In this tutorial, you will learn the basic concepts of email security. After reading this tutorial, you will understand the essentials of Email Security, including Pretty Good Privacy (PGP) and Secure Multipurpose Internet Mail Extensions (S/MIME).
Contents:
Email Security
Email security is one of the important topics of security. Email security requires transport layer security.
- When an email is sent by the sender, it passes through many paths, and there are many machines present on that path. So that , if there is no security in the email, anyone can read the contents of the email.
- The email must be secure and can only be read by the intended receiver, not even by the receiver’s boss or their government.
- With time, cryptographic algorithms come that provide email security. They are PGP (Pretty Good Privacy) and S/MIME (Secure Multipurpose Internet Mail Extensions).
Pretty Good Privacy (PGP)
PGP is built for email security and provides privacy, authentication, digital signature, and compression mechanisms. PGP is widely used today because of its quality, zero cost, easily available on platforms like Windows, Linux, and Mac OS. Basically, PGP uses IDEA (International Data Encryption Algorithm) to encrypt the data.
The diagram below explains the working of PGP.
- As shown in the figure, the sender wants to send the message to the receiver with the signature in a secure manner. The sender and receiver have public and private keys for encryption and decryption.
- The sender wants to send the message to the receiver with the signature in a secure manner. The sender and receiver have public and private keys for encryption and decryption.
- The sender starts the PGP algorithm on their machine. PGP converts the sender’s messages into hashes using the MD5 algorithm. The sender then encrypts the hash message using their private RSA key.
- The encrypted hash and the original message are added together to form a single message. The message is then compressed using the ZIP program, generating another compressed message P1.Z.
- Now, the sender gives some random input, and depending on the content and typing speed, a 128-bit IDEA message key km is generated.
- Km is used to encrypt the P1.Z message with the IDEA algorithm using the cipher feedback mode. It also uses the receiver’s public key for encryption. The resulting message consists of letters, digits, and symbols.
- When the receiver receives the encoded message, it reverses the process and uses its private RSA key and IDEA algorithm to decrypt the message. As a result, it gets P1.Z, it decompresses P1.Z. This process continues, and the receiver receives the original plaintext.
- PGP supports four RSA key lengths, and the key is defined by the user as per the requirement.
The key lengths are as follows: - 384 bits: Used casually but can be broken easily.
- 512 bits: Generally used in commercial settings but can be breakable.
- 1024 bits: Used for military operations and cannot be broken by anyone on Earth.
- 2048 bits: Considered unbreakable.
Secure Multipurpose Internet Mail Extensions (S/MIME)
Basically, S/MIME provides authentication, data integrity, confidentiality, and non-repudiation. Like PGP, S/MIME also supports various cryptographic algorithms. Therefore, it is flexible.
- When email was first introduced, it only allowed for sending text messages. It didn’t allow you to send audio or video or any other file format.
- But then MIME (Multipurpose Internet Mail Extensions) was introduced, expanding the limited capacity of an email. It uses the NVT (Network Virtual Terminal) 7-bit ASCII encoding scheme to encode the message.
- With the help of MIME, a client can send any format of file to another client. Basically, MIME is used with the email protocols SMTP (Simple Mail Transfer Protocol), POP (Post Office Protocol), and IMAP (Internet Message Access Protocol).
- However, MIME only encodes data, it does not encrypt. That’s why S/MIME (Secure/Multipurpose Internet Mail Extensions) came into play.
- S/MIME provides security for mail messages. It protects all types of messages and stores a digital signature in its header to provide message authentication and non-repudiation.
- Whenever an email is sent, the S/MIME header is attached to that email, and an asymmetric-key cryptography algorithm is used to encrypt the email’s data.
Key Points to Remember
Here is the list of key points we need to remember about “Email Security”.
- Email security is crucial to protect email content as it traverses various paths and machines, ensuring that only the intended recipient can read it.
- Pretty Good Privacy (PGP) and S/MIME (Secure Multipurpose Internet Mail Extensions) are cryptographic algorithms that provide email security.
- PGP is built for email security and provides privacy, authentication, digital signature, and compression mechanisms.
- S/MIME provides authentication, data integrity, confidentiality, and non-repudiation. Like PGP, S/MIME also supports various cryptographic algorithms. Therefore, it is flexible.