Michael A. Gurski
Tue Oct 24 13:59:54 EDT 1995
On the Internet, the notions of privacy and security are practically non-existent. In order to provide some level of security and privacy in electronic mail messages, the Privacy and Security Research Group (PSRG) of the Internet Research Task Force (IRTF) and the Privacy-Enhanced Electronic Mail Working Group (PEM WG) of the Internet Engineering Task Force (IETF), through a series of meetings, came up with a series of message authentication and encryption procedures known as Privacy-Enhanced Mail (PEM), and standardized in Internet RFC 1421 , RFC 1422 , RFC 1423 , and RFC 1424 .
Privacy-Enhanced Mail (PEM) is an Internet standard that provides for secure exchange of electronic mail. PEM employs a range of cryptographic techniques to allow for confidentiality, sender authentication, and message integrity. The message integrity aspects allow the user to ensure that a message hasn't been modified during transport from the sender. The sender authentication allows a user to verify that the PEM message that they have received is truly from the person who claims to have sent it. The confidentiality feature allows a message to be kept secret from people to whom the message was not addressed.
There are at least two different implementations of PEM available. Riordan's Internet Privacy Enhanced Mail (RIPEM), written by Mark Riordan, is available from ripem.msu.edu . To get a copy, ftp there, cd to /pub/crypt, and read the file GETTING_ACCESS. This is currently not a complete implementation of PEM, but it is still useful. Most of the code, except for the RSA routines it employs, is in the public domain. The RSA routines are in the form of the RSAREF library licensed by RSA Data Security, Inc. (RSADSI).
The other implementation of PEM was originally called TIS/PEM  (version 7.0) , written by Trusted Information Systems, Inc. However, TIS/PEM has since been succeeded by TIS/MOSS (version 7.1), a program which implements PEM with MIME extensions added to it. TIS has made this freely available in C source code form. TIS/MOSS also makes use of the RSAREF libraries from RSADSI. TIS/MOSS is available by anonymous ftp from ftp.tis.com in the /pub/MOSS directory. Read the file README to find out from where the archive can be down-loaded.
PEM provides a range of security features. They include originator authentication, (optional) message confidentiality, and data integrity. Each of these will be discussed in turn.
In RFC 1422  an authentication scheme for PEM is defined. It uses a hierarchical authentication framework compatible X.509, ``The Directory --- Authentication Framework.'' Central to the PEM authentication framework are certificates, which contain items such as the digital signature algorithm used to sign the certificate, the subject's Distinguished Name, the certificate issuer's Distinguished name, a validity period, indicating the starting and ending dates the certificate should be considered valid, the subject's public key along with the accompanying algorithm. This hierarchical authentication framework has four entities.
The first entity is a central authority called the Internet Policy Registration Authority (IPRA), acting as the root of the hierarchy and forming the foundation of all certificate validation in the hierarchy. It is responsible for certifying and reviewing the policies of the entities in the next lower level. These entities are called Policy Certification Authorities (PCAs), which are responsible for certifying the next lower level of authorities. The next lower level consists of Certification Authorities (CAs), responsible for certifying both subordinate CAs and also individual users. Individual users are on the lowest level of the hierarchy.
This hierarchical approach to certification allows one to be reasonably sure that certificates coming users, assuming one trusts the policies of the intervening CAs and PCAs and the policy of the IPRA itself, actually came from the person whose name is associated with it. This hierarchy also makes it more difficult to spoof a certificate because it is likely that few people will trust or use certificates that have untraceable certification trails, and in order to generate a false certificate one would need to subvert at least a CA, and possibly the certifying PCA and the IPRA itself.
Message confidentiality in PEM is implemented by using standardized cryptographic algorithms. RFC 1423  defines both symmetric and asymmetric encryption algorithms to be used in PEM key management and message encryption. Currently, the only standardized algorithm for message encryption is the Data Encryption Standard (DES) in Cipher Block Chaining (CBC) mode. Currently, DES in both Electronic Code Book (ECB) mode and Encrypt-Decrypt-Encrypt (EDE) mode, using a pair of 64-bit keys, are standardized for symmetric key management. For asymmetric key management, the RSA algorithm is used.
In order to provide data integrity, PEM implements a concept known as a message digest. The message digests that PEM uses are known as RSA-MD2 and RSA-MD5 for both symmetric and asymmetric key management modes. Essentially both algorithms take arbitrary-length ``messages,'' which could be any message or file, and produce a 16-octet value. This value is then encrypted with whichever key management technique is currently in use. When the message is received, the recipient can also run the message digest on the message, and if it hasn't been modified in-transit, the recipient can be reasonably assured that the message hasn't been tampered with maliciously. The reason message digests are used is because they're relatively fast to compute, and finding two different meaningful messages that produce the same value is nearly impossible.
PEM (depending on which implementation you choose to use) can be used with just about any program capable of generating Internet mail and someone else who is using PEM. There are even Emacs elisp files available which simplify the usage of PEM.
In order to use PEM, you'll need either RIPEM or TIS/PEM (TIS/MOSS). Then you'll need to generate a key-pair, and make it available. Depending on your preference, and availability, you might want to get your public-key certified by a Certification Authority.
In its current state, I haven't seen much evidence of PEM being used widely. There are hooks for using both PEM, specifically RIPEM although TIS/PEM should work as well, and PGP in the NCSA httpd  program for providing secure web communications with NCSA Mosaic. These hooks must be activated with a recompilation. There are also extensions to the Emacs editor which allow one to use either PGP or a PEM implementation in conjunction with mail or any other Emacs buffer. There is also a product put out by SecureWare called SecureMail  that implements PEM.
Privacy-Enhanced Mail (PEM)
This document was generated using the LaTeX2HTML translator Version 95.1 (Fri Jan 20 1995) Copyright © 1993, 1994, Nikos Drakos, Computer Based Learning Unit, University of Leeds.
The command line arguments were:
latex2html -split 0 cs482p1.tex.
The translation was initiated by Michael A. Gurski on Tue Oct 24 13:59:44 EDT 1995