lecture 07 pgp and s/mime asst.prof.supakorn kungpisdan, ph.d. [email protected] 1...
TRANSCRIPT
![Page 2: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/2.jpg)
NETE0519-ITEC4614 2
Overview of Emails Email Services and Security PGP (Pretty Good Privacy) S/MIME
Roadmap
![Page 3: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/3.jpg)
NETE0519-ITEC4614 3
Overview of Electronic MailThree major components: user agents (UAs) mail servers simple mail transfer protocol: SMTP
Mail Transfer Agents (MTAs)
User Agent Known as “mail reader” composing, editing, reading mail messages e.g., Eudora, MS Outlook, Outlook
Express, Netscape Messenger outgoing, incoming messages stored on
server
user mailbox
outgoing message queue
mailserver
useragent
useragent
useragent
mailserver
useragent
useragent
mailserver
useragent
SMTP
SMTP
SMTP
![Page 4: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/4.jpg)
NETE0519-ITEC4614 4
Mail Servers mailbox contains incoming messages
for user message queue of outgoing (to be
sent) mail messages
SMTP protocol Deliver emails from user agent
to user’s mail server Deliver emails between mail
servers
mailserver
useragent
useragent
useragent
mailserver
useragent
useragent
mailserver
useragent
SMTP
SMTP
SMTP
Electronic Mail (cont.)
![Page 5: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/5.jpg)
NETE0519-ITEC4614 5
SMTP Protocol Uses TCP to reliably transfer email message from
client to server, port 25 Direct transfer: sending server to receiving server via
many Mail Transfer Agents (MTAs)
useragent
mailserver
mailserver user
agent
1
2 3 4 56
![Page 6: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/6.jpg)
NETE0519-ITEC4614 6
Mail Access Protocols
SMTP: delivery/storage to receiver’s server Mail access protocol: retrieval from server
POP: Post Office Protocol [RFC 1939] authorization (agent <--> server) and download
IMAP: Internet Mail Access Protocol [RFC 1730] more features (more complex) manipulation of stored messages on server
HTTP (web-based email): Hotmail , Yahoo! Mail, etc.
useragent
sender’s mail server
useragent
SMTP SMTP accessProtocol
POP3, IMAP, or HTTP
receiver’s mail server
![Page 7: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/7.jpg)
NETE0519-ITEC4614 7
POP3 (more) and IMAPMore about POP3 2 modes of operations: “download
and delete” and “download and keep”
Previous example uses “download and delete” mode.
Bob cannot re-read e-mail if he changes client machine
“Download-and-keep”: copies of messages on different clients
POP3 is stateless across sessions
IMAP Keep all messages in one
place: the server Allows user to organize
messages in folders: inbox, sent items, draft
IMAP keeps user state across sessions: names of folders and
mappings between message IDs and folder name
![Page 8: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/8.jpg)
NETE0519-ITEC4614 8
Overview of Email Email Services and Security PGP (Pretty Good Privacy) S/MIME
Roadmap
![Page 9: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/9.jpg)
NETE0519-ITEC4614 9
Email Security
email is one of the most widely used and regarded network services
currently message contents are not secure may be inspected either in transit or by suitably privileged users on destination system
![Page 10: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/10.jpg)
NETE0519-ITEC4614 10
Email Security Enhancements
confidentiality protection from disclosure
Message authentication of sender of message
message integrity protection from modification
non-repudiation of origin protection from denial by sender
![Page 11: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/11.jpg)
NETE0519-ITEC4614 11
Overview of Email Email Services and Security PGP S/MIME
Roadmap
![Page 12: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/12.jpg)
NETE0519-ITEC4614 12
Pretty Good Privacy (PGP)
developed by Phil Zimmermann widely used de facto secure email provides confidentiality and authentication services for
email and file storage applications. selected best available crypto algs to use integrated into a single program on Unix, PC, Macintosh and other systems originally free, now also have commercial versions
available
![Page 13: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/13.jpg)
NETE0519-ITEC4614 13
Summary of PGP Services
![Page 14: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/14.jpg)
NETE0519-ITEC4614 14
Authentication
Use SHA-1/RSA or SHA-1/DSS Signature can be detached from the message
To log signature To use when more than one party must sign the document e.g. contract
signing
compression decompression
![Page 15: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/15.jpg)
NETE0519-ITEC4614 15
Confidentiality
Use symmetric-key encryption e.g. CAST-128, IDEA, or 3DES Sender generates a 128-bit key (used only one time) and encrypts
with receiver’s public key Use RSA or encryption using DH (called “Elgamal”) for encryption
Symmetric key
Symmetric encryption
Public-key encryption
![Page 16: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/16.jpg)
NETE0519-ITEC4614 16
Confidentiality and Authentication
Append signature to the message and encrypt using a session key The session key then is encrypted with receiver’s public key
![Page 17: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/17.jpg)
NETE0519-ITEC4614 17
Compression
PGP compresses a message after signing but before encryption Use ZIP as compression algorithm Signature is generated before compression
Can store uncompressed message and signature for future verification Different versions of compression algos provide different quality and
formats Applying hash function and signature after compression would constrain PGP
implementation
Encryption after compression strengthens cryptographic security Less redundancy, more difficult to cryptanalysis
![Page 18: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/18.jpg)
NETE0519-ITEC4614 18
Email Compatibility
when using PGP will have binary data to send (encrypted message etc)
however email was designed only for text hence PGP must encode raw binary data into printable ASCII
characters uses radix-64 algorithm
maps 3 bytes to 4 printable chars also appends a CRC
PGP also segments messages if too big
![Page 19: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/19.jpg)
NETE0519-ITEC4614 19
Segmentation and Reassembly
Email normally has max length of 50,000 characters PGP provides segmentation of email messages after radix-
64 conversion Session-key component and signature appear only once at the
beginning of the first segment At receiving end, PGP removes headers and reassemble
segments
![Page 20: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/20.jpg)
NETE0519-ITEC4614 20
PGP Operation – Summary
![Page 21: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/21.jpg)
NETE0519-ITEC4614 21
Cryptographic Keys and Key Rings
Four types of keys used: One-time session symmetric keys Public keys Private keys Passphrase-based symmetric keys
![Page 22: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/22.jpg)
NETE0519-ITEC4614 22
Session Key Generation
Each session key is used only once to encrypt and decrypt a message.
