Scribd
Upload
15 views31 pages

PGP & Smime

Uploaded by

Kushagra Tyagi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
15 views31 pages

PGP & Smime

Uploaded by

Kushagra Tyagi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 31

Security at the Application

Layer:
PGP and S/MIME

16.1
Chapter 16
Objectives
 To explain the general structure of an e-mail
application program
 To d i sc uss how P GP c an p rov i d e se c uri ty
s e r v i c e s
for e-mail
 To discuss how S/MIME can provide security
services for e-mail
 To def in e trust mechanism in both PGP and
S/MIME
 To show the structure of messages exchanged in
PGP and S/MIME
16.2
16-1 E-MAIL

Let us f ir st discuss the electronic mail (e-mail)


system in general.

Topics discussed in this section:


16.1.1 E-mail Architecture
16.1.2 E-mail Security

16.3
16.1.1 E-mail Architecture

Figure 16.1 E-mail architecture

16.4
16.1.2 E-mail Security

Cryptographic Algorithms

Note
In e-mail security, the sender of the message
needs to include the name or identifiers
of the algorithms used in the message.

Certificates
It is obvious that some public-key algorithms must
be used for e-mail security.
16.5
16.1.2 Continued

Cryptographic Secrets

Note
In e-mail security, the encryption/decryption is
done using a symmetric-key algorithm,
but the secret key to decrypt the message is
encrypted with the public key of the
receiver and is sent with the message.

16.6
16-2 PGP

Pretty Good Privacy (PGP) can be used to create a


secure e-mail message or to store a f ile securely
for future retrieval.

Topics discussed in this section:


16.2.1 Scenarios
16.2.2 Key Rings
16.2.3 PGP Certificates
16.2.4 Key Revocation
16.2.5 Extracting Information from Rings
16.2.6 PGP Packets
16.2.7 PGP Messages
16.7
16.2.1 Scenarios
Plaintext

Figure 16.2 A plaintext message

16.8
16.2.1 Continued
Message Integrity

Figure 16.3 An authenticated message

16.9
16.2.1 Continued
Compression

Figure 16.4 A compressed message

16.10
16.2.1 Continued
Conf id entiality with One-Time Session
Key

Figure 16.5 A confidential message

16.11
16.2.1 Continued

Code Conversion
Another service provided by PGP is code
conversion. PGP uses Radix-64 conversion.

Segmentation
PGP allows segmentation of the message.

16.12
16.2.2 Key Rings

Figure 16.6 Key rings in PGP

16.13
16.2.3 PGP Certificates

X.509 Certificates
Protocols that use X.509 certif icates depend on
the hierarchical structure of the trust.

Note
In X.509, there is a single path from the fully
trusted authority to any certificate.

16.14
16.2.3 Continued

PGP Certificates
In PGP, there is no need for CAs; anyone in the ring
can sign a certificate for anyone else in the ring.
Note
In PGP, there can be multiple paths from fully or
partially trusted authorities to any subject.

Trusts and Legitimacy


The entire operation of PGP is based on introducer
trust, the certif icate trust, and the legitimacy of the
public keys.
16.15
16.2.3 Continued

Figure 16.7 Format of private key ring table

16.16
16.2.3 Continued

Figure 16.8 Format of a public key ring table

16.17
16.2.5 Extracting Information from Rings
Figure 16.10 Extracting information at the sender site

16.18
16.2.5 Continued
Figure 16.11 Extracting information at the receiver site

16.19
16-3 S/MIME

Another security service designed for electronic


mail is Secure/Multipurpose Internet Mail
Extension (S/MIME). The protocol is an
enhancement of the Multipurpose Internet Mail
Extension (MIME) protocol.

Topics discussed in this section:


16.3.1 MIME
16.3.2 S/MIME
16.3.3 Applications of S/MIME

16.20
16.3.1 Continued

Figure 16.23 MIME

16.21
16.3.1 Continued

MIME specifications include the following elements

16.22
16.3.1 Continued

MIME-Version
This header defines the version of MIME used. The
current version is 1.1.

Content-Type
The content type and the content subtype are
separated by a slash. Depending on the subtype,
the header may contain other parameters.

16.23
16.3.1 Continued

16.24
16.3.1 Continued

16.25
16.3.2 S/MIME

S/MIME adds some new content types to include


security services to the MIME. All of these new
types include the parameter “application/pkcs7-
mime,” in which “pkcs” def in es “Public Key
Cryptography Specification.”
Cryptographic Message Syntax (CMS)
To d e f in e h o w s e c u r i t y s e r v i c e s , s u c h a s
conf identiality or integrity, can be added to MIME
content types, S/MIME has def ined Cryptographic
Message Syntax (CMS). The syntax in each case
def in es the exact encoding scheme for each
content type. For details, the reader is referred to
16.26
RFC 3369 and 3370.
16.3.2 Continued
Figure 16.27 Signed-data content type ( for integrity of
data)

16.27
16.3.2 Continued
Figure 16.28 Enveloped-data content type( for privacy)

16.28
16.3.2 Continued
Figure 16.29 Digest-data content type ( for integrity
of data, used as content for Enveloped Data content
type)

16.29
16.3.2 Continued
Figure 16.30 Authenticated-data content type

16.30
16.3.2 Continued

Cryptographic Algorithms
S/MIME def ines several cryptographic algorithms.
The term “must” means an absolute requirement;
the term “should” means recommendation.

16.31

You might also like