Send Signed Email

From Exterior Memory
Jump to: navigation, search

There are two ways to send signed or encrypted e-mail:

  • Using PGP (or GPG)
  • Using S/MIME (signing mail with X.509 certificates)

In general, PGP signed mail is most common.

Signed versus Encrypted Mail

Both S/Mime abd PGP allow both encryption as well as signing of mail.

Signed mail
Signing of mail helps in determining the authenticity and non-repudition of the mail. The receiver know for certain that it was really send by the sender (and not some fraud), and that the message content was unmodified.
Encrypted mail
Encryption of mail helps in keeping the contents confidential. Only the intended receiver can decrypt the message and read the contents.

Trust Model

PGP uses a web of trust, while S/MIME uses a hierarchical trust model.

web of trust
you trust a friend, who trust their friends. You may decide if you trust those friends, and perhaps even the friends of those friends.
hierarchical trust
There are a few central authorities, and you trust every certificate issued by a certain authorities.

In short, S/MIME (with hierarchical trust) is recommended within an organisation. PGP (with a web of trust) is recommended between users in different organisations.

Compatibility between GPG and S/MIME

There are two way to send PGP-signed mail: in-line PGP and PGP/MIME.

PGP/MIME is not compatible with S/MIME.

Technically, it may be possible to use S/MIME with in-line PGP, but it is unclear if there is any client support for that.