SMIME vs PGP

Janusz A. Urbanowicz alex at bofh.net.pl
Wed Feb 6 23:32:46 CET 2008


On Wed, Feb 06, 2008 at 03:28:49PM -0600, SeidlS at schneider.com wrote:

> I am not a encryption expert, and need some help from the GnuPG user group.

That's why we are here.

> We have a new software product that has the capability of encrypting
> documents using SMIME.  How common is SMIME and used outside of email
> clients?  Is it compatible with the OpenPGP standard, and thus GnuPG?  Is
> there a good website discussing the differences between the two standards?

S/MIME is a PKI (as in X.509 standard) counterpart of some subset of
OpenPGP standard (as defined in RFC 4880). 

OpenPGP defines a way to sign, encrypt and then format data for
transmission or storage. Another standard, PGP/MIME, defines a way to
ue OpenPGP capabilities within e-mail. OpenPGP uses its own format of
keys with its own way how to decide to trust them.

S/MIME is based on X.509 certificates (with its hierarchy of trust),
and specifies only a way to sign and/or encrypt data within e-mail
based MIME structure. A counterpart just to encrypt random data is
called CMS (Cryptographic Message Syntax). S/MIME was based on PKCS#7,
now is based on CMS (which was developed after first version of
S/MIME), which now positions CMS as PKI counterpart to OpenPGP.

To muddy waters further, there are other PKI based-standards, like
XML-DSIG which aren't compatible with CMS or OpenPGP.

GNU Privacy Guard 1.x talks only OpenPGP. GNU Privacy Guard 2.x talks
OpenPGP and S/MIME, I'm not sure if it talks plain CMS.

> This document, and any attachments therein, contains proprietary and
> confidential information that may not be disclosed without the prior
> written permission of Schneider National, Inc. and its subsidiaries.
> Unauthorized use or misuse of this information and its contents is strictly
> prohibited. Schneider National, Inc. vigorously protects its rights.

This is a stupid footer to attach while posting to public mailing list.

Alex
-- 
JID: alex at hell.pl
PGP: 0x46399138
od zwracania uwagi na detale są lekarze, adwokaci, programiści i zegarmistrze
 -- Czerski



More information about the Gnupg-users mailing list