E-Mail Security Applications
Several applications employing various cryptographic techniques have been developed to provide confidentiality, integrity, authentication, non-repudiation, and access control for e-mail communications.
Secure Multipurpose Internet Mail Extensions (S/MIME): S/MIME is a secure method of sending e-mail incorporated into several popular browsers and e-mail applications. S/MIME provides confidentiality and authentication by using the RSA asymmetric key system, digital signatures, and X.509 digital certificates. S/MIME complies with the Public Key Cryptography Standard (PKCS) #7 format and has been proposed as a standard to the Internet Engineering Task Force (IETF).
MIME Object Security Services (MOSS): MOSS provides confidentiality, integrity, identification and authentication, and non-repudiation by using MD2 or MD5, RSA asymmetric keys, and DES. MOSS has never been widely implemented or used.
Privacy Enhanced Mail (PEM): PEM was proposed as a PKCS-compliant standard by the IETF but has never been widely implemented or used. It provides confidentiality and authentication by using 3DES for encryption, MD2 or MD5 message digests, X.509 digital certificates, and the RSA asymmetric system for digital signatures and secure key distribution.
Pretty Good Privacy (PGP): PGP is a popular e-mail encryption application. It provides confidentiality and authentication by using the IDEA Cipher for encryption and the RSA asymmetric system for digital signatures and secure key distribution. Instead of a central Certificate Authority (CA), PGP uses a trust model (in which the communicating parties implicitly trust each other), which is ideally suited for smaller groups to validate user identity (as opposed to a PKI infrastructure, which can be costly and difficult to maintain).
Today two basic versions of PGP software are available: Freeware versions from PGP International at www.pgpi.org
, and a commercial version from Symantec Corporation at www.symantec.com
. There is also an open-source version, called GPG, available at www.gnupg.org
.