Security.pptxprateekPallav2
 
Presentation about RSA
Presentation about RSAPresentation about RSA
Presentation about RSASrilal Buddika
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securityNagendra Um
 
Cupdf.com public key-cryptography-569692953829a
Cupdf.com public key-cryptography-569692953829aCupdf.com public key-cryptography-569692953829a
Cupdf.com public key-cryptography-569692953829ajsk1950
 
Cryptography Key Management.pptx
Cryptography Key Management.pptxCryptography Key Management.pptx
Cryptography Key Management.pptxSurendraBasnet6
 
TLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkTLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkNisheed KM
 
Rsa diffi-network security-itt
Rsa diffi-network security-ittRsa diffi-network security-itt
Rsa diffi-network security-ittrameshvvv
 
TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006Nate Lawson
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_cryptoHarry Potter
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_cryptoJames Wong
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_cryptoYoung Alista
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_cryptoDavid Hoen
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_cryptoTony Nguyen
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_cryptoLuis Goldster
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_cryptoFraboni Ec
 
Applying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto libraryApplying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto libraryPriyank Kapadia
 

Similaire à E-mail Security Guide: PGP vs. S/MIME (20)

Introduction to cryptography
Introduction to cryptographyIntroduction to cryptography
Introduction to cryptography
 
module 4_7th sem_ Electronic Mail Security.pptx
module 4_7th sem_ Electronic Mail Security.pptxmodule 4_7th sem_ Electronic Mail Security.pptx
module 4_7th sem_ Electronic Mail Security.pptx
 
Presentation about RSA
Presentation about RSAPresentation about RSA
Presentation about RSA
 
Moein
MoeinMoein
Moein
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
Cupdf.com public key-cryptography-569692953829a
Cupdf.com public key-cryptography-569692953829aCupdf.com public key-cryptography-569692953829a
Cupdf.com public key-cryptography-569692953829a
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography Key Management.pptx
Cryptography Key Management.pptxCryptography Key Management.pptx
Cryptography Key Management.pptx
 
Network security cs9 10
Network security cs9 10Network security cs9 10
Network security cs9 10
 
TLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkTLS/SSL Internet Security Talk
TLS/SSL Internet Security Talk
 
Rsa diffi-network security-itt
Rsa diffi-network security-ittRsa diffi-network security-itt
Rsa diffi-network security-itt
 
TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 
Applying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto libraryApplying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto library
 

Dernier

Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMartaLoveguard
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Lucknow
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 

Dernier (20)

Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 

E-mail Security Guide: PGP vs. S/MIME

  • 2. 2 Outline  PGP – services – message format – key management – trust management  S/MIME – services – message formats – key management
  • 3. 3 What is PGP?  PGP - Pretty Good Privacy  general purpose application to protect (encrypt and/or sign) files  can be used to protect e-mail messages  can be used by corporations as well as individuals  based on strong cryptographic algorithms (IDEA, RSA, SHA-1)  available free of charge at http://www.pgpi.org  first version developed by Phil Zimmermann  PGP is now on an Internet standards track (RFC 3156)
  • 4. 4 PGP services  messages – authentication – confidentiality – compression – e-mail compatibility – segmentation and reassembly  key management – generation, distribution, and revocation of public/private keys – generation and transport of session keys and IVs PGP/services
  • 5. 5 Message authentication  based on digital signatures  supported algorithms: RSA/SHA and DSS/SHA hashhash encenc hashhash decdeccomparecompare accept / reject m h σ Ksnd -1 Ksnd m h σh senderreceiver PGP/services
  • 6. 6 Message confidentiality  symmetric key encryption in CFB mode with a random session key and IV  session key and IV is encrypted with the public key of the receiver  supported algorithms: – symmetric: CAST, IDEA, 3DES – asymmetric: RSA, ElGamal prngprng s.encs.enc m Krcv sender a.enca.enc k, iv {m}k {k, iv}Krcv PGP/services
  • 7. 7 Compression  applied after the signature – enough to store clear message and signature for later verification – it would be possible to dynamically compress messages before signature verification, but … – then all PGP implementations should use the same compression algorithm – however, different PGP versions use slightly different compression algorithms  applied before encryption – compression reduces redundancy → makes cryptanalysis harder  supported algorithm: ZIP PGP/services
  • 8. 8 E-mail compatibility  encrypted messages and signatures may contain arbitrary octets  most e-mail systems support only ASCII characters  PGP converts an arbitrary binary stream into a stream of printable ASCII characters  radix 64 conversion: 3 8-bit blocks → 4 6-bit blocks 0 7 0 7 0 7 0 5 0 5 0 5 0 5 character encoding 6-bit value 52 0 … … 61 9 62 + 63 / (pad) = 0 A … ... 25 Z 26 a … … 51 z character encoding 6-bit value PGP/services
  • 9. 9 Combining services X := fileX := file signature?signature? compress X := Z(X) compress X := Z(X) encryption?encryption? radix 64 X := R64(X) radix 64 X := R64(X) generate signature X := σ(X) || X generate signature X := σ(X) || X generate envelop X := {k}Krcv || {X}k generate envelop X := {k}Krcv || {X}k yes yes no no PGP/services
  • 10. 10 PGP message format session key component signature message key ID of Krcv session key k timestamp key ID of Ksnd leading two octets of hash hash filename timestamp data {}Krcv{}Ksnd -1 {}k ZIP R64 PGP/messageformat
  • 11. 11 Key IDs  a user may have several public key – private key pairs – which private key to use to decrypt the session key? – which public key to use to verify a signature?  transmitting the whole public key would be wasteful  associating a random ID to a public key would result in management burden  PGP key ID: least significant 64 bits of the public key – unique within a user with very high probability PGP/keyandtrustmanagement
  • 12. 12 Random number generation  true random numbers – used to generate public key – private key pairs – provide the initial seed for the pseudo-random number generator (PRNG) – provide additional input during pseudo-random number generation  pseudo-random numbers – used to generate session keys and IVs PGP/keyandtrustmanagement
  • 13. 13 True random numbers  PGP maintains a 256-byte buffer of random bits  each time PGP expects a keystroke from the user, it records – the time when it starts waiting (32 bits) – the time when the key was pressed (32 bits) – the value of the key stroke (8 bits)  the recorded information is used to generate a key  the generated key is used to encrypt the current value of the random-bit buffer PGP/keyandtrustmanagement
  • 14. 14 Pseudo-random numbers  based on the ANSI X9.17 PRNG standard 3DES3DES 3DES3DES 3DES3DES + + DTi Vi Vi+1 K1, K2 Ri PGP/keyandtrustmanagement
  • 15. 15 Pseudo-random numbers EE EE EE+ + EE EE+ + EE EE+ + + + + dtbuf rseed rseed’ IV[0..7] K[8..15] K[0..7] true random bits  CAST-128 is used instead of 3DES with key rkey PGP/keyandtrustmanagement
  • 16. 16 Pseudo-random numbers  dtbuf[0..3] = current time, dtbuf[4..7] = 0  pre-wash – take the hash of the message • this has already been generated if the message is being signed • otherwise the first 4K of the message is hashed – use the result as a key, use a null IV, and encrypt (rkey, rseed)previous in CFB mode • if (rkey, rseed)previous is empty, it is filled up with true random bits – set (rkey, rseed)current to the result of the encryption  post-wash – generate 24 more bytes as before but without XORing in true random bytes – encrypt the result in CFB mode using K and IV – set (rkey, rseed)previous to the result of the encryption PGP/keyandtrustmanagement
