7

Which is better -- OpenPGP or S/MIME for higher security?

nealmcb
  • 20,693
  • 6
  • 71
  • 117
  • It would help if you add some context on what you want to use it for (email? file encryption? digital signatures?) what assets you're trying to protect, and who might attack you. See the faq. – nealmcb Mar 27 '11 at 13:51
  • Yeah, I use S/MIME specifically for email, but GPG for things like files and folders (which Gpg4win now supports). Especially cool is signing files that are distributed with GPG. What's OpenPGP? – atdre Mar 28 '11 at 06:44
  • The aim is to have secure email & file encryption in an organisation. –  Mar 28 '11 at 10:36
  • I would use S/MIME for secure email -- http://kb.mozillazine.org/Getting_an_SMIME_certificate -- I have used the Versign Digital ID ones to great success. For file encryption, I would use the Gpg4win folder encryption options. – atdre Mar 29 '11 at 20:38

2 Answers2

7

The most important security differences between OpenPGP and S/MIME have to do with trust models and certificate formats.

OpenPGP uses a "web of trust", which allows individuals to freely sign the keys of other individuals. You could think of it as an early form of social network. There are a variety of ways to find signature paths from one user to another, and define levels of trust based on the number of links and the user's estimation of how much to trust a given signer. An extensive web of trust has been built up over time, particularly among some segments of the security community. See Henk Penning's analysis of the strong set in the PGP web of trust for the latest information.

S/MIME uses the x.509 certificate format and trust model, similar to web site security via TLS/SSL. In this model a set of root certificates is typically defined as trusted within a given mail client by the vendor. This can be more convenient for deployment in organizations which deploy a traditional PKI. It leaves the user with less control, and typically requires participants to purchase certificates from a commercial CA if they are not part of an organization which deploys a traditional PKI. See How feasible is it for a CA to grant exceptions to the verification process? Which default trusted root certificates should I remove? for some issues with the traditional CA model.

Of course, another issue will typically be the question of what your correspondents use, what sorts of certificates they have, and what other uses you intend to make of your trust/signing/encryption infrastructure. For example, OpenPGP signatures are used to authenticate many open source software packages, while x.509 signatures are used for signatures in pdf and office suites.

Community
  • 1
nealmcb
  • 20,693
  • 6
  • 71
  • 117
5

One is no more better than the other than blinds are better than drapes. Both PGP and S/MIME are implementations of asymmetric key encryption. Both are used for digital signatures and encryption. From a cryptographic point of view, in the general case one isn't really any better than the other. Often the same cryptographic algorithms are used in both situations.

The real difference occurs when you decide what problems you are actually trying to solve, what other technologies are involved, and what business processes you either have in place or are capable of putting in place. When choosing between PGP or S/MIME those are the questions you need to ask yourself.

Scott Pack
  • 15,217
  • 5
  • 62
  • 91