IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [smime]

S/MIME is a protocol for encrypting and signing messages, e.g. emails.

95 questions
52
votes
5 answers

What actions should I, as an end user, take in response to EFAIL?

There's a lot of talk about EFAIL: The EFAIL attacks exploit vulnerabilities in the OpenPGP and S/MIME standards to reveal the plaintext of encrypted emails. In a nutshell, EFAIL abuses active content of HTML emails, for example externally loaded…
Anders
  • 64,406
  • 24
  • 178
  • 215
27
votes
4 answers

Can a nation-state adversary perform a MITM attack by compelling a CA to issue them with fake certs?

As I understand it, with any encryption system based on a trust chain / CAs (eg SSL, TLS, S/MIME), it would be possible for a nation-state adversary (such as the NSA) to compel the CA to issue them with fraudulent certificates enabling the adversary…
Caesar
  • 484
  • 5
  • 11
19
votes
3 answers

What expectation of privacy is there with US-based vendors with the LavaBit and SilentCircle shutdown?

Lavabit hosts a secure messaging service that was recently shut down. Likewise SilentCircle has preemptively done the same thing with their email-based service. It seems that the justification for these actions is to prevent the US government from…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
15
votes
2 answers

Obtaining an S/MIME certificate without disclosing my private key to the TTP

I would like to obtain a trusted S/MIME certificate, but all the certificate authorities I have asked so far generate the keypair on their server, sign the certificate and send me both the private key and public signed certificate. It seems to me…
user1043479
  • 253
  • 2
  • 4
13
votes
2 answers

OpenSSL PKCS#7 vs. S/MIME

OpenSSL 1.0.1c onwards seems to offer CMS support. I have difficulty understanding the difference between smime and pkcs7. S/MIME specs are layered on PKCS#7 (so says Wikipedia). Now in openssl I have the following commands: openssl smime openssl…
user907810
  • 253
  • 1
  • 2
  • 7
11
votes
3 answers

What is the web of trust?

I'm studying network and system security and I came across the phrase "web of trust". From Wikipedia: In cryptography, a web of trust is a concept used in PGP, GnuPG, and other OpenPGP-compatible systems to establish the authenticity of the …
Amanuel Nega
  • 215
  • 1
  • 2
  • 7
10
votes
2 answers

SMIME email decryption key with OpenSSL

I'd like to know if it's possible to use openssl command to retrieve and decrypt the key for encrypting/decryptig email content. I know I can decrypt the whole encrypted mail by something like this openssl smime -decrypt -in enc_mail.eml -inkey…
Jakub Žitný
  • 379
  • 1
  • 2
  • 9
9
votes
2 answers

I want trusted SMIME certificates for 3rd parties. Is this a reasonable configuration?

I want to send out SMIME certificates with my emails, and want to deploy the following PKI Root01 (All EKU, All Constrants, No Restrictions) PolicyInt01 (Internal applications, not trusted by 3rd parties...) PolicyExt01 (Name constraints =…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
9
votes
2 answers

Apart from the lack of native Outlook support, why should one prefer S/MIME over PGP/MIME for email?

From my (still quite subjective) point of view, GnuPG/PGP is superior to SSL (or more specifically, PGP/MIME over S/MIME; maybe in other areas SSL is the better choice), e.g. due to the support of subkeys to separate signing and encryption…
Tobias Kienzler
  • 7,578
  • 10
  • 43
  • 66
9
votes
2 answers

Which extensions to use for a S/MIME certificate?

Analogously to the SSL server certificate question, which extensions should I use for S/MIME, and should the CA be restricted somehow as well? (I'm using openssl, which at the moment creates CA and certificates with permission to do basically…
Tobias Kienzler
  • 7,578
  • 10
  • 43
  • 66
9
votes
2 answers

Why don't banks sign their email using S/MIME?

If email sent by my bank included S/MIME signatures that my mail client can verify, then I would have the assurance that the mail was not tampered with or sent by some malicious third-party. Most prominent mail clients have S/MIME support (Outlook,…
sigjuice
  • 193
  • 5
8
votes
1 answer

What are the security differences between SMIME email and PGP email?

Outside of key distribution, and specific to the technical details relating to encrypted email data (message body), what's the difference between SMIME and PGP? Example comparisons Security comparison: What are the security guarantees of each…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
8
votes
3 answers

Where to get/buy a CSR generated S/MIME certificate

I'm not sure if the question is eligable for this board as I ask for concrete service providers which can be kind of advertisement, but there is also technical issue involved, so I give it a try. My concrete scenario is as follows: I want to use…
Theo
  • 183
  • 3
8
votes
1 answer

Parsing a PKCS7 detached signature hash

I'm trying to manually verify signatures of Apple iOS Passbook files, which are PKCS #7 detached signatures of the RSA key of the Apple developer who created the file. Which means there's a file "signature" which is the detached signature of a…
MidnightLightning
  • 263
  • 3
  • 6
8
votes
1 answer

S/MIME certificates and "information leakage"

I'm considering getting an S/MIME certificate that verifies my name and email address. I've been trying to ascertain what information "leaks" if I do. The Wikipedia page on S/MIME says: Depending on the policy of the CA, the certificate and all its…
lume
  • 81
  • 1
1
2 3 4 5 6 7