Lecture 12Lecture 12

e-mail Securitye-mail Security

SummarySummary

PEMPEM secure emailsecure email PGPPGP S/MIMES/MIME

PEMPEM integration integration

PGP Operation – SummaryPGP Operation – Summary

general operation of PGP, and the relationship between the services discussed.

PGP Message FormatPGP Message Format

The format of a transmitted PGP message.

A message consists of:

1. the message component,

2. [a signature]

3. [a session key component].

PGP Key RingsPGP Key Rings Keys & key IDs are critical to the operation of PGP. Keys & key IDs are critical to the operation of PGP. These keys need to be stored and organized in a These keys need to be stored and organized in a

systematic way for efficient and effective use by all systematic way for efficient and effective use by all parties. parties.

PGP uses a pair of data structures, PGP uses a pair of data structures, one to store the users public/private key pairs - their private-key one to store the users public/private key pairs - their private-key

ring;ring; one to store the public keys of other known users - their public-one to store the public keys of other known users - their public-

key ring. key ring. The private keys are kept encrypted using a block The private keys are kept encrypted using a block

cipher, with a key derived by hashing a pass-phrase cipher, with a key derived by hashing a pass-phrase which the user enters whenever that key needs to be which the user enters whenever that key needs to be used. used.

As in any system based on passwords, the security of As in any system based on passwords, the security of this system depends on the security of the password, this system depends on the security of the password, which should be not easily guessed but easily which should be not easily guessed but easily remembered.remembered.

PGP Message GenerationPGP Message Generation

Key rings are used in message transmission to implement the various PGP crypto services

PGP Message ReceptionPGP Message Reception

key rings are used in message receptionto implement the various PGP crypto services

S/MIME Certificate ProcessingS/MIME Certificate Processing S/MIME uses public-key certificates that conform S/MIME uses public-key certificates that conform

to version 3 of X.509.to version 3 of X.509. The key-management scheme used by S/MIME The key-management scheme used by S/MIME

is in some ways a hybrid between a strict X.509 is in some ways a hybrid between a strict X.509 certification hierarchy and PGP’s web of trust. certification hierarchy and PGP’s web of trust.

S/MIME managers and/or users must configure S/MIME managers and/or users must configure each client with a list of trusted keys and with each client with a list of trusted keys and with certificate revocation lists, needed to verify certificate revocation lists, needed to verify incoming signatures and to encrypt outgoing incoming signatures and to encrypt outgoing messages.messages.

But certificates are signed by trusted But certificates are signed by trusted certification authorities. certification authorities.

ReferencesReferences

William Stallings, “Cryptography and William Stallings, “Cryptography and Network Security”, 4Network Security”, 4thth ed. ed.

Watching your e-mailWatching your e-mail