Abstract image of a woman sitting on books and studying on a laptop

PGP S/MIME

Download as PPT, PDF
S
Sou Jana

1. PGP (Pretty Good Privacy) provides encryption and authentication for email. It uses public key cryptography and digital signatures to encrypt messages and verify sender identity. 2. PGP offers five main services - digital signatures for authentication, symmetric encryption for confidentiality, compression, encoding for email compatibility, and message segmentation. 3. The document describes how PGP provides both authentication and encryption of messages using a combination of public key and symmetric key cryptography. Digital signatures verify the identity of the sender and encrypted symmetric keys protect the confidentiality of messages.

Engineering
Related topics:
Email Security Overview
1 of 37
Downloaded 10 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
Most read
29
Most read
30
31
Most read
32
33
34
35
36
37
PRETTY GOOD PRIVACY (PGP) Security for Electronic Email ~ S. Janani, AP/CSE
Contents • Introduction • Why PGP • Services
Problem • E-Mail Security
Everyone on the way can read it!! No Authentication. Everyone can pose as everyone Size Limit
There are two main schemes which are especially designed to provide confidentiality and authentication for electronic mail systems. These are: PGP (Pretty Good Privacy) S/MIME (Secure/Multipurpose Internet Mail Extension) 5
PGP • Developed by Phil Zimmerman in 1995. • Documentation and source code is freely available. • The package is independent of operating system and processor. • PGP does not rely on the “establishment” and it’s popularity and use have grown extensively since 1995. 6
Why PGP? •PGP combines the best available cryptographic algorithms to achieve secure e-mail communication. •It is assumed that all users are using public key cryptography and have generated a private/public key pair. •Either RSA (with RSA digital signatures) or El Gamal (with DSA) can be used. •All users also use a symmetric key system such as triple DES or Rijndael. 7
Services of PGP PGP offers 5 services: 1. Authentication – Digital Signature 2. Confidentiality – Symmetric Block Encryption 3. Compression - ZIP 4. E-mail compatibility – Radix 64 5. Segmentation 8
PGP S/MIME
PGP S/MIME
1. PGP Authentication This is a digital signature scheme with hashing. 1. Alice has (private/public) key pair (Ad/Ae) and she wants to send a digitally signed message m to Bob. 2. Alice hashes the message using SHA-1 to obtain SHA(m). 3. Alice encrypts the hash using her private key Ad to obtain ciphertext c given c=pk.encryptAd(SHA(m)) 4. Alice sends Bob the pair (m,c) 5. Bob receives (m,c) and decrypts c using Alice's public key Ae to obtain signature s s=pk.decryptAe(c) 11
6. He computes the hash of m using SHA-1 and if this hash value is equal to s then the message is authenticated. Bob is sure that the message is correct and that is does come from Alice. Furthermore Alice cannot later deny sending the message since only Alice has access to her private key Ad which works in conjunction with the public key Ae. 12
PGP S/MIME
2. PGP Confidentiality 1. Alice wishes to send Bob a confidential message m. 2. Alice generates a random session key k for a symmetric cryptosystem. 3. Alice encrypts k using Bob’s public key Be to get k’ = pk.encryptBe(k) 4. Alice encrypts the message m with the session key k to get ciphertext c c=sk.encryptk(m) 5. Alice sends Bob the values (k’,c) 6. Bob receives the values (k’,c) and decrypts k’ using his private key Bd to obtain k k=pk.decryptBd(k’) 14
7. Bob uses the session key k to decrypt the ciphertext c and recover the message m m=sk.decryptk(c) Public and symmetric key cryptosystems are combined in this way to provide security for key exchange and then efficiency for encryption. The session key k is used only to encrypt message m and is not stored for any length of time. 15
PGP S/MIME
PGP Authenticaton and Confidentiality (at the same time) The schemes for authentication and confidentiality can be combined so that Alice can sign a confidential message which is encrypted before transmission. The steps required are as follows: 1. Alice generates a signature c for her message m as in the Authentication scheme c=pk.encryptAd(SHA(m)) 2. Alice generates a random session key k and encrypts the message m and the signature c using a symmetric cryptosystem to obtain ciphertext C=sk.encryptk(m,c) 3. She encrypts the session key k using Bob’s public key k’ = pk.encryptBe(k) 4. Alice sends Bob the values (k’,C) 17
5. Bob recieves k’ and C and decrypts k’ using his private key Bd to obtain the session key k k=pk.decryptBd(k’) 6. Bob decrypts the ciphertext C using the session key k to obtain m and c (m,c) = sk.decryptk(C) 7. Bob now has the message m. In order to authenticate it he uses Alice’s public key Ae to decrypt the signature c and hashes the message m using SHA-1. If SHA(m) = pk.decryptAe(c) Then the message is authenticated. 18
