Secure Messaging with PGP and S/MIME

E-Mail: rolf.oppliger@esecurity.ch
Phone/Fax: +41 079 654 84 37

Aims and Scope

Secure Messaging with PGP and S/MIME attempts to bring together all relevant and important information that is needed to understand and use PGP- and S/MIME-compliant software. As such, the book is aimed to fill the gap between the manuals that describe the graphical user interfaces of the various software packages and the Internet-Drafts and RFC documents that mainly focus on packet formats and bit encoding schemes of PGP and S/MIME.

Target Audience

The book is primarily intended for security managers, network practitioners, professional system and network administrators, product implementors, and end users who want to learn more about the rationale behind and the possibilities of secure messaging with PGP and S/MIME. The book can be used for self-study or to teach classes.

Table of Contents

Part I: FUNDAMENTALS

1. Introduction
2. Character Sets, Message Formats, and Encoding Schemes
3. Internet Messaging
4. Cryptographic Techniques
5. ASN.1 and Encoding Rules

Part II: PGP

6. History and Development
7. Technological Approach
8. Web of Trust
9. Standardization and Products
10. Conclusions and Outlook

Part III: S/MIME

11. History and Development
12. Technological Approach
13. Public Key Infrastructure
14. Standardization and Products
15. Conclusions and Outlook

Part IV: EPILOGUE

16. Comparison
17. Outlook

Reviews

The following people have reviewed the book:

• Neelam Dwivedi (IEEE Distributed Systems Online)

News

• In February 2005, Serge Mister and Robert Zuccherato published a paper in which they describe an adaptive chosen-ciphertext attack on the CFB mode of encryption as used in OpenPGP (cf. vulnerability note from the US-CERT and the response from the PGP Corporation). The attack exploits an ad-hoc integrity check feature in OpenPGP which was meant as a "quick check" to determine the correctness of the decryption key.
• In July 2004, RFC 3850 (replacing RFC 2632), RFC 3851 (replacing RFC 2633), and RFC 3852 (replacing RFCs 2630, or 3369, respectively) were officially released to specify S/MIME version 3.1
• In November 2003, Phong Nguyen announced a severe bug in the way GnuPG creates and uses ElGamal keys for signing (note that ElGamal keys are not normally used for signing). A corresponding paper entitled "Can We Trust Cryptographic Software? Cryptographic Flaws in GNU Privacy Guard v1.2.3" appaered in the proceedings of Eurocrypt '04.
• In August 2002, PGP Corporation announced its formation and purchase of the PGP assets from NAI. Since then, PGP Corporation has developed several new products, inclding, for example, PGP Universal.
• In August 2002, Kahil Jallad, Jonathan Katz, and Bruce Schneier demonstrated the feasibility of a chosen-ciphertext attack described in a paper presented at the 9th USENIX Security Symposium in 2000 (pp. 241-246). The implementation of the attack is described in a paper presented at the 5th International Conference on Information Security in 2002 (pp. 90-101).
• In October 2001, Network Associates, Inc. (NAI) announced a reorganization of the PGP Security business unit, and that some of PGP products will be integrated into the McAfee and Sniffer business units.
• In July 2001, Sieuwert van Otterloo found a vulnerability in the graphical user interface of PGP 5.0 and above. After a patch was released on September 4, 2001, a paper entitled A security analysis of Pretty Good Privacy that describes the multiple user ID attack that exploits the vulnerability was published in September 2001.
• In May 2001, Swisskey Ltd. as described in Section 13.5.2 of this book went out of business.
• In April 2001, Chris Anley at @stake, Inc. announced a vulnerability of the Windows PGP ASCII armor parser. More specifically, opening an ASCII armored file such as a public key or a detached signature can cause the creation of an arbitrary file on the target machine. On the Windows platform this can lead to the execution of arbitrary code on the target machine.
• In March 2001, Vlastimil Klima and Tomas Rosa at ICZ publicly announced a flaw in the OpenPGP private keyring format. As further decribed in a technical paper, the flaw can be exploited to determine a private key (assuming that the attacker has access to the corresponding private keyring).
• In May 2000, Germano Caronni found a flaw in the process by which the Linux and OpenBSD command-line versions of PGP 5.0 generates pseudorandom numbers, making the cryptographic keys potentially insecure (see CERT Advisory CA-2000-09).