S/MIME
1...1 1.1... 1 1.2... 2 1.3... 2 2...3 2.1... 3 2.2... 4 2.3... 4 3...5 3.1... 5 3.2... 6 3.3... 8 3.4... 10 4...12 4.1 PGP... 12 4.2 (CA)... 13 5 CRL...15 5.1 ( ID )... 15 5.2 CRL(Certificate Revocation List)... 17 6 Microsoft Outlook Express S/MIME...18 6.1 S/MIME... 18 6.2... 26 6.3... 27 6.4... 28 6.5... 28 6.6... 28 6.7... 29 6.8... 29 6.9... 30 6.10... 31 6.11 CRL... 32 7 Netscape Messenger S/MIME...33 7.1 S/MIME... 33 7.2... 34
7.3... 35 7.4... 35 7.5... 35 7.6... 36 7.7... 37 7.8... 37 8 Winbiff S/MIME...38 8.1 S/MIME... 38 8.2... 41 8.3... 42 8.4... 43 8.5... 43 8.6... 43 8.7... 44 8.8... 44 9 S/MIME...45 9.1... 45 9.2 MIME... 45 9.3... 47 9.4... 47 9.5 +...48 9.6... 48 9.7... 49 10...51 11...53 12...54 13...55
1 1.1-1 -
1.2 1.3 1.4-2 -
2 2.1 RC2 RC5DES Triple-DES IDEA - 3 -
2.2 public key private key RSADiffie-Hellman 2.3 ( ) MD2( 16 )MD5(16 ) SHA1(20 ) - 4 -
3 3 S/MIME PGP 3.1 OS - 5 -
3.2 1) - 6 -
2) A ( + ) A B ( + ) B ( ) - 7 -
3.3 1) ( ) GSIb3DQEH GSIb3DQEH GSIb3DQEH 2-8 -
) 2) ( + ( ) 3) Microsoft Outlook Express ID Netscape Messenger Oangesoft Winbiff+S/Goma 4) BASE64 BASE64 Microsoft Outlook Express Netscape Messenger Oangesoft Winbiff+S/Goma ( ) - 9 -
3.4 1) - 10 -
2) 2 1 Sign-Then-Envelop 1) S/MIME Sign-And-Envelop PEM S/MIME S/MIME PEM ( + ) ( ) ( ) A ( + ) A B ( + ) B ( ) - 11 -
4 PGP S/MIME 4.1 PGP A B A C D C D B B A B - 12 -
4.2 (CA) A A A A A B C A A A A S/MIME - 13 -
4.3 SHA.1 MD5 Thumbprint (fingerprint) SHA1 20 40 40-14 -
5 CRL 5.1 ( ID ) X.509 (Certificate Signing Request) Certificate Chain - 15 -
Web ISO/IEC X.509 X.509 V3 ID CRL - 16 -
5.2 CRL(Certificate Revocation List) CRL CRL CRL CRL CRL CRL CRL CRL S/MIME CRL CRL S/MIME CRL X.509-17 -
6 Microsoft Outlook Express S/MIME ID http://www.verisign.co.jp 6.1 S/MIME 1) Web https://digitalid.verisign.co.jp/browser/client/index.html http://digitalid.verisign.co.jp/client/browser/ "Enroll Now" - 18 -
Contents of Your Digital ID First Name: Last Name: E-mail Address: Easy Web site Registration Include Additional Information?: Yes : Country: Japan Zip/Postal Code: Date of Birth: male /female Challenge Phrase Challenge Phrase - 19 -
Choose a Full-service Class1 Digital ID, or a 60-day Trial Digital ID I'd like a one-year, full-service Digital ID for only US$14.95 per year.: US$14.95 I'd like to test drive a 60-day trial Digital ID for free.: 60 SM Billing Information Card Type: Card Number: Expiration Date: Name on Card: - 154-0004 1-4-14 - Street Address: 1-4-24 Taishido Apartment/Unit Number: Hagitou Bldg 3F City: Setagaya-Ku Tokyo State/Province: JP ZIP/Postal Code: 154-0004 Country: Japan Option Internet Explorer Microsoft Base Cryptographic Provide v1.0 Netscape Communicator 512 Additional Security for Your Private Key Internet Explorer Check this Box to Protect Your Private Key: Digital ID Subscriber Agreement Accept Accept OK Netscape Communicator - 20 -
Communicator Certificate DB - 21 -