Different algos use different lengths of keys: 128 bits for CAST-128 and IDEA 168 bits or 3DES
uses random inputs taken from previous uses and from keystroke timing of user
![Page 23: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/23.jpg)
NETE0519-ITEC4614 23
PGP Key Rings
each PGP user has a pair of keyrings: public-key ring contains all the public-keys of other PGP users
known to this user, indexed by key ID private-key ring contains the public/private key pair(s) for this
user, indexed by key ID & encrypted keyed from a hashed passphrase
security of private keys thus depends on the pass-phrase security
![Page 24: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/24.jpg)
NETE0519-ITEC4614 24
PGP Message Generation
![Page 25: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/25.jpg)
NETE0519-ITEC4614 25
PGP Message Reception
![Page 26: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/26.jpg)
NETE0519-ITEC4614 26
PGP Key Management
rather than relying on certificate authorities in PGP every user is own CA
can sign keys for users they know directly forms a “web of trust”
trust keys have signed can trust keys others have signed if have a chain of signatures
to them key ring includes trust indicators users can also revoke their keys
![Page 27: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/27.jpg)
NETE0519-ITEC4614 27
Overview of Email Email Services and Security PGP (Pretty Good Privacy) S/MIME
Roadmap
![Page 28: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/28.jpg)
NETE0519-ITEC4614 28
S/MIME
Secure Multi-purpose Internet Mail Extension security enhancement to MIME email
original Internet RFC822 email was text only MIME provided support for varying content types and multi-
part messages with encoding of binary data to textual form S/MIME added security enhancements
have S/MIME support in many mail agents eg MS Outlook, Mozilla, Mac Mail etc
![Page 29: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/29.jpg)
NETE0519-ITEC4614 29
Mail Message FormatRFC 822: standard for text
message format: header lines, e.g.,
To: From: Subject:
body the “message”, 7-bit ASCII
characters only
header
body
blankline
![Page 30: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/30.jpg)
NETE0519-ITEC4614 30
Enable sending multimedia messages or attachments with non-ASCII format
Additional lines in msg header declare MIME content type
From: [email protected] To: [email protected] Subject: Picture of yummy crepe. MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Type: image/jpeg
base64 encoded data ..... ......................... ......base64 encoded data
multimedia datatype, subtype,
parameter declaration
method usedto encode data
MIME version
encoded data
MIME
![Page 31: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/31.jpg)
NETE0519-ITEC4614 31
The Received Message
Received: from crepes.fr by hamburger.edu; 12 Oct 98 15:27:39 GMT
From: [email protected]
Subject: Picture of yummy crepe.
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Type: image/jpeg
base64 encoded data . . . . .
. . . .. . . . .. . . . .
. . . . Base64 encoded data
![Page 32: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/32.jpg)
NETE0519-ITEC4614 32
MIME Content Types
text/plain
image/jpeg
![Page 33: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/33.jpg)
NETE0519-ITEC4614 33
MIME Transfer Encodings
![Page 34: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/34.jpg)
NETE0519-ITEC4614 34
S/MIME Functionality
Getting a digital ID for emails Enveloped data
Consist of encrypted content and encrypted encryption key Signed data
Hash then sign with private key of signer then encode with base64 Can be viewed only by a S/MIME supported recipient
Clear-signed data Only signature is encoded with base64 Non-S/MIME user can view, but not verify it
![Page 35: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/35.jpg)
NETE0519-ITEC4614 35
S/MIME Cryptographic Algorithms
digital signatures: DSS & RSA hash functions: SHA-1 & MD5 session key encryption: ElGamal & RSA message encryption: AES, Triple-DES, RC2/40 and others MAC: HMAC with SHA-1 have process to decide which algs to use
![Page 36: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/36.jpg)
NETE0519-ITEC4614 36
Rules of Sending Agents
1. If sending agent (SA) has a list of preferred decrypting algos from receiver, SA SHOULD choose the first on the list.
2. IF SA has no such list but received encrypted msgs, SA SHOULD use the same encryption algo that was used on the last message received.
