Download - Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. [email protected] 1ITEC4621 Network Security
![Page 2: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/2.jpg)
ITEC4621 Network Security 2
Overview of Emails Email Services and Security PGP (Pretty Good Privacy) S/MIME
Roadmap
![Page 3: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/3.jpg)
ITEC4621 Network Security 3
Overview of Electronic MailThree major components: user agents (UAs) mail servers simple mail transfer protocol: SMTP
Mail Transfer Agents (MTAs)
User Agent Known as “mail reader” composing, editing, reading mail messages e.g., Eudora, MS Outlook, Outlook
Express, Netscape Messenger outgoing, incoming messages stored on
server
user mailbox
outgoing message queue
mailserver
useragent
useragent
useragent
mailserver
useragent
useragent
mailserver
useragent
SMTP
SMTP
SMTP
![Page 4: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/4.jpg)
ITEC4621 Network Security 4
Mail Servers mailbox contains incoming messages
for user message queue of outgoing (to be
sent) mail messages
SMTP protocol Deliver emails from user agent
to user’s mail server Deliver emails between mail
servers
mailserver
useragent
useragent
useragent
mailserver
useragent
useragent
mailserver
useragent
SMTP
SMTP
SMTP
Electronic Mail (cont.)
![Page 5: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/5.jpg)
ITEC4621 Network Security 5
SMTP Protocol Uses TCP to reliably transfer email message from
client to server, port 25 Direct transfer: sending server to receiving server via
many Mail Transfer Agents (MTAs)
useragent
mailserver
mailserver user
agent
1
2 3 4 56
![Page 6: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/6.jpg)
ITEC4621 Network Security 6
Mail Access Protocols
SMTP: delivery/storage to receiver’s server Mail access protocol: retrieval from server
POP: Post Office Protocol [RFC 1939] authorization (agent <--> server) and download
IMAP: Internet Mail Access Protocol [RFC 1730] more features (more complex) manipulation of stored messages on server
HTTP (web-based email): Hotmail , Yahoo! Mail, etc.
useragent
sender’s mail server
useragent
SMTP SMTP accessProtocol
POP3, IMAP, or HTTP
receiver’s mail server
![Page 7: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/7.jpg)
ITEC4621 Network Security 7
POP3 (more) and IMAPMore about POP3 2 modes of operations: “download
and delete” and “download and keep”
Previous example uses “download and delete” mode.
Bob cannot re-read e-mail if he changes client machine
“Download-and-keep”: copies of messages on different clients
POP3 is stateless across sessions
IMAP Keep all messages in one
place: the server Allows user to organize
messages in folders: inbox, sent items, draft
IMAP keeps user state across sessions: names of folders and
mappings between message IDs and folder name
![Page 8: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/8.jpg)
ITEC4621 Network Security 8
Overview of Email Email Services and Security PGP (Pretty Good Privacy) S/MIME
Roadmap
![Page 9: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/9.jpg)
ITEC4621 Network Security 9
Email Security
email is one of the most widely used and regarded network services
currently message contents are not secure may be inspected either in transit or by suitably privileged users on destination system
![Page 10: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/10.jpg)
ITEC4621 Network Security 10
Email Security Enhancements
confidentiality protection from disclosure
authentication of sender of message
message integrity protection from modification
non-repudiation of origin protection from denial by sender
![Page 11: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/11.jpg)
ITEC4621 Network Security 11
Overview of Email Email Services and Security PGP S/MIME
Roadmap
![Page 12: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/12.jpg)
ITEC4621 Network Security 12
Pretty Good Privacy (PGP)
developed by Phil Zimmermann widely used de facto secure email provides confidentiality and authentication services for
email and file storage applications. selected best available crypto algs to use integrated into a single program on Unix, PC, Macintosh and other systems originally free, now also have commercial versions
available
![Page 13: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/13.jpg)
ITEC4621 Network Security 13
Summary of PGP Services
![Page 14: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/14.jpg)
ITEC4621 Network Security 14
Authentication
Use SHA-1/RSA or SHA-1/DSS Signature can be detached from the message
To log signature To use when more than one party must sign the document e.g. contract
signing
compression decompression
![Page 15: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/15.jpg)
ITEC4621 Network Security 15
Confidentiality
Use symmetric-key encryption e.g. CAST-128, IDEA, or 3DES Sender generates a 128-bit key (used only one time) and encrypts
with receiver’s public key Use RSA or encryption using DH (called “Elgamal”) for encryption
Symmetric key
Symmetric encryption
Public-key encryption
![Page 16: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/16.jpg)
ITEC4621 Network Security 16