3. PGP Compression PGP can also compress the message if desired. The compression algorithm is ZIP and the decompression algorithm is UNZIP. 1. The original message m is signed as before to obtain c=pk.encryptAd(SHA(m)) 2. Now the original message m is compressed to obtain M=ZIP(m) 3. Alice generates a session key k and encrypts the compressed message and the signature using the session key C=sk.encryptk(M,c) 19
4. The session key is encrypted using Bob’s public key as before. 5. Alice sends Bob the encrypted session key and ciphertext C. 6. Bob decrypts the session key using his private key and then uses the session key to decrypt the ciphertext C to obtain M and c (M,c) = sk.decryptk(C) 7. Bob decompresses the message M to obtain the original message m m=UNZIP(M) 8. Now Bob has the original message m and signature c. He verifies the signature using SHA-1 and Alice’s public key as before. 20
4. PGP E-Mail Compatibility Many electronic mail systems can only transmit blocks of ASCII text. This can cause a problem when sending encrypted data since ciphertext blocks might not correspond to ASCII characters which can be transmitted. PGP overcomes this problem by using radix-64 conversion. 21
Radix-64 conversion Suppose the text to be encrypted has been converted into binary using ASCII coding and encrypted to give a ciphertext stream of binary. Radix-64 conversion maps arbitrary binary into printable characters as follows: 22
Radix-64 conversion 1. The binary input is split into blocks of 24 bits (3 bytes). 2. Each 24 block is then split into four sets each of 6- bits. 3. Each 6-bit set will then have a value between 0 and 26-1 (=63). 4. This value is encoded into a printable character. 23
24 6 bit value Character encoding 6 bit value Character encoding 6 bit value Character encoding 6 bit value Character encoding 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 A B C D E F G H I J K L M N O P 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 Q R S T U V W X Y Z a b c d e f 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 g h i j k l m n o p q r s t u v 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 (pad) w x y z 0 1 2 3 4 5 6 7 8 9 + / =
5. PGP Segmentation Another constraint of e-mail is that there is usually a maximum message length. PGP automatically blocks an encrypted message into segments of an appropriate length. On receipt, the segments must be re-assembled before the decryption process. 25
Key Issues 1. Key Generation Recall that a new session key is required each time a message is encrypted. How are these keys generated? PGP uses the timing of key strokes and key patterns to generate random numbers. 26
So a PGP message might consist of: • Message component – the actual data to be transmitted + a filename + a timestamp; • Signature component – timestamp + hash of message and timestamp + first part of message (so user can check that they are decrypting correctly) + Key ID of sender’s public key • Session Key component – session key + key ID of recipient’s public key 29
S/MIME – RFC5322 • Defines a format for text messages that are sent using electronic mail • Messages are viewed as having an envelope and contents • The envelope contains whatever information is needed to accomplish transmission and delivery • The contents compose the object to be delivered to the recipient The content standard includes a set of header fields that may be used by the mail system to create the envelope
Elements of MIME
Table 19.3 MIME Transfer Encodings
Five Header Fields
Table 19.2 MIME Content Types Content Formats
S/MIME Functions • enveloped data • encrypted content and associated keys • signed data • encoded message + signed digest • clear-signed data • cleartext message + encoded signed digest • signed & enveloped data • nesting of signed & encrypted entities
S/MIME Cryptographic Algorithms • hash functions: SHA-1 & MD5 • digital signatures: DSS & RSA • session key encryption: ElGamal & RSA • message encryption: Triple-DES, RC2/40 and others • have a procedure to decide which algorithms to use
S/MIME Certificate Processing • S/MIME uses X.509 v3 certificates • managed using a hybrid of a strict X.509 CA hierarchy & PGP’s web of trust • each client has a list of trusted CA’s certs and own public/private key pairs & certs • certificates must be signed by trusted CA’s
Certificate Authorities • have several well-known CA’s • Verisign one of most widely used • Verisign issues several types of Digital IDs • with increasing levels of checks & hence trust Class Identity Checks Usage 1 name/email check web browsing/email 2+ enroll/addr check email, subs, s/w validate 3+ ID documents e-banking/service access
Summary • E-Mail Security – importance • PGP – Services • S/MIME - Functions

