S mime and cms l.jpg
This presentation is the property of its rightful owner.
Sponsored Links
1 / 34

S/MIME and CMS PowerPoint PPT Presentation


  • 74 Views
  • Uploaded on
  • Presentation posted in: General

S/MIME and CMS. Presentation for CSE712 By Yi Wen Instructor: Dr. Aidong Zhang. Basic. What is S/MIME? Secure/Multipurpose Internet Mail Extensions How does it work? Basically, it is a package in which there is a CMS object. .

Download Presentation

S/MIME and CMS

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


S mime and cms l.jpg

S/MIME and CMS

Presentation for CSE712

By Yi Wen

Instructor: Dr. Aidong Zhang


Basic l.jpg

Basic

  • What is S/MIME?

  • Secure/Multipurpose Internet Mail Extensions

  • How does it work?

  • Basically, it is a package in which there is a CMS object.


Before we start l.jpg

Before We start...


Several definitions l.jpg

Several Definitions

  • 7-bit data: Text data with lines less than 998 characters long, where none of the characters have the 8th bit set, and there are no NULL characters. <CR> and <LF> occur only as part of a <CR><LF> end of line delimiter.


Continued l.jpg

Continued...

  • 8-bit data: Text data with lines less than 998 characters, and where none of the characters are NULL characters. <CR> and <LF> occur only as part of a <CR><LF> end of line delimiter.

  • Binary data: Arbitrary data.


Continued6 l.jpg

Continued...

  • ASN.1 Abstract Syntax Notation number One is a standard that defines a formalismfor the specification of abstract data types.

  • An Example: Person ::= SET { name IA5String, age INTEGER female BOOLEAN }.


Continued7 l.jpg

Continued...

  • Encoding: BER (Basic Encoding Rules) vs. DER (Distinguished Encoding Rules)


Continued8 l.jpg

Continued...

  • An Example: The BER encoding (in hexadecimal) of the instance "Maggie", 4, TRUE of Person is:

  • SET IA5String M a g g i e 31 14 16 06 77 65 71 71 73 69 INTEGER 4 BOOLEAN TRUE 02 01 04 01 01 FF


Continued9 l.jpg

Continued...

  • Authentication is generally the process used to confirm the identity of a person or to prove the integrity of specific information. More specifically, in the case of a message, authentication involves determining its source and providing assurance that the message has not been modified or replaced in transit.


Continued10 l.jpg

Continued...

  • Digital Signature: Using a symmetric encryption algorithm such as MD5 to digest the message one wants to sign first. Then encrypting the output of that symmetric algorithm with signer’s private key.


Continued11 l.jpg

Continued…

  • Digital Envelope: A type of security that uses two layers of encryption to protect a message. First, the message itself is encoded using symmetric encryption, and then the key to decode the message is encrypted using public key encryption.


Introduction to mime l.jpg

Introduction to MIME

  • What is MIME?

  • Itis an encoding standard for that allows non-text files like graphics, sound clips, etc., to be attached to regular text email. Your email program will encode these binary files and change them into text files. When the e-mail is sent, your program notifies the recipient program of the MIME encoding standard used, and in effect sends instructions as to how to put the file back into its original form.


Continued13 l.jpg

Continued...

  • MIME Entity: A MIME entity may be a sub- part, sub-parts of a message, or the whole message with all its sub- parts. A MIME entity that is the whole message includes only the MIME headers and MIME body, and does not include the RFC-822 headers.


Let s start now l.jpg

Let’s start now


Introduction to cms l.jpg

Introduction to CMS

  • What is CMS? The Cryptographic Message Syntax describes an encapsulation syntax for data protection. It supports digital signatures, message authentication codes, and encryption.


Continued16 l.jpg

Continued...

  • Basically, there are six content types defined in the RFC 2630. But you can define more types yourself.

  • The six basic types are: data, signed-data, enveloped-data, digested-data, encrypted-data, and authenticated-data.


Continued general syntax l.jpg

Continued -- General Syntax

  • The CMS object is defined by ASN.1 like: ContentInfo ::= SEQUENCE { contentType ContentType, content [0] EXPLICIT ANY DEFINED BY contentType } ContentType ::= OBJECT IDENTIFIER


Simple introduction to some type l.jpg

Simple Introduction to some Type

  • SignedData Type:The signed-data content type consists of a content of any type and zero or more signature values. Any number of signers in parallel can sign any type of content. The typical application of the signed-data content type represents one signer's digital signature on content of the data content type. Another typical application disseminates certificates and certificate revocation lists (CRLs).


