12
Network Security, Principles and
Practice,2nd Ed.
# $
!" :
http://www.fata.ir
http://mehr.sharif.edu/~shahriari
PGP
PGP
!
!
"# $
( % &'
#
$
*
# !
#
$ 0
*
/
) $
*
1
"# $
/ ) +,' - . "#
$ 0
#2
PGP (Pretty Good Privacy)
S/MIME (Secure/Multipurpose Internet Mail
Extensions)
3
%
.
ASCII
SMTP
(Simple Mail Transfer Protocol)
3) '
! 8 9# :; " ;
. ! + @ A .%
. .
('
.
.
SMTP
MIME
/ EA
+5 ) ' 4 SMTP
3
< = > # + 6( 7
. !
#
? SMTP
<
'
% B
(' C# 3 0 #
AD ;
(Multipurpose Internet Mail Extensions)
# "!
. . $
. ! + @ A
3 7 MIME
6(
" ? MIME
PGP
7
Phil Zimmermann G ' . "F
)
: H# :; $
;=! '
I
*J
+ * ) #$
L K
# !" #
OUnix) $
) . $ CM
I
#3
(...MacintoshOPC
R< ! .
G ' 9/ 6 5
1 :; JA 6 " # $ # ) "#
" '%0
viacrypt
! . #
PGP basic Services
Sharif Network Security Center
3 B :;
1' "S
PGP
:
SHA-1 $
K: !J
#
+
K # $#
# $#
K # :; "
#
M
# " 6 ( $ # 160
K
'
A 4 9< ! RSA $
6(
"# . J
KW/
A
+5 ! # RSA $
G '
I6(
PGP- Authentication
Only
K
'
.
PGP
I6(
" I ! : H#
# 128 A 9' 5 $
3DES IDEA CAST-128 $
# 6 ( : !J
.
'" I !
+5 ! RSA @ * $
# " I ! : !J
:; %
6 ( "# .J
!W/
! # $#
ZJ
#
4 9< ! # RSA $
" I
" I !$
# . A 6(
ZJ
PGP- Confidentiality Only
PGP
! +
CAST-128 $
W A "5 +1 "# RSA @
) "# :; W / [ ,
'
#)
, "5 +1 : ! J
* # .J " I ! W /
20( 1/) ( *+ " , ">#
*
? [,
.
'
&'( $ %
"
# ^ ] \S. 2 ) #
. .
S " I ! #
Confidentiality&
Authentication
#
PGP
0
. .
61
Z $#
'
a J $ C&3 [ , $
$
O !
ZA "# $ : #
8
H#
$
ZA
$
'
#
[, 6 : # #
. + <c 1
$ ) A B "! ' 4
. Z 1 < ' ,
@
b
.J
# "!
3, 4
ZA ` A _ 8 4 "#
b[ , $
K
a J $ C&3 K
* JA @10 _ !
6(
; 8 5dB _ !
PGP
0( /
56!
:C Z
) %
#
' "!
f B$
.
#
:
A
. 0 B ASCII
:C0
: ASCII ) "#
#6<
C &'
Radix-64 @ * $
ASCII i K C# 3 ! ! 4 "#
# 3 C &'
:;
"# CRC : ! "A j
$
"# $
ZA Radix-64 $
C "# %33 $ "# ) "H '
1.33 x 0.5=0.665 < ---%50
1/3 $ "# $
ZA : "1
PGP
0 9 87 '
6( $
C+
/
$
! < 8 4 "# PGP G '
# "H>3 6 1
8d &' 8 & / " ! 6 1
% "H>3
# GMA +3 [ ,
' " I !%
$ C&3)
+
"H>3
$ 4 6( # $#
( .$
61
!
: #
(" I
( 4 9<
!: !J
#
K $ PGP
!
! )n 9
& : M
+5
4 9<
#) o a $ C4 0 : M
!
!
!
!
!
8;:< :
1 n 9 &
A 9' 8 4 "#
f&B . # CAST-128 < A 9' 5
'@ *
ANSI X12.17
"
M ! "/ 4
. ZA
!
$ @ *
.
!
' CFB 8 4 "# " I
! p
!
# - &'
7 "
#: M
#
!r $ K). : :"q
.s S
! : + \SZ : C0
(Key Identifier)" .
.
" . : 5 "# (KUa mod 264)
.
)
Format of PGP Message
Sharif Network Security Center
#
M $
< #%+0 -
-
!
(Private Key Ring) 4 9<
:
$
C .. .