More Related Content

PPTX
MAC-Message Authentication Codes
DarshanPatil82
 
PPTX
Cryptographic Algorithms: DES and RSA
aritraranjan
 
PPT
RC4&RC5
Mohamed El-Serngawy
 
PPTX
Pgp pretty good privacy
Pawan Arya
 
PDF
2. public key cryptography and RSA
Dr.Florence Dayana
 
PPTX
Transposition Cipher
daniyalqureshi712
 
PPTX
Asymmetric Cryptography.pptx
diaa46
 
PPTX
Principles of public key cryptography and its Uses
Mohsin Ali
 
MAC-Message Authentication Codes
DarshanPatil82
 
Cryptographic Algorithms: DES and RSA
aritraranjan
 
RC4&RC5
Mohamed El-Serngawy
 
Pgp pretty good privacy
Pawan Arya
 
2. public key cryptography and RSA
Dr.Florence Dayana
 
Transposition Cipher
daniyalqureshi712
 
Asymmetric Cryptography.pptx
diaa46
 
Principles of public key cryptography and its Uses
Mohsin Ali
 

What's hot (20)

PPT
Digital signature schemes
ravik09783
 
PPTX
IP Security
Keshab Nath
 
PPT
Cryptography and Network Security William Stallings Lawrie Brown
Information Security Awareness Group
 
PPT
Chapter 15 - Security
Wayne Jones Jnr
 
PDF
RSA ALGORITHM
Dr. Shashank Shetty
 
PPTX
Data Encryption Standard (DES)
Haris Ahmed
 
PDF
CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
PPTX
SHA- Secure hashing algorithm
Ruchi Maurya
 
PDF
Network security - OSI Security Architecture
BharathiKrishna6
 
PDF
Electronic mail security
Dr.Florence Dayana
 
PPTX
Kerberos
Sutanu Paul
 
PPTX
Internet Key Exchange Protocol
Prateek Singh Bapna
 
PPTX
AES KEY EXPANSION .pptx
AhmudulHassan
 
PDF
Computer Security Lecture 7: RSA
Mohamed Loey
 
PPT
DES
Naga Srimanyu Timmaraju
 
PPTX
Cryptography and Information Security
Dr Naim R Kidwai
 
PPT
The rsa algorithm
Komal Singh
 
PPTX
Kerberos
RafatSamreen
 
PDF
AES-Advanced Encryption Standard
Prince Rachit
 
PPTX
Key Management and Distribution
Syed Bahadur Shah
 
Digital signature schemes
ravik09783
 
IP Security
Keshab Nath
 
Cryptography and Network Security William Stallings Lawrie Brown
Information Security Awareness Group
 
Chapter 15 - Security
Wayne Jones Jnr
 
RSA ALGORITHM
Dr. Shashank Shetty
 
Data Encryption Standard (DES)
Haris Ahmed
 
CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
SHA- Secure hashing algorithm
Ruchi Maurya
 
Network security - OSI Security Architecture
BharathiKrishna6
 
Electronic mail security
Dr.Florence Dayana
 
Kerberos
Sutanu Paul
 
Internet Key Exchange Protocol
Prateek Singh Bapna
 
AES KEY EXPANSION .pptx
AhmudulHassan
 
Computer Security Lecture 7: RSA
Mohamed Loey
 
DES
Naga Srimanyu Timmaraju
 
Cryptography and Information Security
Dr Naim R Kidwai
 
The rsa algorithm
Komal Singh
 
Kerberos
RafatSamreen
 
AES-Advanced Encryption Standard
Prince Rachit
 
Key Management and Distribution
Syed Bahadur Shah
 
Ad

Similar to PGP S/MIME (20)

PPTX
Email sec11
Athira Asakumar
 
PPTX
Pretty good privacy
Punnya Babu
 
PPT
CRYPTOGRAPHY_ENGG_CSE_III_YEAR_PGP_CNS.ppt
SakethBhargavaRallap
 
DOCX
network and cyber security
Shruthi Reddy
 
PDF
Email Security Pretty Good Privacy (PGP),Services Provided by PGP.pdf
aryalmadhave123
 
