SlideShare a Scribd company logo

Lecture 8 mail security

R
rajakhurram

PGP and S/MIME are two standards for securing email communications. PGP uses asymmetric encryption with RSA and symmetric encryption with algorithms like IDEA. It provides authentication, confidentiality, compression and is free but not controlled by standards bodies. S/MIME is the IETF standard that uses X.509 certificates and PKCS #7 to provide the same security features as PGP through signing, encrypting and signing/encrypting emails. It supports algorithms like SHA-1, RSA, Triple DES and is used more for professional email security. Both standards segment long messages and include mechanisms for trust and revoking public keys.

TechnologyEducation
Related topics:
Network Security
1 of 30
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
Electronic mail security
Outline • Pretty Good Privacy (PGP) • S/MIME • Recommended web sites 2 2
Security facilities in the TCP/IP protocol stack 3 3
Pretty Good Privacy • Philip R. Zimmerman is the creator of PGP (1992). • PGP provides  confidentiality  and authentication service that can be used for electronic mail and file storage applications. 4 4
Why Is PGP Popular? • It is available free on a variety of platforms. • Wide range of applicability • Based on well known algorithms. (Why ?, Is it Secure ?) • Not developed or controlled by governmental or standards organizations (Is-it trust worthy) 5 5
Operational Description •Notations Z = Compression using ZIP Ks = Session key used in Algorithm symmetric encryption scheme R64 = Conversion to Radix 64 PRa = Private key of user A, ASCII format used in public-key encryption EP = Public key encryption scheme DP = Public key decryption PUa = Public key of user A, EC = Symmetric Encryption used in public-key encryption DC = Symmetric Decryption scheme H = Hash Function (SHA-1 Used, 160 bit hash) • Consist of five services: | | : Concatenation  Authentication  Confidentiality  Compression  E-mail compatibility  Segmentation 6 6
Authentication • The sender creates a message • SHA-1 is used to generate a 160-bit hash code of the message • The hash code is encrypted with RSA using the sender’s private key, and the result is prepended to the message • The reciever uses RSA with sender’s public key to decrypt and recover the hash code • The reciever generates a new hash code for the mesage and compares it with the decryupted hash code. 7
Confidentiality • The sender generates a message and a random 128-bit number to be used as a session key for this message only • The message is encrypted using CAST -128 / IDEA / #DES with the session key. • The session key is encrypted with RSA using recipients public key and is prepended to the message • The reciever uses RSA with its private key to decrypt and recover the session key. • The session key is used to decrypt the message 8
PGP Cryptographic Function E[PUb, Ks] 9 9
PGP Cryptographic Function 10 10
Compression • PGP compresses the message after applying the signature but before encryption • The placement of the compression algorithm is critical. • The compression algorithm used is ZIP (described in appendix G or search internet) • Message encryption is applied after compression to strengthen cryptographic security. 11 11
E-mail Compatibility • The scheme used is radix-64 conversion (see appendix or online). • The use of radix-64 expands the message by 33%. 12 12
Segmentation and Reassembly • Often restricted to a maximum message length of 50,000 octets. • Longer messages must be broken up into segments. • PGP automatically subdivides a message that is to large. • The receiver strip of all e-mail headers and reassemble the block. 13 13
Transmission and Reception of PGP Messages assembly 14 14
Format of PGP Message 15 15
General Structure of Private and Public Key Rings • Keys need to be stored and organized in a systematic way for efficient and effective use by all parties • Scheme used in PGP providesa pair of data structure at each node  To store public / private key pairs owned by that node (Private Key Ring)  To store public keys of other users known at this node (Public Key Ring) 16
General Structure of Private and Public Key Rings Least significant 64 bits 17
PGP Message Generation 18
PGP Message Reception 19
