SMTP, or Simple Mail Transfer Protocol, was first developed in 1982. At that time, it had very few security features. As a result, we gradually needed to make email communications more secure. We wanted features to digitally sign, encrypt, and decrypt emails. S/MIME and PGP are two standards that are developed for that purpose.
What is S/MIME?
S/MIME is a standard that uses public key cryptography to digitally sign, encrypt, or decrypt emails. The user first obtains a public-private keypair from a centralized trusted authority. The private key is kept secret with the user. And the public key can be distributed to others.
At the time of digital signatures, the user has to sign the email with his private key and send it across. As the email is signed with the private key, the recipient will be able to verify the signature using the sender’s public key. In fact, anyone having the sender’s public key will be able to verify the signature. But, as the private key is kept secret with the sender only, no one else other than the sender will be able to modify the original email.
And, if the user wants to send some secret message to a recipient, the sender will have to encrypt the email with the recipient’s public key. As the private key is kept secret with the recipient, no one else other than the recipient would be able to decrypt the email.
And, if the email is signed with the sender’s private key as well as encrypted with the recipient’s public key, then only the recipient would be able to read the secret message after decrypting the message with the recipient’s private key. At the same time, no one else other than the sender would be able to modify the original message.
In S/MIME, a user has to obtain his public-private key pair from a trusted authority. And after receiving the keys, he has to use them suitably with the email application.
What is PGP?
OpenPGP is another standard that can be used to digitally sign, encrypt, and decrypt emails. PGP is a commercial program that is developed as per the OpenPGP standard. GPG is an open-source version of PGP made by GNU. (PGP vs. OpenPGP vs. GPG)
PGP also uses public key cryptography to sign, encrypt, and decrypt emails. So, in PGP also, a user has to use his public-private key pair for signing, encryption, and decryption of emails, similar to S/MIME. A sender has to sign the email with his private key. And the sender has to send an encrypted email to …
You do a great job at explaining the concept. Thanks for taking the time to do this…
Thanks @samsmith02.