  • 17. 17 Private-key ring  used to store the public key – private key pairs owned by a given user  essentially a table, where each row contains the following entries: – timestamp – key ID (indexed) – public key – encrypted private key – user ID (indexed) encencpassphrase hashhash private key encrypted private key PGP/keyandtrustmanagement
  • 18. 18 Public-key ring  used to store public keys of other users  a table, where each row contains the following entries: – timestamp – key ID (indexed) – public key – user ID (indexed) – owner trust – signature(s) – signature trust(s) – key legitimacy PGP/keyandtrustmanagement
  • 19. 19 Trust management  owner trust – assigned by the user – possible values: • unknown user • usually not trusted to sign • usually trusted to sign • always trusted to sign • ultimately trusted (own key, present in private key ring)  signature trust – assigned by the PGP system – if the corresponding public key is already in the public-key ring, then its owner trust entry is copied into signature trust – otherwise, signature trust is set to unknown user PGP/keyandtrustmanagement
  • 20. 20 Trust management  key legitimacy – computed by the PGP system – if at least one signature trust is ultimate, then the key legitimacy is 1 (complete) – otherwise, a weighted sum of the signature trust values is computed • always trusted signatures has a weight of 1/X • usually trusted signatures has a weight of 1/Y • X, Y are user-configurable parameters – example: X=2, Y=4 • 1 ultimately trusted, or • 2 always trusted, or • 1 always trusted and 2 usually trusted, or • 4 usually trusted signatures are needed to obtain full legitimacy PGP/keyandtrustmanagement
  • 21. 21 Example – key legitimacy X = 1, Y = 2       user A B C D E F G H I J K M L  untrusted / usually untrusted usually trusted always trusted ultimately trusted (you) signature legitimate PGP/keyandtrustmanagement
  • 22. 22 Public-key revocation  why to revoke a public key? – suspected to be compromised (private key got known by someone) – re-keying  the owner issues a revocation certificate … – has a similar format to normal public-key certificates – contains the public key to be revoked – signed with the corresponding private key  and disseminates it as widely and quickly as possible  if a key is compromised: – e.g., Bob knows the private key of Alice – Bob can issue a revocation certificate to revoke the public key of Alice – even better for Alice PGP/keyandtrustmanagement
  • 23. 23 What is S/MIME?  Secure / Multipurpose Internet Mail Extension  a security enhancement to MIME  provides similar services to PGP  based on technology from RSA Security  industry standard for commercial and organizational use  RFC 2630, 2632, 2633
  • 24. 24 RFC 822  defines a format for text messages to be sent using e-mail  Internet standard  structure of RFC 822 compliant messages – header lines (e.g., from: …, to: …, cc: …) – blank line – body (the text to be sent)  example Date: Tue, 16 Jan 1998 10:37:17 (EST) From: “Levente Buttyan” <buttyan@hit.bme.hu> Subject: Test To: afriend@otherhost.bme.hu Blablabla S/MIME/introduction
  • 25. 25 Problems with RFC 822 and SMTP  executable files must be converted into ASCII – various schemes exist (e.g., Unix UUencode) – a standard is needed  text data that includes special characters (e.g., Hungarian text)  some servers – reject messages over a certain size – delete, add, or reorder CR and LF characters – truncate or wrap lines longer than 76 characters – remove trailing white space (tabs and spaces) – pad lines in a message to the same length – convert tab characters into multiple spaces S/MIME/introduction
  • 26. 26 MIME  defines new message header fields  defines a number of content formats (standardizing representation of multimedia contents)  defines transfer encodings that protects the content from alteration by the mail system S/MIME/introduction
  • 27. 27 MIME - New header fields  MIME-Version  Content-Type – describes the data contained in the body – receiving agent can pick an appropriate method to represent the content  Content-Transfer-Encoding – indicates the type of the transformation that has been used to represent the body of the message  Content-ID  Content-Description – description of the object in the body of the message – useful when content is not readable (e.g., audio data) S/MIME/introduction
  • 28. 28 MIME – Content types and subtypes  text/plain, text/enriched  image/jpeg, image/gif  video/mpeg  audio/basic  application/postscript, application/octet-stream  multipart/mixed, multipart/parallel, multipart/alternative, multipart/digest (each part is message/rfc822)  message/rfc822, message/partial, message/external-body S/MIME/introduction