3. If SA has no knowledge and want to take the risk, SA uses 3DES
![Page 37: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/37.jpg)
NETE0519-ITEC4614 37
S/MIME Content Types
Special types based on public-key cryptography.
![Page 38: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/38.jpg)
NETE0519-ITEC4614 38
Securing a MIME Entity
Use signature, encryption, or both MIME entity plus some security-related data e.g. algo identifiers and
certificates are processed by S/MIME to produce a “PKCS” object The PKCS object is then wrapped in MIME. It is converted into 7-bit ASCII by base64 Types
EnvelopedData SignedData Clear Signing etc.
![Page 39: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/39.jpg)
NETE0519-ITEC4614 39
EnvelopedData Application/pkcs7-mime is used Each resulting entity (an object) is represented in a form of Basic Encoding Rules (BER)
(e.g. binary format). BER is then converted to ASCII by base64
Process1. Generate a pseudorandom session key2. Encrypt the session key with recipient’s public key3. Prepare a block of RecipientInfo
contains ID of recipient’s cert, ID of encryption algos, and encrypted session key4. Encrypt the message with the session key
RecipientInfo + encrypted content = envelopedData envelopedData is then encoded into base64
![Page 40: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/40.jpg)
NETE0519-ITEC4614 40
EnvelopedData (cont.)
Content-Type: application/pkcs7-mime;
smime-type=enveloped-data; name-smime.p7m
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename=smime.p7m
Fdskfjhglasfhgksd4nkdfngiewksa4dnfk76sdgklsdnfksldfjbvfsldkfvlskdnfvlks4dnf2lkvs3ndflkvsdnvskdfvnksldnfvklsdnvks9ldnvlksnkadlnslkn3dlsknfskldnflksdnflvsdnlklkdsnvlksdnlskdnkdfslfnvsfq
Recipient converts back to binary and decrypts the session key using his/her private key, and decrypts the message using the session key
![Page 41: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/41.jpg)
NETE0519-ITEC4614 41
SignedData
signedData can be used with one or more signers.Process1. Select a hash algo (SHA or MD5)2. Computer hash value of the content3. Sign the hash value using signer’s private key4. Prepare block of SignerInfo that contains
Signer’s cert including a set of necessary certs to trace root CA ID of hash algo, ID of encryption algo, encrypted hash value
5. signedData = hash ID, the message, SignerInfo6. signedData is then converted into base64
![Page 42: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/42.jpg)
NETE0519-ITEC4614 42
SignedData (cont.)
Content-Type: application/pkcs7-mime;
smime-type=signed-data; name-smime.p7m
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename=smime.p7m
Sdflgnsnbdsflkdvlsmvldsldsn4ssdlfkmvldsfmvfadmfvsmfaadnva/vlsadnvfkadnvskjdnfvlsfdvmqaanfsd4kjdnvsdfnvskdjnfv534ksdjnfdsnfdkdjfsjh5sdhklsjhgskjghiwuerhwjenfkjnfkjshdfjksdgvjksdvjskdfvnsjdkf5
To verify signature, convert back to binary, use the signer’s public key to decrypt the hash value. Then compare the hash values
![Page 43: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/43.jpg)
NETE0519-ITEC4614 43
Clear Signing
The message is sent in clear for non-S/MIME user. A multipart/signed message has two parts
MIME: if not in 7-bit ASCII, converted into ASCII Signed MIME: processed in the same manner as signedData
![Page 44: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/44.jpg)
NETE0519-ITEC4614 44
Clear Signing (cont’d)Content-Type: multipart/signed;
protocol=“application/pkcs7-signature”;
micalg=sha1; boundary=boundary42
--boundary42
Content-Type: text/plain
This is a clear-signed message.
--boundary42
Content-Type: application/pkcs7-signature;
name=smime.p7s
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=smime.p7s
Sdflgnsnbdsflkdvlsmvldsldsn4ssdlfkmvldsfmvfadmfvsmfaadnva/vlsadnvfkadnvskjdnfvlsfdvmqaanfsd4kjdnvsdfnvskdjnfv534ksdjnfdsnfdkdjfsjh5sdhklsjhgskjghiwuerhwjenfkjn
--boundary42--
This email has many parts
![Page 45: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/45.jpg)
NETE0519-ITEC4614 45
Questions?
![Page 46: Lecture 07 PGP and S/MIME Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 NETE0519-ITEC4614](https://reader035.vdocuments.net/reader035/viewer/2022062516/56649e2c5503460f94b1bd05/html5/thumbnails/46.jpg)
Quiz
จงเสนอวิ�ธีการร�กษาควิามม��นคงปลอดภั�ยของการใช้�งาน email ส�าหร�บองค กรขนาดใหญ่" โดยที่�มข�อก�าหนดวิ"าผู้&�ใช้�ใช้�งานผู้"าน smart device ที่�มควิามสามารถในการค�านวิณต่ำ��า
NETE0519-ITEC4614 46