The Use of Trust • No specification for establishing certifying authorities or for establishing trust • Provides means of  Using trust  Associating trust with public keys  Exploiting trust information. • Basic Structure  Key legitimacy field : indicates the extent to which PGP will trust See Table 7.2 public key for user (W. Stallings)  Signature trust field : Indicates the degree to PGP user trusts the signer to certify public keys  Owner trust field : Indicates degree to which public key is trusted to sign other public-key certificates; assigned by user 20 20
PGP Trust Model (Example) 21 (Reading Assignment)
Revoking Public Keys • The owner issue a key revocation certificate. • Normal signature certificate with a revoke indicator. • Corresponding private key is used to sign the certificate. 22 22
S/MIME • Secure/Multipurpose Internet Mail Extension (RFC5751) • S/MIME on the IETF standard track  Will be the commercial standard for secure e-mails • Uses X.509 certificates (Public-Key Cryptography Standards (PKCS) #7) to sign/encrypt messages  PKCS # 7: An updated Cryptographic Message Syntax (CMS) – CMS is the IETF's standard for cryptographically protected messages which is used to digitally sign, digest, authenticate or encrypt digital data. • Provides same features as PGP  authentication, message integrity and non-repudiation of origin – provided by use of digital signatures  privacy, data security – provided by use of encryption • PGP for personal e-mail security, S/MIME for professional e-mail security 23 23
S/MIME Fucntion • Enveloped Data  Consists of encrypted content of any type and encrypteed-content encryption key • Signed Data  Digital signature is formed by taking the message digest and then encrypted with public key  Contents + Signature are encoded using base64 encoding  Can only viewed by recipeint with S/MIME capabilities. • Clear-Signed Data  Digital signature are formed and encoded using base64  All can see message but can not verify signature. • Singed and Enveloped Data  Encrypted data may be signed  Signed data or clear-signed data may be encrypted 24
Plain Mail (just MIME) Content-Type: multipart/mixed; boundary=bar --bar Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable =A1Hola Michael! How do you like the new S/MIME specification? It's generally a good idea to encode lines that begin with From=20because some mail transport agents will insert a greater- than (>) sign, thus invalidating the signature. Also, in some cases it might be desirable to encode any =20 trailing whitespace that occurs on lines in order to ensure =20 that the message signature is not invalidated when passing =20 a gateway that modifies such whitespace (like BITNET). =20 --bar Content-Type: image/jpeg Content-Transfer-Encoding: base64 iQCVAwUBMJrRF2N9oWBghPDJAQE9UQQAtl7LuRVndBjrk4EqYBIb3h5QXIX/LC// jJV5bNvkZIGPIcEmI5iFd9boEgvpirHtIREEqLQRkYNoBActFBZmh9GC3C041WGq uMbrbxc+nIs1TIKlA08rVi9ig/2Yh7LFrK5Ein57U/W72vgSxLhe/zhdfolT9Brn HOxEa44b+EI= --bar-- 25 25
S/MIME filenames Media Type File Extension application/pkcs7-mime (SignedData, .p7m EnvelopedData) application/pkcs7-mime (degenerate SignedData .p7c certificate management message) application/pkcs7-mime (CompressedData) .p7z application/pkcs7-signature (SignedData) .p7s 26 26
S/MIME singed message Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary=boundary42 --boundary42 Content-Type: text/plain This is a clear-signed message. --boundary42 Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7s ghyHhHUujhJhjH77n8HHGTrfvbnj756tbB9HG4VQpfyF467GhIGfHfYT6 4VQpfyF467GhIGfHfYT6jH77n8HHGghyHhHUujhJh756tbB9HGTrfvbnj n8HHGTrfvhJhjH776tbB9HG4VQbnj7567GhIGfHfYT6ghyHhHUujpfyF4 7GhIGfHfYT64VQbnj756 --boundary42-- 27 27
Algorithms Used in S/MIME • Message Digesting  MUST : Absolute Requirement – SHA-1  SHOULD : May be required in particular cases – MD5 (Receiver) • Digital Signatures  MUST : DSS (Sender / Receiver)  SHOULD : RSA (Key size of 512 – 1024 bits) (Sender / Receiver) • Encryption with one time session key  MUST – Triple-DES (Sender / Receiver)  SHOULD – AES, RC2/40 (Sender) 28 28
Algorithms Used in S/MIME • Asymmetric encryption of the session key  MUST – RSA with key sizes of 512 to 1024 bits (Sender / Receiver)  SHOULD – Diffie-Hellman (for session keys). (Sender / Receiver) • Creation of MAC  MUST : HMAC with SHA-1 (Receiver)  SHOULD : HMAC with SHA-1 (Sender) 29
Recommended Web Sites • PGP home page: www.pgp.com • MIT distribution site for PGP • GOOGLE -> PGP • S/MIME Central: RSA Inc.’s Web Site 30 30

