You can encrypt email using either Pretty Good Privacy (PGP) or S/MIME. Unfortunately you can't use both, because the two applications aren't compatible and use different methods for encryption. However, both use public key encryption at some point in their respective processes. Public key or asymmetric encryption is supposed to solve the fundamental problem of securely distributing a private key over a public medium like the Internet. It uses two keys: a public key, available to the world, and a private or secret key that is only kept by its owner. Both keys are needed to encrypt and decrypt the message. The system is secure because even though the two keys are mathematically related, they can't be derived from each other. Since only the public key, which is openly available but can't be used to decrypt the message by itself, is needed to encrypt a message, the private key doesn't have to be distributed in the wild, where it could be exposed and its secrecy compromised.
PGP was invented by Phil Zimmerman in 1991 and uses two asymmetric algorithms: RSA and DSA. RSA was named after its MIT inventors, Ron Rivest, Adi Shamir and Len Adleman. It uses key lengths ranging from 1024 to 2048 bits. DSA, or Digital Signature Algorithm, is a U.S. government standard which PGP uses to create a digital signature for a message to verify the authenticity of the sender.
S/MIME, on the other hand, also uses RSA and DSA, but only for providing digital signatures. S/MIME, unlike PGP, relies on the use of a certificate authority (CA) for storing certificate hierarchies, which are used for encrypting messages, instead of public key encryption. As a result, such encryption is only needed for digital signatures, when necessary.
- Visit our resource center for news, tips and expert advice on how to use SMIME/PGP encryption methods to secure email transmissions.
This was first published in September 2006