Confidentiality and Authentication
Append signature to the message and encrypt using a session key The session key then is encrypted with receiver’s public key
![Page 17: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/17.jpg)
ITEC4621 Network Security 17
Compression
PGP compresses a message after signing but before encryption Use ZIP as compression algorithm Signature is generated before compression
Can store uncompressed message and signature for future verification Different versions of compression algos provide different quality and
formats Applying hash function and signature after compression would constrain PGP
implementation
Encryption after compression strengthens cryptographic security Less redundancy, more difficult to cryptanalysis
![Page 18: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/18.jpg)
ITEC4621 Network Security 18
Email Compatibility
when using PGP will have binary data to send (encrypted message etc)
however email was designed only for text hence PGP must encode raw binary data into printable ASCII
characters uses radix-64 algorithm
maps 3 bytes to 4 printable chars also appends a CRC
PGP also segments messages if too big
![Page 19: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/19.jpg)
ITEC4621 Network Security 19
Segmentation and Reassembly
Email normally has max length of 50,000 characters PGP provides segmentation of email messages after radix-
64 conversion Session-key component and signature appear only once at the
beginning of the first segment At receiving end, PGP removes headers and reassemble
segments
![Page 20: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/20.jpg)
ITEC4621 Network Security 20
PGP Operation – Summary
![Page 21: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/21.jpg)
ITEC4621 Network Security 21
Cryptographic Keys and Key Rings
Four types of keys used: One-time session symmetric keys Public keys Private keys Passphrase-based symmetric keys
![Page 22: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/22.jpg)
ITEC4621 Network Security 22
Session Key Generation
Each session key is used only once to encrypt and decrypt a message.
Different algos use different lengths of keys: 128 bits for CAST-128 and IDEA 168 bits or 3DES
uses random inputs taken from previous uses and from keystroke timing of user
![Page 23: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/23.jpg)
ITEC4621 Network Security 23
PGP Key Rings
each PGP user has a pair of keyrings: public-key ring contains all the public-keys of other PGP users
known to this user, indexed by key ID private-key ring contains the public/private key pair(s) for this
user, indexed by key ID & encrypted keyed from a hashed passphrase
security of private keys thus depends on the pass-phrase security
![Page 24: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/24.jpg)
ITEC4621 Network Security 24
PGP Message Generation
![Page 25: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/25.jpg)
ITEC4621 Network Security 25
PGP Message Reception
![Page 26: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/26.jpg)
ITEC4621 Network Security 26
PGP Key Management
rather than relying on certificate authorities in PGP every user is own CA
can sign keys for users they know directly forms a “web of trust”
trust keys have signed can trust keys others have signed if have a chain of signatures
to them key ring includes trust indicators users can also revoke their keys
![Page 27: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/27.jpg)
ITEC4621 Network Security 27
Overview of Email Email Services and Security PGP (Pretty Good Privacy) S/MIME
Roadmap
![Page 28: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/28.jpg)
ITEC4621 Network Security 28
S/MIME
Secure Multi-purpose Internet Mail Extension security enhancement to MIME email
original Internet RFC822 email was text only MIME provided support for varying content types and multi-
part messages with encoding of binary data to textual form S/MIME added security enhancements
have S/MIME support in many mail agents eg MS Outlook, Mozilla, Mac Mail etc
![Page 29: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/29.jpg)
ITEC4621 Network Security 29
Mail Message FormatRFC 822: standard for text
message format: header lines, e.g.,
To: From: Subject:
body the “message”, 7-bit ASCII
characters only
header
body
blankline
![Page 30: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/30.jpg)
ITEC4621 Network Security 30
Enable sending multimedia messages or attachments with non-ASCII format
Additional lines in msg header declare MIME content type
From: [email protected] To: [email protected] Subject: Picture of yummy crepe. MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Type: image/jpeg
base64 encoded data ..... ......................... ......base64 encoded data
multimedia datatype, subtype,
parameter declaration
method usedto encode data
MIME version
encoded data
MIME
![Page 31: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/31.jpg)
ITEC4621 Network Security 31
The Received Message
Received: from crepes.fr by hamburger.edu; 12 Oct 98 15:27:39 GMT
From: [email protected]
Subject: Picture of yummy crepe.
