SMIME vs PGP
Robert J. Hansen
rjh at sixdemonbag.org
Wed Feb 6 23:18:29 CET 2008
SeidlS at schneider.com wrote:
> I am not a encryption expert, and need some help from the GnuPG user
While you can probably get some good pointers here, if you're looking
for an answer you can rely on you will either need to do a fair bit of
homework or else contract with an outside information security
consultant. Information security is a subtle subject and many people
who claim to know things actually know very little about those things.
I, of course, am no exception.
> We have a new software product that has the capability of encrypting
> documents using SMIME. How common is SMIME and used outside of email
S/MIME support (note the slash) is built into virtually every
proprietary email client as a standard feature, and is present in many
of the open-source ones. Outlook, Thunderbird, Lotus Notes, Apple's
Mail.app, and more, all support it out-of-the-box.
S/MIME integration with mail clients is substantially better than
OpenPGP's integration with mail clients.
> Is it compatible with the OpenPGP standard, and thus GnuPG?
On some level, theoretically, sure, given that S/MIME uses X.509
certificates, and X.509 certificates can be finessed into the Web of
Trust. However, you will need a lot of elbow grease and a really big
crowbar, and the resulting Frankenstein's Monster will not be pretty.
I have never seen this done in practice. S/MIME and OpenPGP
interoperability is, AFAIK, a theoretical chimera.
> Is there a good website discussing the differences between the two
I can't answer this without knowing what level of detail you're
interested in, difference-wise. From an end-user perspective S/MIME and
OpenPGP provide essentially identical capabilities. Slightly more
involved than that, S/MIME and OpenPGP use many of the same algorithms.
More involved than that, they handle all manner of internal things
If you want to come to a fairly comprehensive understanding of both, I
would recommend reading RFC3852 ( http://tools.ietf.org/html/rfc3852 )
and RFC4880 ( http://tools.ietf.org/html/rfc4880 ). S/MIME is based
upon the former, and OpenPGP is defined by the latter.
More information about the Gnupg-users