  • 29. 29 MIME – Transfer encodings  7bit – short lines of ASCII characters  8bit – short lines of non-ASCII characters  binary – non-ASCII characters – lines are not necessarily short  quoted-printable – non-ASCII characters are converted into hexa numbers (e.g., =EF)  base64 (radix 64) – 3 8-bit blocks into 4 6-bit blocks  x-token – non-standard encoding S/MIME/introduction
  • 30. 30 MIME – Example MIME-Version: 1.0 From: Nathaniel Borenstein <nsb@nsb.fv.com> To: Ned Freed <ned@innosoft.com> Date: Fri, 07 Oct 1994 16:15:05 -0700 (PDT) Subject: A multipart example Content-Type: multipart/mixed; boundary=unique-boundary-1 This is the preamble area of a multipart message. Mail readers that understand multipart format should ignore this preamble. If you are reading this text, you might want to consider changing to a mail reader that understands how to properly display multipart messages. --unique-boundary-1 Content-type: text/plain; charset=US-ASCII … Some text … --unique-boundary-1 Content-Type: multipart/parallel; boundary=unique-boundary-2 --unique-boundary-2 Content-Type: audio/basic Content-Transfer-Encoding: base64 ... base64-encoded 8000 Hz single-channel mu-law-format audio data goes here ... --unique-boundary-2 Content-Type: image/jpeg Content-Transfer-Encoding: base64 ... base64-encoded image data goes here ... --unique-boundary-2-- S/MIME/introduction
  • 31. 31 MIME – Example cont’d --unique-boundary-1 Content-type: text/enriched This is <bold><italic>enriched.</italic></bold><smaller>as defined in RFC 1896</smaller> Isn’t it <bigger><bigger>cool?</bigger></bigger> --unique-boundary-1 Content-Type: message/rfc822 From: (mailbox in US-ASCII) To: (address in US-ASCII) Subject: (subject in US-ASCII) Content-Type: Text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: Quoted-printable ... Additional text in ISO-8859-1 goes here ... --unique-boundary-1-- S/MIME/introduction
  • 32. 32 S/MIME services  enveloped data (application/pkcs7-mime; smime-type = enveloped-data) – standard digital envelop  signed data (application/pkcs7-mime; smime-type = signed-data) – standard digital signature (“hash and sign”) – content + signature is encoded using base64 encoding  clear-signed data (multipart/signed) – standard digital signature – only the signature is encoded using base64 – recipient without S/MIME capability can read the message but cannot verify the signature  signed and enveloped data – signed and encrypted entities may be nested in any order S/MIME/services
  • 33. 33 Cryptographic algorithms  message digest – must: SHA-1 – should (receiver): MD5 (backward compatibility)  digital signature – must: DSS – should: RSA  asymmetric-key encryption – must: ElGamal – should: RSA  symmetric-key encryption – sender: • should: 3DES, RC2/40 – receiver: • must: 3DES • should: RC2/40 S/MIME/services
  • 34. 34 Securing a MIME entity  MIME entity is prepared according to the normal rules for MIME message preparation  prepared MIME entity is processed by S/MIME to produce a PKCS object  the PKCS object is treated as message content and wrapped in MIME S/MIME/services
  • 35. 35 PKCS7 “signed data” Version (Set of) Digest Algorithms Content Info Set of certificates Set of CRLs Signer Info Version Signer ID (issuer and ser. no.) Digest Algorithm Authenticated Attributes Digest Encryption Alg. Encrypted digest (signature) Content type Content S/MIME/messageformats
  • 36. 36 PKCS7 “enveloped data” Version Encrypted Content Info Recipient Info Version Recipient ID (issuer and s.no.) Key Encryption Algorithm Encrypted Key Content Encryption Alg. Content type Encrypted Content Originator Info S/MIME/messageformats
  • 37. 37 Enveloped data – Example Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name=smime.p7m Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7m rfvbnj756tbBghyHhHUujhJhjH77n8HHGT9HG4VQpfyF467GhIGfHfYT6 7n8HHGghyHhHUujhJh4VQpfyF467GhIGfHfYGTrfvbnjT6jH7756tbB9H f8HHGTrfvhJhjH776tbB9HG4VQbnj7567GhIGfHfYT6ghyHhHUujpfyF4 0GhIGfHfQbnj756YT64V S/MIME/messageformats
  • 38. 38 Clear-signed data – Example Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary=boundary42 --boundary42 Content-Type: text/plain This is a clear-signed message. --boundary42 Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7s ghyHhHUujhJhjH77n8HHGTrfvbnj756tbB9HG4VQpfyF467GhIGfHfYT6 4VQpfyF467GhIGfHfYT6jH77n8HHGghyHhHUujhJh756tbB9HGTrfvbnj n8HHGTrfvhJhjH776tbB9HG4VQbnj7567GhIGfHfYT6ghyHhHUujpfyF4 7GhIGfHfYT64VQbnj756 --boundary42-- S/MIME/messageformats
  • 39. 39 Key management  S/MIME certificates are X.509 conformant  key management scheme is between strict certification hierarchy and PGP’s web of trust – certificates are signed by certification authorities (CA) – key authentication is based on chain of certificates – users/managers are responsible to configure their clients with a list of trusted root keys K S/MIME/keymanagement