More Related Content

PPT
Pgp smime
Tania Agni
 
ODP
Email security
Ahmed EL-KOSAIRY
 
PDF
White paper-smime-compatibility
Ben Lightowler
 
PPTX
S/MIME & E-mail Security (Network Security)
Prafull Johri
 
PDF
IP Security
Dr.Florence Dayana
 
PPT
Digital Signature Standard
Sou Jana
 
PPT
Pretty good privacy
Pushkar Dutt
 
PDF
Asymmetric Cryptography
UTD Computer Security Group
 
Pgp smime
Tania Agni
 
Email security
Ahmed EL-KOSAIRY
 
White paper-smime-compatibility
Ben Lightowler
 
S/MIME & E-mail Security (Network Security)
Prafull Johri
 
IP Security
Dr.Florence Dayana
 
Digital Signature Standard
Sou Jana
 
Pretty good privacy
Pushkar Dutt
 
Asymmetric Cryptography
UTD Computer Security Group
 

What's hot (20)

PPTX
Key Management and Distribution
Syed Bahadur Shah
 
PDF
Electronic mail security
Dr.Florence Dayana
 
PPT
Email Security : PGP & SMIME
Rohit Soni
 
PPT
Firewall
Amuthavalli Nachiyar
 
PPT
PUBLIC KEY ENCRYPTION
raf_slide
 
PDF
Email security presentation
SubhradeepMaji
 
PPTX
Introduction to Public Key Infrastructure
Theo Gravity
 
PPTX
Digital certificates
Buddhika Karunanayaka
 
PPTX
Diffie Hellman Key Exchange
SAURABHDHAGE6
 
PPTX
Network security and cryptography
Pavithra renu
 
PDF
Digital certificates & its importance
svm
 
PPTX
public key infrastructure
vimal kumar
 
PPTX
Overview of cryptography
Roshan Chaudhary
 
PPTX
Security services and mechanisms
Rajapriya82
 
PPTX
Digital signature(Cryptography)
Soham Kansodaria
 
PPTX
RSA Algorithm
Srinadh Muvva
 
PPTX
SSL And TLS
Ghanshyam Patel
 
DOCX
S/MIME
maria azam
 
PPTX
Firewall and its purpose
Rohit Phulsunge
 
PPT
Fundamentals of cryptography
Hossain Md Shakhawat
 
Key Management and Distribution
Syed Bahadur Shah
 
Electronic mail security
Dr.Florence Dayana
 
Email Security : PGP & SMIME
Rohit Soni
 
Firewall
Amuthavalli Nachiyar
 
PUBLIC KEY ENCRYPTION
raf_slide
 
Email security presentation
SubhradeepMaji
 
Introduction to Public Key Infrastructure
Theo Gravity
 
Digital certificates
Buddhika Karunanayaka
 
Diffie Hellman Key Exchange
SAURABHDHAGE6
 
Network security and cryptography
Pavithra renu
 
Digital certificates & its importance
svm
 
public key infrastructure
vimal kumar
 
Overview of cryptography
Roshan Chaudhary
 
Security services and mechanisms
Rajapriya82
 
Digital signature(Cryptography)
Soham Kansodaria
 
RSA Algorithm
Srinadh Muvva
 
SSL And TLS
Ghanshyam Patel
 
S/MIME
maria azam
 
Firewall and its purpose
Rohit Phulsunge
 
Fundamentals of cryptography
Hossain Md Shakhawat
 
Ad

Similar to Lecture 8 mail security (20)

PPTX
Pretty_Good_Privacy_Method_Cryptography .pptx
NemesisPunisher
 
PPTX
Email sec11
Athira Asakumar
 
PPTX
module 4_7th sem_ Electronic Mail Security.pptx
prateekPallav2
 
PPTX
Pgp1
Sanjeevsharma620
 
PPT
pretty good privacy class hrtyetywetwetyewty
RudhhiShah
 
PPTX
Pgp pretty good privacy
Pawan Arya
 
PDF
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
PPTX
Pretty good privacy - Email Security
Rakesh Mittal
 