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Type: image/jpeg
base64 encoded data . . . . .
. . . .. . . . .. . . . .
. . . . Base64 encoded data
![Page 32: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/32.jpg)
ITEC4621 Network Security 32
MIME Content Types
text/plain
image/jpeg
![Page 33: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/33.jpg)
ITEC4621 Network Security 33
MIME Transfer Encodings
![Page 34: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/34.jpg)
ITEC4621 Network Security 34
S/MIME Functionality
Getting a digital ID for emails Enveloped data
Consist of encrypted content and encrypted encryption key Signed data
Hash then sign with private key of signer then encode with base64 Can be viewed only by a S/MIME supported recipient
Clear-signed data Only signature is encoded with base64 Non-S/MIME user can view, but not verify it
![Page 35: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/35.jpg)
ITEC4621 Network Security 35
S/MIME Cryptographic Algorithms
digital signatures: DSS & RSA hash functions: SHA-1 & MD5 session key encryption: ElGamal & RSA message encryption: AES, Triple-DES, RC2/40 and others MAC: HMAC with SHA-1 have process to decide which algs to use
![Page 36: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/36.jpg)
ITEC4621 Network Security 36
Rules of Sending Agents
1. If sending agent (SA) has a list of preferred decrypting algos from receiver, SA SHOULD choose the first on the list.
2. IF SA has no such list but received encrypted msgs, SA SHOULD use the same encryption algo that was used on the last message received.
3. If SA has no knowledge and want to take the risk, SA uses 3DES
![Page 37: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/37.jpg)
ITEC4621 Network Security 37
S/MIME Content Types
Special types based on public-key cryptography.
![Page 38: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/38.jpg)
ITEC4621 Network Security 38
Securing a MIME Entity
Use signature, encryption, or both MIME entity plus some security-related data e.g. algo identifiers and
certificates are processed by S/MIME to produce a “PKCS” object The PKCS object is then wrapped in MIME. It is converted into 7-bit ASCII by base64 Types
EnvelopedData SignedData Clear Signing etc.
![Page 39: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/39.jpg)
ITEC4621 Network Security 39
EnvelopedData Application/pkcs7-mime is used Each resulting entity (an object) is represented in a form of Basic Encoding Rules (BER)
(e.g. binary format). BER is then converted to ASCII by base64
Process1. Generate a pseudorandom session key2. Encrypt the session key with recipient’s public key3. Prepare a block of RecipientInfo
contains ID of recipient’s cert, ID of encryption algos, and encrypted session key4. Encrypt the message with the session key
RecipientInfo + encrypted content = envelopedData envelopedData is then encoded into base64
![Page 40: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/40.jpg)
ITEC4621 Network Security 40
EnvelopedData (cont.)
