Email Security Flashcards
(35 cards)
What are the four main services PGP provides?
Pretty Good Privacy provides confidentiality, authentication, compression and compatibility.
True or false, PGP only works on linux operation systems?
False, it is independent of OS.
How does PGP authenticate?
Digital Signatures. SHA-1 is used to generate a 160 bit hash code. This Hash is then encrypted using RSA with the sender’s private key.
How does PGP provide integrity?
With the hash code generated in the digital signature.
Which symmetric encryption algorithms does PGP use?
CAST-128, IDEA or 3DES
How many times are symmetric keys reused in PGP? How long are these keys?
They are not reused. For each message, a new set of symmetric keys are generated and shared. The keys are 128 bits.
How are the keys exchanged in PGP?
Since the key is only used once, the symmetric key is bound to the message, and transmitted with it (after being encrypted with the receiver’s public key). There is an option to use Diffie Hellman for key exchange.
Do we encrypt the digital signature in PGP?
Yes, we encrypt it with the plaintext.
How does PGP compress what it sends? When does compression take place?
Using ZIP. This is done after signing, but before encrypting.
Which algorithm does PGP use for email compatibility?
Radix-64
What algorithm is S/MIME based on?
RSA
What are the four S/MIME functions?
Enveloping data, signing data, clear-signing data, signing and enveloping data.
What is S/MIME enveloping?
It involves encrypting any type of data.
Why might we need to clear-sign data in S/MIME?
To allow users who don’t use S/MIME to view the message.
Which algorithms does S/MIME use? Think about digital signatures, exchanging session keys, hashing, message encryption.
For digital signatures: DSS or RSA. For session key exchange: Diffie Hellman. For generating a hash for digital signatures: SHA-1. For message encryption: 3DES.
How do PGP and S/MIME use certificates?
S/MIME’s trust model is based around the use of CAs, but PGP has a more anarchic trust model.
How are message signatures verified in DKIM?
The receiver will verify by querying the sender’s domain directly, to obtain the appropriate public key.
Name some problems which DKIM can address?
Spam emails from unknown ips. Bulk spam attackers. Email based fraud schemes.
Which key signs a DKIM message?
The private key of the administrative domain from which the email originates.
Who queries the signatures?
The Mail Delivery Agent at the receiver end.
True or false, with S/MIME messages can still be secure if only one of the parties is using S/MIME?
False.
True or false, DKIM is not transparent to the user, as it takes place in their Message User Agent?
False. It is transparent and does not take place in the user agent.
What algorithm does DKIM use to sign?
RSA with SHA-256
If Alice wants to send Bob a message with PGP, how is the session key generated?
Alice will generate this, and encrypt it with Bob’s public key, and append it to the message.