PPTX
E mail security
Soumya Vijoy
 
PPTX
Network security
SVijaylakshmi
 
DOCX
Pgp
Abhishek Kesharwani
 
PPTX
Pgp1
Sanjeevsharma620
 
PPTX
module 4_7th sem_ Electronic Mail Security.pptx
prateekPallav2
 
PDF
M.FLORENCE DAYANA/electronic mail security.pdf
Dr.Florence Dayana
 
DOCX
Pgp
Abhishek Kesharwani
 
PPT
Pgp
Reham Maher El-Safarini
 
PPT
electronic mail security for authent.ppt
naghamallella
 
PPT
Email security
Indrajit Sreemany
 
PDF
CNS - Unit v
ArthyR3
 
PPT
S-MIMEemail-security.ppt
witscollege
 
DOCX
Unit 4
Vinod Kumar Gorrepati
 
PDF
BAIT1103 Chapter 5
limsh
 
PPT
Pgp smime
Tania Agni
 
Email sec11
Athira Asakumar
 
Pretty good privacy
Punnya Babu
 
CRYPTOGRAPHY_ENGG_CSE_III_YEAR_PGP_CNS.ppt
SakethBhargavaRallap
 
network and cyber security
Shruthi Reddy
 
Email Security Pretty Good Privacy (PGP),Services Provided by PGP.pdf
aryalmadhave123
 
E mail security
Soumya Vijoy
 
Network security
SVijaylakshmi
 
Pgp
Abhishek Kesharwani
 
Pgp1
Sanjeevsharma620
 
module 4_7th sem_ Electronic Mail Security.pptx
prateekPallav2
 
M.FLORENCE DAYANA/electronic mail security.pdf
Dr.Florence Dayana
 
Pgp
Abhishek Kesharwani
 
Pgp
Reham Maher El-Safarini
 
electronic mail security for authent.ppt
naghamallella
 
Email security
Indrajit Sreemany
 
CNS - Unit v
ArthyR3
 
S-MIMEemail-security.ppt
witscollege
 
Unit 4
Vinod Kumar Gorrepati
 
BAIT1103 Chapter 5
limsh
 
Pgp smime
Tania Agni
 
Ad

More from Sou Jana (20)

PPTX
Cyber-Attacks-in-SEVEN OSI -Layers .pptx
Sou Jana
 
PPTX
UHV Self Management and Peer Pressure.pptx
Sou Jana
 
PPTX
RC4.pptx
Sou Jana
 
PPT
X.509 Certificates
Sou Jana
 
PPT
Digital Signature Standard
Sou Jana
 
PPT
Message Authentication Requirement-MAC
Sou Jana
 
PPT
Kerberos
Sou Jana
 
PPTX
Elliptic Curve Cryptography
Sou Jana
 
PPT
Elgamal Digital Signature
Sou Jana
 
PPT
Key management.ppt
Sou Jana
 
PPTX
Mathematics of Asymmetric cryptography
Sou Jana
 
PPTX
RSA Algm.pptx
Sou Jana
 
PPTX
Diffie Hellman.pptx
Sou Jana
 
PPTX
Security Model
Sou Jana
 
PPTX
Classical Encryption Techniques
Sou Jana
 
PPTX
Perfect Security
Sou Jana
 
PPTX
Cryptanalysis
Sou Jana
 
PPTX
Information Theory
Sou Jana
 
PPTX
Product Cipher
Sou Jana
 
PPTX
Multicore and shared multi processor
Sou Jana
 
Cyber-Attacks-in-SEVEN OSI -Layers .pptx
Sou Jana
 
UHV Self Management and Peer Pressure.pptx
Sou Jana
 
RC4.pptx
Sou Jana
 
X.509 Certificates
Sou Jana
 
Digital Signature Standard
Sou Jana
 
Message Authentication Requirement-MAC
Sou Jana
 
Kerberos
Sou Jana
 
Elliptic Curve Cryptography
Sou Jana
 
Elgamal Digital Signature
Sou Jana
 
Key management.ppt
Sou Jana
 
Mathematics of Asymmetric cryptography
Sou Jana
 
RSA Algm.pptx
Sou Jana
 
Diffie Hellman.pptx
Sou Jana
 
Security Model
Sou Jana
 
Classical Encryption Techniques
Sou Jana
 
Perfect Security
Sou Jana
 
Cryptanalysis
Sou Jana
 
Information Theory
Sou Jana
 
Product Cipher
Sou Jana
 
Multicore and shared multi processor
Sou Jana
 

Recently uploaded (20)