Continued19 l.jpg

Continued...

  • Enveloped-data Content Type: The enveloped-data content type consists of an encrypted content of any type and encrypted content-encryption keys for one or more recipients. The combination of the encrypted content and one encrypted content-encryption key for a recipient is a "digital envelope" for that recipient. Any type of content can be enveloped for an arbitrary number of recipients using any of the three key management techniques for each recipient.


Continued20 l.jpg

Continued...

  • The typical application of the enveloped-data content type will represent one or more recipients' digital envelopes on content of the data or signed-data content types.


Continued21 l.jpg

Continued...

  • Digested-data Content Type: The digested-data content type consists of content of any type and a message digest of the content. Typically, the digested-data content type is used to provide content integrity, and the result generally becomes an input to the enveloped-data content type.


Continued22 l.jpg

Continued...

  • Encrypted-data Content Type: The encrypted-data content type consists of encrypted content of any type. Unlike the enveloped-data content type, the encrypted-data content type has neither recipients nor encrypted content-encryption keys. Keys must be managed by other means. The typical application of the encrypted-data content type will be to encrypt the content of the data content type for local storage, perhaps where the encryption key is a password.


Continued23 l.jpg

Continued...

  • Authenticated-data Content Type: The authenticated-data content type consists of content of any type, a message authentication code (MAC), and encrypted authentication keys for one or more recipients. The combination of the MAC and one encrypted authentication key for a recipient is necessary for that recipient to verify the integrity of the content. Any type of content can be integrity protected for an arbitrary number of recipients.


Creating s mime messages l.jpg

Creating S/MIME Messages


Preparing the mime entity for signing or enveloping l.jpg

Preparing the MIME Entity for Signing or Enveloping

  • Step 1. The MIME entity is prepared according to the local conventions.Step 2. The leaf parts of the MIME entity are converted to canonical form. Step 3. Appropriate transfer encoding is applied to the leaves of the MIME entity


The application pkcs7 mime type l.jpg

The application/pkcs7-mime Type:

  • The application/pkcs7-mime type is used to carry CMS objects of several types including envelopedData and signedData.


Continued27 l.jpg

Continued...

  • The name and filename Parameters: The sender can send three filename extension which are: .p7m, .p7c and .p7s. The purpose of these file names are: 1. It is a easy way to store the S/MIME objects in the local disk;


Continued28 l.jpg

Continued...

  • 2. When a MIME entity of type application/pkcs7-mime (for example) arrives at a gateway that has no special knowledge of S/MIME, it will default the entity's MIME type to application/octet-stream and treat it as a generic attachment, thus losing the type information. However, the suggested filename for an attachment is often carried across a gateway. This often allows the receiving systems to determine the appropriate application to hand the attachment off to, in this case a stand-alone S/MIME processing application.


Continued29 l.jpg

Continued...

  • The smime-type parameter: The application/pkcs7-mime content type defines the optional "smime- type" parameter. The intent of this parameter is to convey details about the security applied (signed or enveloped) along with information about the contained content.


Creating an enveloped only message l.jpg

Creating an Enveloped-only Message

  • Step 1. The MIME entity to be enveloped is prepared.

  • Step 2. The MIME entity and other required data is processed into a CMS object of type envelopedData. In addition to encrypting a copy of the content-encryption key for each recipient, a copy of the content encryption key SHOULD be encrypted for the originator and included in the envelopedData.

  • Step 3. The CMS object is inserted into an application/pkcs7-mime MIME entity.


Creating a signed only message l.jpg

Creating a Signed-only Message

  • There are two formats for signed messages defined for S/MIME: application/pkcs7-mime with SignedData, and multipart/signed.

  • Messages signed using the multipart/signed format can always be viewed by the receiver whether they have S/MIME software or not.


Continued32 l.jpg

Continued...

  • Signing Using application/pkcs7-mime with SignedData Step 1. The MIME entity is preparedStep 2. The MIME entity and other required data is processed into a CMS object of type signedData Step 3. The CMS object is inserted into an application/pkcs7-mime MIME entity


Registration requests l.jpg

Registration Requests

  • A sending agent that signs messages MUST have a certificate for the signature so that a receiving agent can verify the signature. There are many ways of getting certificates, such as through an exchange with a certificate authority, through a hardware token or diskette, and so on.


References l.jpg

References


  • Login