2. S/MIME (Secure / Multipurpose Internet Mail Extension)
- It is enhancement of MIME protocol. -SI MIME adds some new content types to include security service to the MIME. All these new types include the parameter " application / pkcs7-mime", in which 'pkcs' defines "Public Key cryptography Specification"
Cryptographic Message Syntax (cms)
- S/MIME has defined CMS, the syntax in each case defined the exact encoding scheme for each content type. following content type describe the type of message & different sub types that are created from the messages.
a.Data content types: - This is an arbitrary string. The object created is called Data.
b.Signed- Data content type: - This type provides only integrity of data. It contains any type & zero or more signature values. The encoded result is called signed data. figure below shows the process of creating an object of this type. following are the steps in the process
1.for each signer ,a message digest is created from the content using a specific header algorithm chosen by that signer.
2.Each message digest is signal with the private key of the signs.
3.The content signature values , certificates are then collected to create the 'signed data object'.
c.Enveloped -Data content type :
This type is used to provide privacy for the message. It contains any type & zero or more encrypted keys & certificated. The encoded result is an object called enveloped data . Below figure shows the process of creating an object of this type.
A pseudorandom session key is created for the symmetric key algorithm to be used.
For each recipient, a copy of the session key is encrypted with the public key of each recipient.
The content is encrypted using the defined Algorithm & created session key.
The encrypted contents, encrypted session keys, algorithm used & certificate are encoded using radix 64 .
d.Encrypted data type content type : This type is used to create an encrypted session of any content type. This is similar to the enveloped data content type, the encrypted data content type has no recipient. It can be used to store the encrypted data instead of transmitting it. The process is very simple , the user employs any key & any algorithm to encrypt the content. The encrypted content is stored without including the key or the algorithm.The object created is called encrypted data.
e. Authenticated -Data content type: This type is used to provide authentication of the data. The object is called authenticated Data. figure below shows the process.
- using a pseudorandom generator, a MAC key is generated for each recipient.
2.The MAC key is encrypted with the public key of the recipient.
- A MAC is created for the content.
4.The content MAC, algorithms & other information are collected together to for the authenticated Data object.
Key Management. 1. The key management in S/MIME is a combination of key management used by X.509 & PGP. S/MIME uses public-key certificates signed by the certificate authorities defined by X.509. However, the user is responsible to maintain the web of trust to verify the signature as defined by PGP.
Applications of S/MIME :- It is predicted that S/MIME will become the industry choice to provide security for commercial email.