How does PGP differ from S/MIME?

Question

Is S/MIME an abstracted system for general MIME type encryption, whereas PGP is more for email? Why would I want to choose one over the other, or can I use both at the same time?

Answer 1

Summary: S/MIME and PGP both provide "secure emailing" but use distinct encodings, formats, user tools, and key distribution models.

---

S/MIME builds over MIME and CMS. MIME is a standard way of putting arbitrary data into emails, with a "type" (an explicit indication of what the data is supposed to mean) and gazillions of encoding rules and other interoperability details. CMS means "Cryptographic Message Syntax": it is a binary format for encrypting and signing data. CMS relies on X.509 certificates for public key distribution. X.509 was designed to support top-down hierarchical PKI: a small number of "root certification authorities" issue (i.e. sign) certificates for many users (or possibly intermediate CA); a user certificate contains his name (in an email context, his email address) and his public key, and is signed by a CA. Someone wanting to send an email to Bob will use Bob's certificate to get his public key (needed to encrypt the email, so that only Bob will be able to read it); verifying the signature on Bob's certificate is a way to make sure that the binding is genuine, i.e. this is really Bob's public key, not someone else's public key.

PGP is actually an implementation of the OpenPGP standard (historically, OpenPGP was defined as a way to standardize what the pre-existing PGP software did, but there now are other implementations, in particular the free opensource GnuPG). OpenPGP defines its own encryption methods (similar in functionality to CMS) and encoding formats, in particular an encoding layer called "ASCII Armor" which allows binary data to travel unscathed in emails (but you can also mix MIME and OpenPGP). For public key distribution, OpenPGP relies on Web of Trust: you can view that as a decentralized PKI where everybody is a potential CA. The security foundation of WoT is redundancy: you can trust a public key because it has been signed by many people (the idea being that if an attacker "cannot fool everybody for a long time").

Theoretically, in an enterprise context, WoT does not work well; the X.509 hierarchical PKI is more appropriate, because it can be made to match the decisional structure of the envisioned companies, whereas WoT relies on employees making their own security policy decisions.

In practice, although most emailing softwares already implement S/MIME (even Outlook Express has implemented S/MIME for about one decade), the certificate enrollment process is complex with interactions with external entities, and requires some manual interventions. OpenPGP support usually requires adding a plugin, but that plugin comes with all that is needed to manage keys. The Web of Trust is not really used: people exchange their public keys and ensure binding over another medium (e.g. spelling out the "key fingerprint" -- a hash value of the key -- over the phone). Then people keep a copy of the public keys of the people they usually exchange emails with (in the PGP "keyring"), which ensures appropriate security and no hassle. When I need to exchange secure emails with customers, I use PGP that way.

OpenPGP is also used, as a signature format, for other non-email tasks, such as digitally signing software packages in some Linux distributions (at least Debian and Ubuntu do that).

Answer 2

All the IPs are designed to facilitate the secure and smooth flow of data transmission in networking. S/MIME and PGP are both protocols used for authentication and privacy to messages over the internet. PGP, stands for Pretty Good Privacy, is a data encryption and decryption computer program that offers cryptographic privacy and authentication for Internet data transmission. PGP is widely used for signing, encrypting and decrypting electronic data to maximize the security issues of data exchange. The protocol S/MIME refers to Secure/Multipurpose Internet Mail Extensions. S/MIME is recently included in the latest versions of the web browsers from renowned software companies like Microsoft and Netscape and has also been broadly accepted by many vendors in all around the world. It is also driven as a standard for public key encryption and signing of MIME data. S/MIME is based on an IETF standard and most commonly defined in RFCs documents. S/MIME provides the authentication, message integrity and non-repudiation of origin and data security services for electronic data transmission applications.

S/MIME is very closely similar to PGP and its predecessors. S/MIME is derived from the PKCS #7 data format for the messages, and the X.509v3 format for certificates. PGP encryption uses a serial combination of hashing, data compression, symmetric-key cryptography, and public-key cryptography.

While using PGP, one user has the ability to give directly a public key to another user or the second user can obtain the public key from the first user. PGP does not mandate a policy for creating trust and hence each user is free to decide the length of trust in the received keys. With the S/MIME, the sender or receiver does not rely on exchanging keys in advance and share a common certifier on which both can rely.

S/MIME is considered superior to PGP from an administrative perspective because of its strength, support for centralized key management through X.509 certificate servers and extensive industry support. PGP is more complicated from an end-user perspective, because it requires additional plug-ins or downloads to operate. S/MIME protocol allows most vendors to send and receive encrypted email without using additional software.

S/MIME is convenient because of secure transformation of all applications like spreadsheets, graphics, presentations, movies etc., but PGP was originated to address the security concerns of plain e-mail or text messages. S/MIME is also highly affordable in terms of its cost.

Summary: S/MIME and PGP protocols use different formats for key exchange. PGP depends upon each user’s key exchange S/MIME uses hierarchically validated certifier for key exchange. PGP was developed to address the security issues of plain text messages. But S/MIME is designed to secure all kinds of attachments/data files. Nowadays, S/MIME is known to dominate the secure electronic industry because it is incorporated into many commercial e-mail packages. S/MIME products are more readily available, and for lower prices, than PGP products.

Answer 3

If you "read between the lines" at the wikipedia entries you may come closer to an answer. S/MIME:

is a standard for public key encryption and signing of MIME data

where MIME is the standard for transporting more than simple ASCII text over the original SMTP mail system. You integrate S/MIME with your digital certificates, bought (thus stamped and certified by a CA) or locally produced (thus self signed).

As for PGP I would describe it as an outside application handling encryption/signing that may integrate transparently with your email application and provide such services. Each user gets his/her public-private key pair and uses this for all operations.

As pointed by @chris, the trust models upon which each operates are slightly different but IMHO this doesn't make one or the other less secure.

In practice the two solutions have more or less interchangeable keys. You may use a PGP issued key pair with your mail application's S/MIME and (I think) vice-versa. Somebody please correct me on this last one...

The main deciding factor for me would be cost:

PGP: software solution matching your needs + software renewal costs + administrative costs for key exchanges

compared to:

S/MIME: administrative cost of running a certificate server for locally produced certs + administrative costs for public key distribution OR the cost of buying certs from a CA + renewal fees

Don't forget that most email clients already support S/MIME "out of the box", reducing original costs in this case.

Answer 4

S/MIME depends on the SSL PKI: you have an SSL certificate with your public key, and the fact that it is signed by a certificate authority (CA) "proves" it is really your key. PGP on the other hand does not have a PKI: you check if a person's public key really belongs to him by having him say so while showing has passport (key signing party) or trusting they key because many other peoples have done this check and signed his key.

With the recent developments in CA security, I'd say there is a very big reason not to trust S/MIME :-) While the PGP "web of trust" model is not as simple in use as S/MIME, it provides a lot more security if you make the effort.

Both systems end up using asymmetric encryption by the way, they really differ in how trust in a public key is established.

Answer 5

A few years later, but I believe it should be important. In Europe, digital signatures have to use CMS because of the defined extensions (CAdES, XAdES etc).

Therefore, PGP is useless in that field and S/MIME is the only way to go.

Answer 6

Adding some perspective from 2018: efail happened. It adds some interesting perspective, since at first both OpenPGP and S/MIME were vulnerable. But OpenPGP is mostly fixed due to all important implementations making the MDC (modification detection check) mandatory. The problem for S/MIME though is, there is nothing like MDC. Thus it remains vulnerable. From what I understand that is an important argument to favor the decentralized OpenPGP over S/MIME.