network security: lab#4-1 e-mail security j. h. wang dec. 3, 2013
TRANSCRIPT
Network Security: Lab#4-1E-mail Security
J. H. WangDec. 3, 2013
Objectives
• To learn to use e-mail security tools– PGP
• To learn the availability of email security libraries– S/MIME– DKIM
Packages & Libraries in this Lab
• Packages– GPG4win: for Windows
• Libraries– OpenDKIM
Experiment Scenario
• Signing/verification of files using certificates– Create a new certificate– Encrypt/sign the file “original.txt” into another file
“enc.txt” (using sender’s certificate)– Then, we decrypt/verify it and get another file
“dec.txt” (using sender’s certificate), and check if the decrypted file is the same as the original file
• Sending/receiving e-mails with certificates– Set up email account– Read mails– Send mails
GnuPG Privacy Guard
• Homepage: http://www.gnupg.org/• Version:
– 1.4.15 (portable standalone version) – 2.0.22 (enhanced version, harder to build)
• Platforms: Linux/FreeBSD/Windows/MacOS X
• An implementation of OpenPGP• Installation steps
– (skipped)
GPG4win
• Homepage: http://www.gpg4win.org/ • Latest version: 2.2.1• OpenPGP: an open standard for e-
mail security (RFC 4880) – S/MIME also included
• Installation steps:– Simply follow the instructions on screen
Other Tools Included in GPG4win
• Kleopatra: GnuPG certificate manager– New certificate– Encrypting/Signing a file– Decrypting/Verifying a file
• Claws Mail: a mail reader– Setting up your mail account– Reading mails– Sending mails
Microsoft Outlook Support in GPG4win
• PGP for Outlook– GpgOL 1.0 can support OpenPGP and
S/MIME
Configuring Outlook for S/MIME
• Configure Your Personal Email Certificates• Send a Signed Message• Read a Signed Message• Check the Credentials of a Signed
Message• Send an Encrypted Message• Read an Encrypted Message• Get Certificates for Other Users
OpenDKIM• Homepage: http://www.opendkim.org/
– Latest version: opendkim 2.8.4– C library for DKIM service: libmilter– Also a milter-based filter application: opendkim
• Can plug in to any milter-based MTAs: Sendmail, PostFix
• An open source implementation for IETF DKIM standard (RFC 6376) based on dkim-milter from Sendmail– Library: libdkim – Milter: dkim-milter 2.8.3 (plugins to sendmail)
• Also includes implementations of– ADSP (Author Domain Signing Practises): RFC 5617– VBR (Vouch by Reference): RFC 5518
Configuration and Installation
• Compilation of opendkim– Download opendkim-2.8.4.tar.gz– tar -xzvf opendkim-2.8.4.tar.gz – cd opendkim-2.8.4– ./configure– make– make install
• Configuration of opendkim– For signing and verification
• Install opendkim and configure your MTA
Summary
• Email security– PGP– S/MIME– DKIM