Content-Type: application/pkcs7-mime;
smime-type=enveloped-data; name-smime.p7m
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename=smime.p7m
Fdskfjhglasfhgksd4nkdfngiewksa4dnfk76sdgklsdnfksldfjbvfsldkfvlskdnfvlks4dnf2lkvs3ndflkvsdnvskdfvnksldnfvklsdnvks9ldnvlksnkadlnslkn3dlsknfskldnflksdnflvsdnlklkdsnvlksdnlskdnkdfslfnvsfq
Recipient converts back to binary and decrypts the session key using his/her private key, and decrypts the message using the session key
![Page 41: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/41.jpg)
ITEC4621 Network Security 41
SignedData
signedData can be used with one or more signers.Process1. Select a hash algo (SHA or MD5)2. Computer hash value of the content3. Sign the hash value using signer’s private key4. Prepare block of SignerInfo that contains
Signer’s cert including a set of necessary certs to trace root CA ID of hash algo, ID of encryption algo, encrypted hash value
5. signedData = hash ID, the message, SignerInfo6. signedData is then converted into base64
![Page 42: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/42.jpg)
ITEC4621 Network Security 42
SignedData (cont.)
Content-Type: application/pkcs7-mime;
smime-type=signed-data; name-smime.p7m
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename=smime.p7m
Sdflgnsnbdsflkdvlsmvldsldsn4ssdlfkmvldsfmvfadmfvsmfaadnva/vlsadnvfkadnvskjdnfvlsfdvmqaanfsd4kjdnvsdfnvskdjnfv534ksdjnfdsnfdkdjfsjh5sdhklsjhgskjghiwuerhwjenfkjnfkjshdfjksdgvjksdvjskdfvnsjdkf5
To verify signature, convert back to binary, use the signer’s public key to decrypt the hash value. Then compare the hash values
![Page 43: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/43.jpg)
ITEC4621 Network Security 43
Clear Signing
The message is sent in clear for non-S/MIME user. A multipart/signed message has two parts
MIME: if not in 7-bit ASCII, converted into ASCII Signed MIME: processed in the same manner as signedData
![Page 44: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/44.jpg)
ITEC4621 Network Security 44
Clear Signing (cont’d)Content-Type: multipart/signed;
protocol=“application/pkcs7-signature”;
micalg=sha1; boundary=boundary42
--boundary42
Content-Type: text/plain
This is a clear-signed message.
--boundary42
Content-Type: application/pkcs7-signature;
name=smime.p7s
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=smime.p7s
Sdflgnsnbdsflkdvlsmvldsldsn4ssdlfkmvldsfmvfadmfvsmfaadnva/vlsadnvfkadnvskjdnfvlsfdvmqaanfsd4kjdnvsdfnvskdjnfv534ksdjnfdsnfdkdjfsjh5sdhklsjhgskjghiwuerhwjenfkjn
--boundary42--
This email has many parts
![Page 45: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/45.jpg)
ITEC4621 Network Security 45
Questions?
![Page 46: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/46.jpg)
Quiz
1. เพราะเหตุ�ใดเราจึ�งทำ�าการ zip หลั�งจึากการทำ�า Digital Signature แลัะก�อนการเข้�ารห�ส
2. การเชื่��อมตุ�อก�นเพ��อส�งข้�อม�ลัระหว่�างคอมพ!ว่เตุอร" 2 เคร��องอย่�างปลัอดภั�ย่น�&นตุ�องม'ค�ณสมบั�ตุ!แบับั End-to-end authentication แลัะ Encryption จึงให�เข้'ย่นร�ป frame format ข้อง IPSec packet ทำ'�ม'ค�ณสมบั�ตุ!ด�งตุ�อไปน'&:1) Transport adjacency ทำ'�ม'การทำ�า authentication ก�อน encryption2) Transport SA ทำ'�ถู�ก bundle ภัาย่ใน Tunnel SA ม'การทำ�า encryption ก�อน authentication3) Tunnel SA ทำ'�ถู�ก bundle ภัาย่ใน Tunnel SA ม'การทำ�า authentication ก�อน encryption
ITEC4621 Network Security 46
![Page 47: Lecture 07 PGP and S/MIME Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1ITEC4621 Network Security](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649e2a5503460f94b18c74/html5/thumbnails/47.jpg)
Quiz (cont.)
47ITEC4621 Network Security