! " . -2
( .J 8 9#) 4 9< !-4
# ! o a $
. .
K 8 9# "!
<c _&0 4 ) .
4 9<
: M
M
!"
!
!
': $-1
+5 ! – 3
! 7 " .-5
! G ' 4 9< !
. J O .#
4 9<
!% I
!% I
#
!
(Public Key Ring)
+5
!"
:
$
C .
!
': $-1
+5 ! – 3
I *
A K -5
! " . -2
# ! " . -4
Z#
# !)
# "! * : # !
+5
! "+ C . % I )
. .# O
\SZ
Public Key Ring
PGP Message Generation
Sharif Network Security Center
PGP Reception
Sharif Network Security Center
!
"# f H
:
'
L "#
C "1
.
!7 OA
+5
C "# f H E3
# 6 ( A "# B
+ "# A $ . %
B
S#
PGP
! % I :C Z
O
B # !
+5
$ 0
1#
(
!
4< #
+5
!%
J A 8 9# % M
.
… ) 'G '
. .
.
#7
<
A # ! "# [ , D
+5 t ! ) " &.
'
#) 'f B$
+5
8 9# % M
A
!$
! "!
q+>
K
AG '%M
."< . # !G ' B # !
+5 !
. . %
. + 5 C# 3 EI G '
.
'
8 9# % M
!
6 #
$ CA
1#
+5
. !
!
# PGP
(Trust) + 5
Trust
A
. +5 ! & 5 "# PGP + 5 : J * # :Key Legitimacy
\SZ
# !
+5 ! 7 "! C<
: signature trust
.
+ 5 "I 7
, ) $ 7 .
, K
!
&5
' # ! =0 4 "# + 5 : J * # : owner trust
.(
) *
+5
* trust flag : 5
/'
# 7 C<
W A
.
Trust Flag Bytes
A"
.
A
A
.
A
!
.
.
-
Trust Model Example
Sharif Network Security Center
!
C &3 C .
)
Z [,
'
"B #
G '
J O .#
!O ![,
# !7
+5
"!
"
# !
+ 5 C# 3 u +H "! # !
(B A)
(N
)
# *
! ,
' #
' + J O
. ' "!
[ , J @ M 8 4 "#
) + O
.[, @M
t ># "! # !
(
. , @M
@M
t 8 4 "# You Fv G ' "! E !
)
K
!
(L
.
.
!
3
!
!
.
.
.
Simple Mail Transfer
Protocol (SMTP, RFC 822)
SMTP Limitations - Can not transmit, or has a
problem with:
executable files, or other binary files (jpeg
image)
“national language” characters (non-ASCII)
messages over a certain size
ASCII to EBCDIC translation problems
lines longer than a certain length (72 to 254
characters)
Header fields in MIME
MIME-Version: Must be “1.0” -> RFC 2045, RFC
2046
Content-Type: More types being added by
developers (application/word)
Content-Transfer-Encoding: How message has
been encoded (radix-64)
Content-ID: Unique identifying character string.
Content Description: Needed when content is not
readable text (e.g.,mpeg)
S/MIME Functions
Enveloped Data: Encrypted content and
encrypted session keys for recipients.
Signed Data: Message Digest encrypted
with private key of “signer”.
Clear-Signed Data: Signed but not
encrypted.
Signed and Enveloped Data: Various
orderings for encrypting and signing.
Algorithms Used
Message Digesting: SHA-1 and MD5
Digital Signatures: DSS
Secret-Key Encryption: Triple-DES,
RC2/40 (exportable)
Public-Private Key Encryption: RSA with
key sizes of 512 and 1024 bits, and DiffieHellman (for session keys).
User Agent Role
S/MIME uses Public-Key Certificates - X.509 version 3
signed by Certification Authority
Functions:
Key Generation - Diffie-Hellman, DSS, and RSA
key-pairs.
Registration - Public keys must be registered with
X.509 CA.
Certificate Storage - Local (as in browser
application) for different services.
Signed and Enveloped Data - Various orderings for
encrypting and signing.
User Agent Role
Example: Verisign (www.verisign.com)
Class-1: Buyer’s email address
confirmed by emailing vital info.
Class-2: Postal address is confirmed as
well, and data checked against
directories.
Class-3: Buyer must appear in person,
or send notarized documents.
Recommended Web
Sites
PGP home page: www.pgp.com
MIT distribution site for PGP
S/MIME Charter
S/MIME Central: RSA Inc.’s Web Site
:
%
© Copyright 2026 Paperzz