PDF
EXPLORING LEARNING ENGAGEMENT FACTORS INFLUENCING BEHAVIORAL, COGNITIVE, AND ...
johnmathew9417
 
PPTX
6ME3A-Unit-II-Sensors and Actuators_Handouts.pptx
anukaranugi
 
PPT
INTRODUCTION -Data Warehousing and Mining-M.Tech- VTU.ppt
Subramanyam Natarajan
 
PPTX
CyberSecurity Mobile and Wireless Devices
RobinRohit2
 
PDF
Level 2 – IBM Data and AI Fundamentals (1)_v1.1.PDF
KSRIHARISASANKA
 
PDF
Influence of Green Infrastructure on Residents’ Endorsement of the New Ecolog...
Journal of Contemporary Urban Affairs
 
PPTX
tack Data Structure with Array and Linked List Implementation, Push and Pop O...
usham61
 
PDF
Categorization of Factors Affecting Classification Algorithms Selection
IJDKP
 
PPTX
Current and future trends in Computer Vision.pptx
Subramanyam Natarajan
 
PDF
Human-AI Collaboration: Balancing Agentic AI and Autonomy in Hybrid Systems
ijccsa
 
PDF
Design Guidelines and solutions for Plastics parts
ferdinand937933
 
PPTX
ASME PCC-02 TRAINING -DESKTOP-NLE5HNP.pptx
laxmikantvjawale
 
PDF
A SYSTEMATIC REVIEW OF APPLICATIONS IN FRAUD DETECTION
IJNSA Journal
 
PDF
Visual Aids for Exploratory Data Analysis.pdf
Ashutosh Satapathy
 
PPTX
Graph Data Structures with Types, Traversals, Connectivity, and Real-Life App...
usham61
 
PDF
August 2025 - Top 10 Read Articles in Network Security & Its Applications
IJNSA Journal
 
PDF
Soil Improvement Techniques Note - Rabbi
rahmatideal000
 
PDF
Artificial Superintelligence (ASI) Alliance Vision Paper.pdf
SonaliPatil325517
 
PPTX
Software Engineering and software moduleing
deepikame6
 
PPTX
Sorting and Hashing in Data Structures with Algorithms, Techniques, Implement...
usham61
 
EXPLORING LEARNING ENGAGEMENT FACTORS INFLUENCING BEHAVIORAL, COGNITIVE, AND ...
johnmathew9417
 
6ME3A-Unit-II-Sensors and Actuators_Handouts.pptx
anukaranugi
 
INTRODUCTION -Data Warehousing and Mining-M.Tech- VTU.ppt
Subramanyam Natarajan
 
CyberSecurity Mobile and Wireless Devices
RobinRohit2
 
Level 2 – IBM Data and AI Fundamentals (1)_v1.1.PDF
KSRIHARISASANKA
 
Influence of Green Infrastructure on Residents’ Endorsement of the New Ecolog...
Journal of Contemporary Urban Affairs
 
tack Data Structure with Array and Linked List Implementation, Push and Pop O...
usham61
 
Categorization of Factors Affecting Classification Algorithms Selection
IJDKP
 
Current and future trends in Computer Vision.pptx
Subramanyam Natarajan
 
Human-AI Collaboration: Balancing Agentic AI and Autonomy in Hybrid Systems
ijccsa
 
Design Guidelines and solutions for Plastics parts
ferdinand937933
 
ASME PCC-02 TRAINING -DESKTOP-NLE5HNP.pptx
laxmikantvjawale
 
A SYSTEMATIC REVIEW OF APPLICATIONS IN FRAUD DETECTION
IJNSA Journal
 
Visual Aids for Exploratory Data Analysis.pdf
Ashutosh Satapathy
 
Graph Data Structures with Types, Traversals, Connectivity, and Real-Life App...
usham61
 
August 2025 - Top 10 Read Articles in Network Security & Its Applications
IJNSA Journal
 
