Supporting SMIME

 <  Day Day Up  >  

Supporting S/MIME

Secure/Multipurpose Internet Mail Extensions (S/MIME) is used to digitally sign and encrypt messages. Digital signatures provide authentication, non- repudiation , and data integrity, and encryption keeps message contents confidential.

To support S/MIME, X.509 digital certificates are used. The certificate identifies information about the certificate's owner and includes the owner's public key information. X.509 is the industry standard for digital certificates. The Windows Server 2003 certificate templates that support S/MIME are Exchange User, Exchange Signature Only (for only digital signatures), Smartcard User, and User .

Supporting Digital Signatures

Signing a message generates a random checksum that is added to the message. The random checksum is the message's fingerprint or digital signature, which is then encrypted using the user's private signing key. The user then sends the message to the recipient that includes three items: the message in plain text, the sender's X.509 digital certificate, and the digital certificate.

The recipient checks the Certificate Revocation List (CRL) to see whether the sender's certificate is on the list. If the certificate is not on the list, the digital signature is decrypted with the sender's public signing key. If it is on the CRL, the recipient is warned that the sender's certificate has been revoked . The recipient's client then generates a checksum from the plain text message and compares it to the digital signature. If the checksums match, the recipient knows the sender is the one who sent the message. If they do not match, the recipient is warned that the message has been tampered with.

Message Encryption

The process of encrypting a message generates a random bulk encryption key that is used to encrypt the contents of the message. The sender uses the recipient's public key to encrypt the bulk encryption key. For this process to work, the sender must have a copy of the recipient's digital certificate. The certificate can be retrieved from either the Global Address List (GAL) or the sender's Contact list. The digital certificate contains the recipient's public encryption key, which is used to create the lockbox for the bulk encryption key.

When the recipient receives the message, he or she will use a private encryption key to decrypt and gain access to the bulk encryption key. The bulk encryption key is then used to decrypt the message. The Exchange User, Smartcard User, and User certificate templates have encryption and decryption capabilities.

Comparing PGP and S/MIME

Pretty Good Privacy (PGP) is similar to S/MIME because it can sign and encrypt messages. It is an alternative to using S/MIME.

Use PGP in the following situations:

  • For single users or small workgroups

  • If there are many different types of mail clients

Use S/MIME for the following situations:

  • For larger environments

  • For standardization

  • If Outlook is the primary (or only) mail client

  • If you want to make secure email transparent to the end-user

 <  Day Day Up  >  


Microsoft Exchange Server 2003 Unleashed
Microsoft Exchange Server 2003 Unleashed (2nd Edition)
ISBN: 0672328070
EAN: 2147483647
Year: 2003
Pages: 393
Authors: Rand Morimoto

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net