You can encrypt email using either Pretty Good Privacy (PGP) or S/MIME. Unfortunately you can't use both, because
the two applications aren't compatible and use different methods for encryption. However, both use public key encryption at some point in their respective processes. Public key or asymmetric encryption is supposed to solve the fundamental problem of securely distributing a private key over a public medium like the Internet. It uses two keys: a public key, available to the world, and a private or secret key that is only kept by its owner. Both keys are needed to encrypt and decrypt the message. The system is secure because even though the two keys are mathematically related, they can't be derived from each other. Since only the public key, which is openly available but can't be used to decrypt the message by itself, is needed to encrypt a message, the private key doesn't have to be distributed in the wild, where it could be exposed and its secrecy compromised.
PGP was invented by Phil Zimmerman in 1991 and uses two asymmetric algorithms: RSA and DSA. RSA was named after its MIT inventors, Ron Rivest, Adi Shamir and Len Adleman. It uses key lengths ranging from 1024 to 2048 bits. DSA, or Digital Signature Algorithm, is a U.S. government standard which PGP uses to create a digital signature for a message to verify the authenticity of the sender.
S/MIME, on the other hand, also uses RSA and DSA, but only for providing digital signatures. S/MIME, unlike PGP, relies on the use of a certificate authority (CA) for storing certificate hierarchies, which are used for encrypting messages, instead of public key encryption. As a result, such encryption is only needed for digital signatures, when necessary.
- Visit our resource center for news, tips and expert advice on how to use SMIME/PGP encryption methods to secure email transmissions.
Dig deeper on PKI and Digital Certificates
Related Q&A from Joel Dubin, past SearchSecurity.com expert
The security of RFID chips and smart cards may not be fully mature, but there are best practices to keep facilities safe. Identity and access ...continue reading
Picture passwords for mobile device security aren't a new idea, but they have been recently improved. Identity and access management expert Joel ...continue reading
Hacked smart cards are a large potential threat to enterprises that utilize them. Learn how to thwart smart card hackers.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.