Soil Improvement Techniques Note - Rabbi
rahmatideal000
 
Artificial Superintelligence (ASI) Alliance Vision Paper.pdf
SonaliPatil325517
 
Software Engineering and software moduleing
deepikame6
 
Sorting and Hashing in Data Structures with Algorithms, Techniques, Implement...
usham61
 

PGP S/MIME

  • 1. PRETTY GOOD PRIVACY (PGP) Security for Electronic Email ~ S. Janani, AP/CSE
  • 4. Everyone on the way can read it!! No Authentication. Everyone can pose as everyone Size Limit
  • 5. There are two main schemes which are especially designed to provide confidentiality and authentication for electronic mail systems. These are: PGP (Pretty Good Privacy) S/MIME (Secure/Multipurpose Internet Mail Extension) 5
  • 6. PGP • Developed by Phil Zimmerman in 1995. • Documentation and source code is freely available. • The package is independent of operating system and processor. • PGP does not rely on the “establishment” and it’s popularity and use have grown extensively since 1995. 6
  • 7. Why PGP? •PGP combines the best available cryptographic algorithms to achieve secure e-mail communication. •It is assumed that all users are using public key cryptography and have generated a private/public key pair. •Either RSA (with RSA digital signatures) or El Gamal (with DSA) can be used. •All users also use a symmetric key system such as triple DES or Rijndael. 7
  • 8. Services of PGP PGP offers 5 services: 1. Authentication – Digital Signature 2. Confidentiality – Symmetric Block Encryption 3. Compression - ZIP 4. E-mail compatibility – Radix 64 5. Segmentation 8
  • 11. 1. PGP Authentication This is a digital signature scheme with hashing. 1. Alice has (private/public) key pair (Ad/Ae) and she wants to send a digitally signed message m to Bob. 2. Alice hashes the message using SHA-1 to obtain SHA(m). 3. Alice encrypts the hash using her private key Ad to obtain ciphertext c given c=pk.encryptAd(SHA(m)) 4. Alice sends Bob the pair (m,c) 5. Bob receives (m,c) and decrypts c using Alice's public key Ae to obtain signature s s=pk.decryptAe(c) 11
  • 12. 6. He computes the hash of m using SHA-1 and if this hash value is equal to s then the message is authenticated. Bob is sure that the message is correct and that is does come from Alice. Furthermore Alice cannot later deny sending the message since only Alice has access to her private key Ad which works in conjunction with the public key Ae. 12
  • 14. 2. PGP Confidentiality 1. Alice wishes to send Bob a confidential message m. 2. Alice generates a random session key k for a symmetric cryptosystem. 3. Alice encrypts k using Bob’s public key Be to get k’ = pk.encryptBe(k) 4. Alice encrypts the message m with the session key k to get ciphertext c c=sk.encryptk(m) 5. Alice sends Bob the values (k’,c) 6. Bob receives the values (k’,c) and decrypts k’ using his private key Bd to obtain k k=pk.decryptBd(k’) 14
  • 15. 7. Bob uses the session key k to decrypt the ciphertext c and recover the message m m=sk.decryptk(c) Public and symmetric key cryptosystems are combined in this way to provide security for key exchange and then efficiency for encryption. The session key k is used only to encrypt message m and is not stored for any length of time. 15
  • 17. PGP Authenticaton and Confidentiality (at the same time) The schemes for authentication and confidentiality can be combined so that Alice can sign a confidential message which is encrypted before transmission. The steps required are as follows: 1. Alice generates a signature c for her message m as in the Authentication scheme c=pk.encryptAd(SHA(m)) 2. Alice generates a random session key k and encrypts the message m and the signature c using a symmetric cryptosystem to obtain ciphertext C=sk.encryptk(m,c) 3. She encrypts the session key k using Bob’s public key k’ = pk.encryptBe(k) 4. Alice sends Bob the values (k’,C) 17
  • 18. 5. Bob recieves k’ and C and decrypts k’ using his private key Bd to obtain the session key k k=pk.decryptBd(k’) 6. Bob decrypts the ciphertext C using the session key k to obtain m and c (m,c) = sk.decryptk(C) 7. Bob now has the message m. In order to authenticate it he uses Alice’s public key Ae to decrypt the signature c and hashes the message m using SHA-1. If SHA(m) = pk.decryptAe(c) Then the message is authenticated. 18
  • 19. 3. PGP Compression PGP can also compress the message if desired. The compression algorithm is ZIP and the decompression algorithm is UNZIP. 1. The original message m is signed as before to obtain c=pk.encryptAd(SHA(m)) 2. Now the original message m is compressed to obtain M=ZIP(m) 3. Alice generates a session key k and encrypts the compressed message and the signature using the session key C=sk.encryptk(M,c) 19
