Read this whole guide offline with no ads, for a low price!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Need more practice? 300 additional Security+ questions!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 2:  Communication Security (Domain 2.0; 20%)
      9  2.2  Email

Previous Topic/Section
2.2.1  S/MIME
Previous Page
Pages in Current Topic/Section
1
Next Page
2.2.3  Vulnerabilities
Next Topic/Section

2.2.2  PGP

PGP, or Pretty Good Privacy, provides much the same functionality as S/MIME, but with message data digital certificate formats designed from the ground up, rather than being based on existing standards. PGP uses the Public-Private key encryption method. By implementing PGP without relying on controlled/patented algorithms, so that it could be distributed anywhere without license fees or patent issues, the developers hoped that the idea of using privacy-enhanced email would really catch on.

As in S/MIME, 3DES is used for symmetric encryption of message data, and SHA-1 for hashing. Unlike with S/MIME, individual users are responsible for exchanging their public keys with each other and deciding that they trust the public key they received as being proof of the other party’s identity before messages can be sent. Key exchange is usually accomplished via a network of public servers.

PGP

PGP provides private, authenticated email communication through the use of public key encryption, as does S/MIME.

Unlike with S/MIME, users are responsible for exchanging public keys with each other and determining that they trust the public keys they receive.


[spacer]Phil Zimmerman

Back in the days when encryption code was considered munitions and eligible for export only under certain circumstances (read: only when the US government possessed the means to easily defeat it), the primary developer of PGP, Phil Zimmerman, got into a bit of legal trouble for exporting PGP code.

To show you how obscure some laws related to computer security can be, the same code in printed book form, courtesy of MIT, instead of on floppy or CD was ruled eligible for export (at least for a short time).



Previous Topic/Section
2.2.1  S/MIME
Previous Page
Pages in Current Topic/Section
1
Next Page
2.2.3  Vulnerabilities
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.