Both PGP and S/MIME protocols
are used for authentication and privacy of messages over internet.
S/MIME protocol refers to
Secure/Multipurpose Internet Mail Extensions which has been incorporated in the
various main exchange software, incl. Outlook, Thunderbird & others And
also incorporated in all major browsers (chrome, Mozilla, IE and others). S/MIME
is based on IETF standards and defined in RFC 5751.
RFC 5751
defined S/MIME as "S/MIME (Secure/Multipurpose Internet Mail
Extensions) provides a consistent way to send and receive secure MIME data.
Based on the popular Internet MIME standard, S/MIME provides the following
cryptographic security services for electronic messaging applications:
authentication, message integrity and non-repudiation of origin (using digital
signatures), and data confidentiality (using encryption). As a supplementary
service, S/MIME provides for message compression."
PGP
known as Pretty Good Privacy, is a data encryption and decryption computer
program that provides cryptographic privacy and authentication for data
communication. PGP is often used for signing, encrypting, and decrypting texts,
e-mails, files, directories, and whole disk partitions and to increase the
security of e-mail communications. It was created by Phil Zimmermann in 1991.
PGP and
similar software follow the OpenPGP standard (RFC 4880) for encrypting and
decrypting data.
PGP user has the ability to give its public key to another
user directly or the user can obtain the public key from the first user. PGP
does not mandate a policy for creating trust and hence each user is free to
decide the length of trust in the received keys. With the S/MIME, the sender or
receiver does not rely on exchanging keys in advance and share a common
certifier on which both can rely.
S/MIME is considered superior to PGP from an administrative
perspective because of its strength, support for centralized key management through
X.509 certificate servers and extensive industry support. PGP is more
complicated from an end-user perspective, because it requires additional
plug-ins or downloads to operate. S/MIME protocol allows most vendors to send
and receive encrypted email without using additional software.
S/MIME is convenient because of secure transformation of all
applications like spreadsheets, graphics, presentations, movies etc., but PGP
was originated to address the security concerns of plain e-mail or text
messages.
S/MIME is derived from the PKCS #7 data format for the
messages, and the X.509v3 format for certificates. PGP encryption uses a serial
combination of hashing, data compression, symmetric-key cryptography, and
public-key cryptography.
Summary:
· S/MIME and PGP protocols use different formats
for key exchange.
· PGP depends upon each user’s key exchange
S/MIME uses hierarchically validated certifier for key exchange.
· PGP was developed to address the security
issues of plain text messages. But S/MIME is designed to secure all kinds of
attachments/data files.
· Nowadays, S/MIME is known to dominate the
secure electronic industry because it is incorporated into many commercial
e-mail packages.