PPTX
Pretty good privacy
Punnya Babu
 
PDF
Network security cs9 10
Infinity Tech Solutions
 
PPT
unit6.ppt
Srinivas Devulapalli
 
DOCX
Unit 4
Vinod Kumar Gorrepati
 
PPT
types of attacks on electronic mail security
Flavia Gonsalves
 
PPT
Chapter 5Electronic MailElectronic Mail.ppt
nakshpub
 
PPTX
E mail security
Soumya Vijoy
 
PPTX
pgp.ppt.pptx
JyothiGadwala
 
PPT
PGP desk top basis lecture 002
Qaisar Ayub
 
PDF
CS6004 CYBER FORENSICS
Kathirvel Ayyaswamy
 
PDF
18CS2005 Cryptography and Network Security
Kathirvel Ayyaswamy
 
PPTX
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
Jyothishmathi Institute of Technology and Science Karimnagar
 
Pretty_Good_Privacy_Method_Cryptography .pptx
NemesisPunisher
 
Email sec11
Athira Asakumar
 
module 4_7th sem_ Electronic Mail Security.pptx
prateekPallav2
 
Pgp1
Sanjeevsharma620
 
pretty good privacy class hrtyetywetwetyewty
RudhhiShah
 
Pgp pretty good privacy
Pawan Arya
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
Pretty good privacy - Email Security
Rakesh Mittal
 
Pretty good privacy
Punnya Babu
 
Network security cs9 10
Infinity Tech Solutions
 
unit6.ppt
Srinivas Devulapalli
 
Unit 4
Vinod Kumar Gorrepati
 
types of attacks on electronic mail security
Flavia Gonsalves
 
Chapter 5Electronic MailElectronic Mail.ppt
nakshpub
 
E mail security
Soumya Vijoy
 
pgp.ppt.pptx
JyothiGadwala
 
PGP desk top basis lecture 002
Qaisar Ayub
 
CS6004 CYBER FORENSICS
Kathirvel Ayyaswamy
 
18CS2005 Cryptography and Network Security
Kathirvel Ayyaswamy
 
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
Jyothishmathi Institute of Technology and Science Karimnagar
 
Ad

More from rajakhurram (14)

PDF
Malicious software
rajakhurram
 
PDF
Lecture malicious software
rajakhurram
 
PPT
Lecture 12 malicious software
rajakhurram
 
PPT
Lecture 11 wifi security
rajakhurram
 
PPTX
Lecture 10 intruders
rajakhurram
 
PPT
Lecture 9 key distribution and user authentication
rajakhurram
 
PPT
Lecture 7 certificates
rajakhurram
 
PPT
Lecture 6 web security
rajakhurram
 
PPT
Lecture 5 ip security
rajakhurram
 
PPT
Lecture 4 firewalls
rajakhurram
 
PPT
Lecture 3b public key_encryption
rajakhurram
 
PPT
Lecture3a symmetric encryption
rajakhurram
 
PDF
Lecture2 network attack
rajakhurram
 
PPT
Lecture1 Introduction
rajakhurram
 
Malicious software
rajakhurram
 
Lecture malicious software
rajakhurram
 
Lecture 12 malicious software
rajakhurram
 
Lecture 11 wifi security
rajakhurram
 
Lecture 10 intruders
rajakhurram
 
Lecture 9 key distribution and user authentication
rajakhurram
 
Lecture 7 certificates
rajakhurram
 
Lecture 6 web security
rajakhurram
 
Lecture 5 ip security
rajakhurram
 
Lecture 4 firewalls
rajakhurram
 
Lecture 3b public key_encryption
rajakhurram
 
Lecture3a symmetric encryption
rajakhurram
 
Lecture2 network attack
rajakhurram
 
Lecture1 Introduction
rajakhurram
 

Recently uploaded (20)

PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PPTX
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Approach and Philosophy of On baking technology
30anthuong17
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
Encapsulation theory and applications.pdf
gurumoop
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 

Lecture 8 mail security

  • 2. Outline • Pretty Good Privacy (PGP) • S/MIME • Recommended web sites 2 2
  • 3. Security facilities in the TCP/IP protocol stack 3 3
  • 4. Pretty Good Privacy • Philip R. Zimmerman is the creator of PGP (1992). • PGP provides  confidentiality  and authentication service that can be used for electronic mail and file storage applications. 4 4
  • 5. Why Is PGP Popular? • It is available free on a variety of platforms. • Wide range of applicability • Based on well known algorithms. (Why ?, Is it Secure ?) • Not developed or controlled by governmental or standards organizations (Is-it trust worthy) 5 5
  • 6. Operational Description •Notations Z = Compression using ZIP Ks = Session key used in Algorithm symmetric encryption scheme R64 = Conversion to Radix 64 PRa = Private key of user A, ASCII format used in public-key encryption EP = Public key encryption scheme DP = Public key decryption PUa = Public key of user A, EC = Symmetric Encryption used in public-key encryption DC = Symmetric Decryption scheme H = Hash Function (SHA-1 Used, 160 bit hash) • Consist of five services: | | : Concatenation  Authentication  Confidentiality  Compression  E-mail compatibility  Segmentation 6 6
  • 7. Authentication • The sender creates a message • SHA-1 is used to generate a 160-bit hash code of the message • The hash code is encrypted with RSA using the sender’s private key, and the result is prepended to the message • The reciever uses RSA with sender’s public key to decrypt and recover the hash code • The reciever generates a new hash code for the mesage and compares it with the decryupted hash code. 7
  • 8. Confidentiality • The sender generates a message and a random 128-bit number to be used as a session key for this message only • The message is encrypted using CAST -128 / IDEA / #DES with the session key. • The session key is encrypted with RSA using recipients public key and is prepended to the message • The reciever uses RSA with its private key to decrypt and recover the session key. • The session key is used to decrypt the message 8
  • 9. PGP Cryptographic Function E[PUb, Ks] 9 9
  • 11. Compression • PGP compresses the message after applying the signature but before encryption • The placement of the compression algorithm is critical. • The compression algorithm used is ZIP (described in appendix G or search internet) • Message encryption is applied after compression to strengthen cryptographic security. 11 11
  • 12. E-mail Compatibility • The scheme used is radix-64 conversion (see appendix or online). • The use of radix-64 expands the message by 33%. 12 12
  • 13. Segmentation and Reassembly • Often restricted to a maximum message length of 50,000 octets. • Longer messages must be broken up into segments. • PGP automatically subdivides a message that is to large. • The receiver strip of all e-mail headers and reassemble the block. 13 13
  • 14. Transmission and Reception of PGP Messages assembly 14 14
  • 15. Format of PGP Message 15 15
  • 16. General Structure of Private and Public Key Rings • Keys need to be stored and organized in a systematic way for efficient and effective use by all parties • Scheme used in PGP providesa pair of data structure at each node  To store public / private key pairs owned by that node (Private Key Ring)  To store public keys of other users known at this node (Public Key Ring) 16
  • 17. General Structure of Private and Public Key Rings Least significant 64 bits 17
  • 20. The Use of Trust • No specification for establishing certifying authorities or for establishing trust • Provides means of  Using trust  Associating trust with public keys  Exploiting trust information. • Basic Structure  Key legitimacy field : indicates the extent to which PGP will trust See Table 7.2 public key for user (W. Stallings)  Signature trust field : Indicates the degree to PGP user trusts the signer to certify public keys  Owner trust field : Indicates degree to which public key is trusted to sign other public-key certificates; assigned by user 20 20
