Email Security Flashcards
What are the four main services PGP provides?
Pretty Good Privacy provides confidentiality, authentication, compression and compatibility.
True or false, PGP only works on linux operation systems?
False, it is independent of OS.
How does PGP authenticate?
Digital Signatures. SHA-1 is used to generate a 160 bit hash code. This Hash is then encrypted using RSA with the sender’s private key.
How does PGP provide integrity?
With the hash code generated in the digital signature.
Which symmetric encryption algorithms does PGP use?
CAST-128, IDEA or 3DES
How many times are symmetric keys reused in PGP? How long are these keys?
They are not reused. For each message, a new set of symmetric keys are generated and shared. The keys are 128 bits.
How are the keys exchanged in PGP?
Since the key is only used once, the symmetric key is bound to the message, and transmitted with it (after being encrypted with the receiver’s public key). There is an option to use Diffie Hellman for key exchange.
Do we encrypt the digital signature in PGP?
Yes, we encrypt it with the plaintext.
How does PGP compress what it sends? When does compression take place?
Using ZIP. This is done after signing, but before encrypting.
Which algorithm does PGP use for email compatibility?
Radix-64
What algorithm is S/MIME based on?
RSA
What are the four S/MIME functions?
Enveloping data, signing data, clear-signing data, signing and enveloping data.
What is S/MIME enveloping?
It involves encrypting any type of data.
Why might we need to clear-sign data in S/MIME?
To allow users who don’t use S/MIME to view the message.
Which algorithms does S/MIME use? Think about digital signatures, exchanging session keys, hashing, message encryption.
For digital signatures: DSS or RSA. For session key exchange: Diffie Hellman. For generating a hash for digital signatures: SHA-1. For message encryption: 3DES.