AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
S/Mime Reader For Mac4/22/2021
In theory, OpenPGP could be a much stronger method of security.There are several ways to secure email, so lets look at how they differ.
When you want to send secure email, you have plenty of choices. ![]() Whats better to secure email, Apples Mail app or a solution that uses OpenPGP, such as GPG Suite Lets take a look. Image Credit: Pete Linforth ) An Abbreviated History of Secure Email Internet developers first standardized the Simple Mail Transfer Protocol, or SMTP, in 1982, when there was little concern for security. That quickly changed, and we needed to find ways to make our email communications more secure. Basically, we needed to be able to digitally sign, encrypt, and then decrypt our emails. One of those is SecureMultipurpose Internet Mail Extensions, or SMIME, which is what Apple Mail uses. How Secure Email Works Both methods use Public Key Cryptography to digitally sign, encrypt, and then decrypt your email. When you send a digitally signed email to someone, youre signing the email with your private key and sending that person the public portion of your keypair. S/Mime Reader Software Saves TheOnce you receive a digitally signed email, your mail software saves the senders public key so you can later send encrypted messages to that person. As your email software digitally signs and encrypts a message, its doing two things: Its signing the email with your private key Then, the software encrypts the message using your recipients public key. SMIME utilizes a standard way of putting arbitrary data into your email, with a definition of what type of information is there. On the recipients end, software decodes the ASCII into text or binary files. On the other hand, OpenPGP wraps the text and any binary attachments in ASCII Armor, an encoding layer. Another key difference between SMIME and OpenPGP is more apparent to you, the user. That difference is in how you get your publicprivate keypair. Using SMIME, the user obtains the certificate and keypair from a centralized trusted authority. OpenPGP, on the other hand, doesnt rely on a centralized trusted authority. You, as the user, sign your keypair and then others verify whether or not the key really belongs to you by signing it themselves. OpenPGP relies on something called a Web of Trust, in which everybody is a potential CA. The theory is that you can trust a public key because its been signed by many other people, confirming that it really belongs to the person you think it does. Which Method Leads to More Secure Email This is where theory and practice clash.
0 Comments
Read More
Leave a Reply. |