Common Email Digital Certificates
S/MIME (Secure Multipurpose Internet Mail Extensions) was originally proposed by RSA Data security, Inc. in 1995, which then led an industry consortium including most of the major e-mail software and Internet browser vendors, such as Microsoft, Netscape and Lotus. (Kuzmowycz). MIME provides a service extension to SMTP which expands the original design through five additional header fields, which ultimately is essential for modern communications. Digital certificates are then awarded to S/MIME based on the X.509 standard, which identifies what information will go into the digital certificate itself. A digital certificate can be purchased from many commercial certificate authorities (CA) such as VeriSign and CyberTrust to name a few. Encryption methods include: 40-bit and other forms of RC2 encryption, 56-bit DES encryption, and 168-bit Triple DES encryption. S/MIME was also designed around the public –key security methods which have allowed the expansion for further securing numerous forms of communication (such as SSL).
PGP stands for Pretty Good Privacy. It is a computer program that uses mathematical algorithms to encrypt files and protect them from unauthorized access. It is also used to digitally sign and verify documents. PGP then creates a session key, which is a one-time-only secret key. This key is a random number generated from the random movements of your mouse and the keystrokes you type. This session key works with a very secure, fast conventional encryption algorithm to encrypt the plaintext; the result is ciphertext. Once the data is encrypted, the session key is then encrypted to the recipient’s public key. This public key-encrypted session key is transmitted along with the ciphertext to the recipient (Network Associates, Inc). PGP is used widely by open source developers of UNIX and Linux systems, and does not rely on the use of the X.509 standard. In fact, to alleviate the commercialization of digital certificates, PGP created their own digital certification. The method behind it was considered the web of trust. By expanding the list of individuals under the vouch of authenticity, PGP certificates were able to grow in appreciation through secure repetitive use, all the while increasing the credibility of the vouchers list. This is by no means the fastest or safest route. It takes a level of commitment and assurance that the holder, sender, or receiver will fulfill their obligations and rule out any confliction to keep the chain of security authentic. Some encryption methods include: CAST (64, 128. Or 256-bit), IDEA (128-bit), and Triple DES (112, or 168-bit).