https:// URL Your Digital ID PIN IS: PIN Web ID URL PIN Submit INSTALL ID - 22 -
[ ] CA ID ID ID () ID Web https://digitalid.verisign.co.jp/browser/client/index.html Outlook Express ID Web - 23 -
2) S/MIME Outlook Express ID S/MIME ID multipart/signed PKCS#7 ID - 24 -
S/MIME - 25 -
6.2 1) 2) Outlook Express bob@ - 26 -
3) Web Web https://onsite.verisign.com/services/verisignjapankkverisignclass1caindividualsubscriber/clie nt/search.htm Download S/MIME Format (Binary ) 6.3-27 -
6.4 6.5 : CC: 6.6-28 -
6.7 6.8-29 -
RC2 40 6.9-30 -
6.10 OutlookExpress ID 2-31 -
X.509V3 6.11 CRL CRL CRL CRL - 32 -
7 Netscape Messenger S/MIME 7.1 S/MIME 4) Outlook Express - 33 -
5) S/MIME S/MIME Messenger S/MIME 7.2 1) Microsoft Outlook Express 2) 3) Web Microsoft Outlook Express - 34 -
7.3 7.4 7.5-35 -
7.6 RC2 40-36 -
7.7 7.8-37 -
8 Winbiff S/MIME () Winbiff S/Goma S/MIME () http://www.orangesoft.co.jp () http://www.orangesoft.co.jp/products.html 8.1 S/MIME 1) Winbiff 2 Web (Certificate)Signing Request Signing Request PKCS#10 PKCS#10 CSR CSR Winbiff CSR - 38 -
CSR CSR - 39 -
CSR Outgoing CSR DB - 40 -
2) S/MIME 8.2 1) Microsoft Outlook Express Netscape Messenger 2) S/Goma V1.01 3) Web Web - 41 -
8.3-42 -
8.4 8.5 8.6-43 -
8.7 8.8-44 -
9 S/MIME 9.1 1) RFC2311 "S/MIME Version 2 Message Specification" RFC2312 "S/MIME Version 2 Certificate Handling" 2) RSA RFC2313 "PKCS #1 : RSA Encryption Version 1.5" 3) RFC2314 "PKCS #10 : Certification Request Syntax Version 1.5" 4) RFC2315 "PKCS #7 : Cryptographic Message Syntax Version 1.5" + CRL 5) MIME 6) CRL RFC 1847 Security Multiparts for MIME RFC1422 "Privacy Enhancement for Internet Electronic Mail : Part II: Certificate-Based Key Management" 7) PKCS S/MIME RSA Data Security Inc. S/MIME PKCS(Public Key Crypt System) RSA Data Security Inc. 9.2 MIME S/MIME PKCS#7 Base64 RFC2311 MIME Internet Draft MIME - 45 -
1) RFC Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name=smime.p7m Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7m Internet Draft Content-Type: application/x-pkcs7-mime; name=smime.p7m Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7m 2) RFC Content-Type: application/pkcs7-mime; smime-type=signed-data; name=smime.p7m Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7m Internet Draft Content-Type: application/x-pkcs7-mime; name=smime.p7m Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7m 3) RFC Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7s Internet Draft Content-Type: application/x-pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7s 4) RFC Content-Type: application/pkcs10; name=smime.p10 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p10 Internet Draft Content-Type: application/x-pkcs10; name=smime.p10 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p10 5) RFC Content-Type: application/pkcs7-mime; smime-type=cert-only; name=smime.p7c Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7c Internet Draft Content-Type: application/x-pkcs7-mime; name=smime.p7c Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7c - 46 -