  • 20. 4. The session key is encrypted using Bob’s public key as before. 5. Alice sends Bob the encrypted session key and ciphertext C. 6. Bob decrypts the session key using his private key and then uses the session key to decrypt the ciphertext C to obtain M and c (M,c) = sk.decryptk(C) 7. Bob decompresses the message M to obtain the original message m m=UNZIP(M) 8. Now Bob has the original message m and signature c. He verifies the signature using SHA-1 and Alice’s public key as before. 20
  • 21. 4. PGP E-Mail Compatibility Many electronic mail systems can only transmit blocks of ASCII text. This can cause a problem when sending encrypted data since ciphertext blocks might not correspond to ASCII characters which can be transmitted. PGP overcomes this problem by using radix-64 conversion. 21
  • 22. Radix-64 conversion Suppose the text to be encrypted has been converted into binary using ASCII coding and encrypted to give a ciphertext stream of binary. Radix-64 conversion maps arbitrary binary into printable characters as follows: 22
  • 23. Radix-64 conversion 1. The binary input is split into blocks of 24 bits (3 bytes). 2. Each 24 block is then split into four sets each of 6- bits. 3. Each 6-bit set will then have a value between 0 and 26-1 (=63). 4. This value is encoded into a printable character. 23
  • 24. 24 6 bit value Character encoding 6 bit value Character encoding 6 bit value Character encoding 6 bit value Character encoding 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 A B C D E F G H I J K L M N O P 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 Q R S T U V W X Y Z a b c d e f 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 g h i j k l m n o p q r s t u v 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 (pad) w x y z 0 1 2 3 4 5 6 7 8 9 + / =
  • 25. 5. PGP Segmentation Another constraint of e-mail is that there is usually a maximum message length. PGP automatically blocks an encrypted message into segments of an appropriate length. On receipt, the segments must be re-assembled before the decryption process. 25
  • 26. Key Issues 1. Key Generation Recall that a new session key is required each time a message is encrypted. How are these keys generated? PGP uses the timing of key strokes and key patterns to generate random numbers. 26
  • 27. So a PGP message might consist of: • Message component – the actual data to be transmitted + a filename + a timestamp; • Signature component – timestamp + hash of message and timestamp + first part of message (so user can check that they are decrypting correctly) + Key ID of sender’s public key • Session Key component – session key + key ID of recipient’s public key 29
  • 28. S/MIME – RFC5322 • Defines a format for text messages that are sent using electronic mail • Messages are viewed as having an envelope and contents • The envelope contains whatever information is needed to accomplish transmission and delivery • The contents compose the object to be delivered to the recipient The content standard includes a set of header fields that may be used by the mail system to create the envelope
  • 33. S/MIME Functions • enveloped data • encrypted content and associated keys • signed data • encoded message + signed digest • clear-signed data • cleartext message + encoded signed digest • signed & enveloped data • nesting of signed & encrypted entities
  • 34. S/MIME Cryptographic Algorithms • hash functions: SHA-1 & MD5 • digital signatures: DSS & RSA • session key encryption: ElGamal & RSA • message encryption: Triple-DES, RC2/40 and others • have a procedure to decide which algorithms to use
  • 35. S/MIME Certificate Processing • S/MIME uses X.509 v3 certificates • managed using a hybrid of a strict X.509 CA hierarchy & PGP’s web of trust • each client has a list of trusted CA’s certs and own public/private key pairs & certs • certificates must be signed by trusted CA’s
  • 36. Certificate Authorities • have several well-known CA’s • Verisign one of most widely used • Verisign issues several types of Digital IDs • with increasing levels of checks & hence trust Class Identity Checks Usage 1 name/email check web browsing/email 2+ enroll/addr check email, subs, s/w validate 3+ ID documents e-banking/service access
  • 37. Summary • E-Mail Security – importance • PGP – Services • S/MIME - Functions