  • 21. PGP Trust Model (Example) 21 (Reading Assignment)
  • 22. Revoking Public Keys • The owner issue a key revocation certificate. • Normal signature certificate with a revoke indicator. • Corresponding private key is used to sign the certificate. 22 22
  • 23. S/MIME • Secure/Multipurpose Internet Mail Extension (RFC5751) • S/MIME on the IETF standard track  Will be the commercial standard for secure e-mails • Uses X.509 certificates (Public-Key Cryptography Standards (PKCS) #7) to sign/encrypt messages  PKCS # 7: An updated Cryptographic Message Syntax (CMS) – CMS is the IETF's standard for cryptographically protected messages which is used to digitally sign, digest, authenticate or encrypt digital data. • Provides same features as PGP  authentication, message integrity and non-repudiation of origin – provided by use of digital signatures  privacy, data security – provided by use of encryption • PGP for personal e-mail security, S/MIME for professional e-mail security 23 23
  • 24. S/MIME Fucntion • Enveloped Data  Consists of encrypted content of any type and encrypteed-content encryption key • Signed Data  Digital signature is formed by taking the message digest and then encrypted with public key  Contents + Signature are encoded using base64 encoding  Can only viewed by recipeint with S/MIME capabilities. • Clear-Signed Data  Digital signature are formed and encoded using base64  All can see message but can not verify signature. • Singed and Enveloped Data  Encrypted data may be signed  Signed data or clear-signed data may be encrypted 24
  • 25. Plain Mail (just MIME) Content-Type: multipart/mixed; boundary=bar --bar Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable =A1Hola Michael! How do you like the new S/MIME specification? It's generally a good idea to encode lines that begin with From=20because some mail transport agents will insert a greater- than (>) sign, thus invalidating the signature. Also, in some cases it might be desirable to encode any =20 trailing whitespace that occurs on lines in order to ensure =20 that the message signature is not invalidated when passing =20 a gateway that modifies such whitespace (like BITNET). =20 --bar Content-Type: image/jpeg Content-Transfer-Encoding: base64 iQCVAwUBMJrRF2N9oWBghPDJAQE9UQQAtl7LuRVndBjrk4EqYBIb3h5QXIX/LC// jJV5bNvkZIGPIcEmI5iFd9boEgvpirHtIREEqLQRkYNoBActFBZmh9GC3C041WGq uMbrbxc+nIs1TIKlA08rVi9ig/2Yh7LFrK5Ein57U/W72vgSxLhe/zhdfolT9Brn HOxEa44b+EI= --bar-- 25 25
  • 26. S/MIME filenames Media Type File Extension application/pkcs7-mime (SignedData, .p7m EnvelopedData) application/pkcs7-mime (degenerate SignedData .p7c certificate management message) application/pkcs7-mime (CompressedData) .p7z application/pkcs7-signature (SignedData) .p7s 26 26
  • 27. S/MIME singed message Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary=boundary42 --boundary42 Content-Type: text/plain This is a clear-signed message. --boundary42 Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7s ghyHhHUujhJhjH77n8HHGTrfvbnj756tbB9HG4VQpfyF467GhIGfHfYT6 4VQpfyF467GhIGfHfYT6jH77n8HHGghyHhHUujhJh756tbB9HGTrfvbnj n8HHGTrfvhJhjH776tbB9HG4VQbnj7567GhIGfHfYT6ghyHhHUujpfyF4 7GhIGfHfYT64VQbnj756 --boundary42-- 27 27
  • 28. Algorithms Used in S/MIME • Message Digesting  MUST : Absolute Requirement – SHA-1  SHOULD : May be required in particular cases – MD5 (Receiver) • Digital Signatures  MUST : DSS (Sender / Receiver)  SHOULD : RSA (Key size of 512 – 1024 bits) (Sender / Receiver) • Encryption with one time session key  MUST – Triple-DES (Sender / Receiver)  SHOULD – AES, RC2/40 (Sender) 28 28
  • 29. Algorithms Used in S/MIME • Asymmetric encryption of the session key  MUST – RSA with key sizes of 512 to 1024 bits (Sender / Receiver)  SHOULD – Diffie-Hellman (for session keys). (Sender / Receiver) • Creation of MAC  MUST : HMAC with SHA-1 (Receiver)  SHOULD : HMAC with SHA-1 (Sender) 29
  • 30. Recommended Web Sites • PGP home page: www.pgp.com • MIT distribution site for PGP • GOOGLE -> PGP • S/MIME Central: RSA Inc.’s Web Site 30 30