Secure Messaging with PGP and S/MIME
A book to be published by
Artech House Publishers in the Computer Security Series
Rolf Oppliger, Ph.D.
eSECURITY Technologies Rolf Oppliger
CH-3074 Muri b. Bern, Switzerland
Phone/Fax: +41 079 654 84 37
Secure Messaging with PGP and S/MIME attempts to bring together all
relevant and important information that is needed to understand and use
PGP- and S/MIME-compliant software. As such, the book is aimed to fill the
gap between the manuals that describe the graphical user interfaces of the
various software packages and the Internet-Drafts and RFC documents that
mainly focus on packet formats and bit encoding schemes of PGP and S/MIME.
The book is primarily intended for security managers, network
practitioners, professional system and network administrators, product
implementors, and end users who want to learn more about the rationale
behind and the possibilities of secure messaging with PGP and S/MIME.
The book can be used for self-study or to teach classes.
Part I: FUNDAMENTALS
2. Character Sets, Message Formats, and Encoding Schemes
3. Internet Messaging
4. Cryptographic Techniques
5. ASN.1 and Encoding Rules
Part II: PGP
6. History and Development
7. Technological Approach
8. Web of Trust
9. Standardization and Products
10. Conclusions and Outlook
Part III: S/MIME
11. History and Development
12. Technological Approach
13. Public Key Infrastructure
14. Standardization and Products
15. Conclusions and Outlook
Part IV: EPILOGUE
The following people have reviewed the book:
- Neelam Dwivedi (IEEE Distributed Systems Online)
- In February 2005, Serge Mister and Robert Zuccherato published a
in which they describe an adaptive chosen-ciphertext attack on the
CFB mode of encryption as used in OpenPGP (cf. vulnerability
the US-CERT and the response from the PGP Corporation). The attack
exploits an ad-hoc integrity check feature in OpenPGP which was meant as a
"quick check" to determine the correctness of the decryption key.
- In July 2004, RFC 3850 (replacing RFC 2632), RFC 3851 (replacing
RFC 2633), and RFC 3852 (replacing RFCs 2630, or 3369, respectively) were
officially released to specify S/MIME version 3.1
- In November 2003, Phong Nguyen announced a severe bug in the way GnuPG creates
and uses ElGamal keys for signing (note that ElGamal keys are not normally
used for signing). A corresponding paper entitled "Can We Trust Cryptographic
Software? Cryptographic Flaws in GNU Privacy Guard v1.2.3" appaered in the
proceedings of Eurocrypt '04.
- In August 2002, PGP
Corporation announced its formation and purchase of the PGP assets
from NAI. Since then, PGP Corporation has developed several new
products, inclding, for example, PGP Universal.
- In August 2002, Kahil Jallad, Jonathan Katz, and Bruce Schneier
demonstrated the feasibility of a chosen-ciphertext attack described
in a paper presented at the 9th USENIX Security
Symposium in 2000 (pp. 241-246). The implementation of the attack is described in a
presented at the 5th International Conference on Information Security in 2002
- In October 2001, Network Associates, Inc. (NAI) announced a
reorganization of the PGP Security business unit, and that some
of PGP products will be integrated into the McAfee and Sniffer
- In July 2001, Sieuwert van Otterloo found a vulnerability
in the graphical user interface of PGP 5.0 and above. After a
patch was released on September 4, 2001, a paper entitled
security analysis of Pretty Good Privacy that describes the
multiple user ID attack that exploits the vulnerability was
published in September 2001.
- In May 2001, Swisskey Ltd. as described in Section 13.5.2
of this book went out of business.
- In April 2001, Chris Anley at @stake, Inc. announced
of the Windows PGP ASCII armor parser. More specifically,
opening an ASCII armored file such as a public key or a detached
signature can cause the creation of an arbitrary file on the
target machine. On the Windows platform this can lead to the
execution of arbitrary code on the target machine.
- In March 2001, Vlastimil Klima and Tomas Rosa at
publicly announced a flaw in the OpenPGP private keyring format.
As further decribed in
a technical paper, the flaw can be exploited to
determine a private key (assuming that the attacker has access
to the corresponding private keyring).
- In May 2000, Germano Caronni found a flaw in the process by which the
Linux and OpenBSD command-line versions of PGP 5.0 generates pseudorandom numbers,
making the cryptographic keys potentially insecure (see CERT Advisory
Copyright © 2005 eSECURITY Technologies Rolf Oppliger