[prev in list] [next in list] [prev in thread] [next in thread]
List: kmail-devel
Subject: AW: S/MIME and PGP
From: Jörg_Beermann <beermann () secude ! com>
Date: 2001-08-22 13:02:14
[Download RAW message or body]
>> The main differnence between the PGP securd MIME (rfc2015, rfc3156) is
that
>> S/MIME uses the CMS mentioned above. And this is a big differnence ;)
>> cause S/MIME takes use of the x.509 Public Key Infrastructure
>> (rfc2459) PKIX, by the way wich is used by SSL/TSL as well,
>> and these hierarchical structure is real differnet from PGP and the web
of
>> trust.
>> x.509 Certificates (we talk of version 3) are DER encoded ASN.1
structures,
>> which encapsulates a lot of additional information apart from the Public
>
> PEM :) DER wouldn't work too well in a text-based message.
;) for handling a certificate in a text-based from you are right,
but from the PKIX point of view there is no need to do so.
Normaly a cerificate is embeded in other strucutres, like PKCS#7 and
these
structures are base64 encoded ;)
....but I don´t want to be a wiseacre :))
>
>> For this reason the framework to handle x.509v3 Certificates is totaly
>> diffrent
>> from the framwork to handle with PGP keys.
>
>I actually have some of this done in KSSL already, and I'll be adding the
>PKCS#7 bits over the next two months. We're using KConfig to store the
keys,
>which is very simple. We need to have an encrypted KConfig framework to
make
>this secure, too. We'll do that over the next few months as well.
As a suggestion: for storing the Private Key it might be a
possibility to store it
in a PKCS#12 bag, at least I did it these way.
In this case also you don´t need to convert the Private Key from/to
other Formats to make it accessible.
You have a minimum standard of security for protecting the Private
Key.
And for the foreign certs there is no need to protect them.
> I don't have any code in place to handle x509v3 extensions yet, btw, but
I
>will be needing them for SSL and TLS in 3.0 too.
OpenSSL is also able to handle a few extensions, like standard v3
and some
Netscape extensions.
>
>--
>
>George Staikos
>
_______________________________________________
Kmail Developers mailing list
Kmail@mail.kde.org
http://mail.kde.org/mailman/listinfo/kmail
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic