Two schemes have been developed for e-mail security: PGP and S/MIME. Both these schemes use secret-key and public-key cryptography.
I. Pretty Good Privacy (PGP)
is an e-mail encryption scheme. It has become the de-facto standard for
providing security services for e-mail communication. it uses public key
cryptography, symmetric key cryptography, hash function, and digital signature.
It provides −
- Privacy
- Sender
Authentication
- Message
Integrity
- Non-repudiation
Along with these security services, it also provides
data compression and key management support. PGP uses existing cryptographic
algorithms such as RSA, IDEA, MD5, etc., rather than inventing the new ones.
Working of PGP
·
Hash of the message is
calculated. (MD5 algorithm)
·
Resultant 128 bit hash
is signed using the private key of the sender (RSA Algorithm).
·
The digital signature is
concatenated to message, and the result is compressed.
·
A 128-bit symmetric key,
KS is generated and used to encrypt the compressed message with
IDEA.
·
KS is
encrypted using the public key of the recipient using RSA algorithm and the
result is appended to the encrypted message.
In PGP scheme, a message in signed and encrypted, and then MIME is encoded before transmission.
II. S / MIME
S/MIME stands for Secure Multipurpose Internet Mail
Extension. S/MIME is a secure e-mail standard. It is based on an earlier
non-secure e-mailing standard called MIME.
S/MIME approach is similar to PGP. It also uses
public key cryptography, symmetric key cryptography, hash functions, and
digital signatures. It provides similar security services as PGP for e-mail
communication.
The most common symmetric ciphers used in S/MIME are
RC2 and TripleDES. The usual public key method is RSA, and the hashing
algorithm is SHA-1 or MD5.
S/MIME specifies the additional MIME type, such as
“application/pkcs7-mime”, for data enveloping after encrypting. The whole MIME
entity is encrypted and packed into an object. S/MIME has standardized
cryptographic message formats (different from PGP). In fact, MIME is extended
with some keywords to identify the encrypted and/or signed parts in the
message.
S/MIME relies on X.509 certificates for public key
distribution. It needs top-down hierarchical PKI for certification support.
Due to the requirement of a certificate from
certification authority for implementation, not all users can take advantage of
S/MIME, as some may wish to encrypt a message, with a public/private key pair.
Either PGP or S/MIME, is used depending on the environment. A secure e-email communication in a captive network can be provided by adapting to PGP. For e-mail security over Internet, where mails are exchanged with new unknown users very often, S/MIME is considered as a good option.
Difference between PGP and S/MIME :
S.NO |
PGP |
S/MIME |
1. |
It
is designed for processing the plain texts |
While
it is designed to process email as well as many multimedia files. |
2. |
PGP
is less costly as compared to S/MIME. |
While
S/MIME is comparatively expensive. |
3. |
PGP
is good for personal as well as office use. |
While
it is good for industrial use. |
4. |
PGP
is less efficient than S/MIME. |
While
it is more efficient than PGP. |
5. |
It
depends on user key exchange. |
Whereas
it relies on a hierarchically valid certificate for key exchange. |
6. |
PGP
is comparatively less convenient. |
While
it is more convenient than PGP due to the secure transformation of all the
applications. |
7. |
PGP
contains 4096 public keys. |
While
it contains only 1024 public keys. |
8. |
PGP
is the standard for strong encryption. |
While
it is also the standard for strong encryption but has some drawbacks. |
9. |
PGP
is also be used in VPNs. |
While
it is not used in VPNs, it is only used in email services. |
10. |
PGP
uses Diffie hellman digital signature. |
While
it uses Elgamal digital signature. |
No comments:
Post a Comment