Updated November 6, 2023
Introduction to Privacy enhanced mail
Privacy enhanced mail is an email security standard used to provide secure electronic mail communication over the internet. It is also called as PEM in short, adopted by IAB (Internet Architecture Board). Privacy enhanced mail was first developed by IRTF (Internet Research Task Force) and PSRG (Privacy Security Research Group), Katee on they handed over PEM standard to the IETF (Internet Engineering Task Force), which is the PEM working group. Privacy enhanced mail can be described in four specification documents – RFC number 1421, RFC number 1422, RFC number 1423, and RFC number 1424. In addition, PEM provides cryptographic functions encryption, message integrity, and non-repudiation.
How does Privacy enhanced mail works?
Privacy enhanced mail involves 4 steps – canonical conversation, digital signature, encryption, and base-64 encoding. It provides three security options while sending email messages. The first option is signature only which is used for canonical conversation and digital signature. The second option is signature and base-64 encoding, which is used for canonical conversation, digital signature, and based-64 encoding. The third option is signature, Encryption, and base-64 encoding, which is used for all steps involved in a privacy-enhanced mail.
Let’s discuss this four-step in detail to understand the working of privacy-enhanced mail.
Step #1 – Canonical conversation
There is a possibility that the sender and the receiver of email messages use a computer that has a different operating system and architecture. This is because the internet works on any computer that has a TCP/IP stack, regardless of its architecture or operating system, so there is a possibility that the same thing is represented differently in these different computers. For example, a new line in the case of the Microsoft DOS operating system is represented by two characters, while in a Unix operating system, the same is represented by a single character. These can create problems while creating a message Digest; hence digital signature comes into the picture. For example, the message Digest of the email message created in the Microsoft DOS operating system can differ from the message digest of the email message created in the Unix operating system. This is because the input used for creating message Digest is not the same in both cases.
Consequently, privacy-enhanced mail transform the email into an abstract, canonical
representation, i.e., the emails message travel in uniform and independent format, no matter what is the operating system and the architecture of the sender and the receiver.
Step #2 – Digital Signature
In this step, a digital signature is created for email messages. First, using the algorithm kike MD, MD2, or MD5, the message digest of an email message is created. Then this message Digest is encrypted using the sender’s private key to from the digital signature for the sender.
Step #3 – Encryption
In this step, the original email message and the digital signature created in step 2 are encrypted using a symmetric key. For the Encryption process, DES or DES-3 algorithm is used.
Step #4 – Base-64 Encoding
This is the last step in privacy-enhanced mail; this step is also called as Radix-64 encoding or ASCII Armor. Base-64 Encoding process transforms arbitrary binary input into the printable character Output. In this technique, the binary input is divided into blocks of 3 octet or 24 bits, where these 24 buts are consist of 4 sets, each of 6 bits. Each set is mapped into an 8-bit output character.
Here one questionary is the logic behind mapping a 6-bit input block into an 8-bit output block. Again, the mapping table has been used for this.
Base-64 Encoding mapping table is as follows
6-bit value | Character | 6-bit value | Character | 6-bit value | Character | 6-bit value | Character |
0 | A | 16 | Q | 32 | G | 48 | w |
1 | B | 17 | R | 33 | H | 49 | x |
2 | C | 18 | S | 34 | I | 50 | y |
3 | D | 19 | T | 35 | J | 51 | z |
4 | E | 20 | U | 36 | K | 52 | 0 |
5 | F | 21 | V | 37 | L | 53 | 1 |
6 | G | 22 | W | 38 | M | 54 | 2 |
7 | H | 23 | X | 39 | N | 55 | 3 |
8 | I | 24 | Y | 40 | O | 56 | 4 |
9 | J | 25 | Z | 41 | P | 57 | 5 |
10 | K | 26 | a | 42 | Q | 58 | 6 |
11 | L | 27 | B | 43 | R | 59 | 7 |
12 | M | 28 | C | 44 | S | 60 | 8 |
13 | N | 29 | D | 45 | T | 61 | 9 |
14 | O | 30 | E | 46 | u | 62 | + |
15 | P | 31 | F | 47 | V | 63 | / |
(Padding) | = |
Note: At the receiver side, to get the plain text email message from the encrypted one, the receiver performs these four steps in the reverse direction.
Recommended Articles
This is a guide to Privacy Enhanced Mail. Here we discuss How does Privacy enhanced mail works with four-step in detail to understand the working of privacy-enhanced mail. You may also have a look at the following articles to learn more –