9.3 1) multipart/signed To: Hiroyuki Sawano <sawano@orangesoft.co.jp > From: Taro Sawano <sawano1@orangesoft.co.jp > Subject: Digital Sign MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms8b7876c5a4971b52e1d24e61" This is a cryptographically signed message in MIME format. --------------ms8b7876c5a4971b52e1d24e61 Content-Type: text/plain; charset=iso-2022-jp Content-Transfer-Encoding: 7bit JIS --------------ms8b7876c5a4971b52e1d24e61 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIIQDwYJKoZIhvcNAQcCoIIQADCCD/wCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC Dn0wggnHMIIJMKADAgECAhA4kcRP4QGC7RTq2FZKZF0TMA0GCSqGSIb3DQEBBAUAMGIxETAP MjQ2MzRaMB4GCSqGSIb3DQEJDzERMA8wDQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAE QBOPytJm3nmFp6lYXCZHlDyG9VULk8hhgyU0vAHELLV/9Grx4+5fVbeerP/YXSmoZx8G6CTw J7/hi+ooJvN4cuM= --------------ms8b7876c5a4971b52e1d24e61-- 2) PKCS#7 signeddata To: Hiroyuki Sawano <sawano@orangesoft.co.jp > From: Taro Sawano <sawano1@orangesoft.co.jp > Subject: Digital Sign MIME-Version: 1.0 Content-Type: application/x-pkcs7-mime; name="smime.p7m" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExDjAMBggqhkiG9w0CBQUAMIAGCSqGSIb3DQEHAaCAJIAEbkNv bnrlbnqtvhlwztogdgv4dc9wbgfpbg0kq29udgvudc1ucmfuc2zlci1fbmnvzgluzzogcxvvdgvk hvcnaqkemrieefe6im/mzqmtgdlaag17he4wdqyjkozihvcnaqebbqaeqc+f4fyqziv4qgzs3bab YpazDyMF61HtuVOU5rZ9lguQzFB/nH6K+G0cF1+hAmaGdpFkC3lCVh0Py2XnMPg5TvoAAAAAAAAA AA== 9.4 To: Hiroyuki Sawano <sawano@orangesoft.co.jp > From: Taro Sawano <sawano1@orangesoft.co.jp > Subject: Digital Envelop MIME-Version: 1.0 Content-Type: application/x-pkcs7-mime; name="smime.p7m" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7m" Content-Description: S/MIME Encrypted Message MIAGCSqGSIb3DQEHA6CAMIACAQAxgc8wgcwCAQAwdjBiMREwDwYDVQQHEwhJbnRlcm5ldDEX MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDEgQ0Eg Bh0SaWCqCd9p0OpbNnHyi2G3tvMEuC74u+nvWjZT8fXeBAggdxGjYOObZQQIUHE0vqb2lnIA AAAAAAAAAAAA - 47 -
9.5 + To: Hiroyuki Sawano <sawano@orangesoft.co.jp > From: Taro Sawano <sawano1@orangesoft.co.jp > Subject: Digital Sign And Digital Envelop MIME-Version: 1.0 Content-Type: application/x-pkcs7-mime; name="smime.p7m" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7m" Content-Description: S/MIME Encrypted Message MIAGCSqGSIb3DQEHA6CAMIACAQAxgc8wgcwCAQAwdjBiMREwDwYDVQQHEwhJbnRlcm5ldDEX MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDEgQ0Eg LSBJbmRpdmlkdWFsIFN1YnNjcmliZXICEDiRxE/hAYLtFOrYVkpkXRMwDQYJKoZIhvcNAQEB BJ/HfTc8/7A5BBBpHHa3fZXWmE4T/uRhx4NiBDCGvxP7QFMih9lWyt6FPuCfmwwHJOrjqBkQ eorm8+hsw8f50a47pk7vz6cebs7nxw8ecihy5kf/fcvhaaaaaaaaaaaaaa== 9.6 To: smime-enroll@digitalid.verisign.com From: sawano1@orangesoft.co.jp Reply-To: sawano1@orangesoft.co.jp Subject: Cert Request Mime-Version: 1.0 Content-Type: application/x-pkcs10 Content-Transfer-Encoding: base64 MIIBQDCB6wIBADA9MRkwFwYDVQQDExBBbGV4YW5kcmUgRGVhY29uMSAwHgYJKoZI YTEwDQYJKoZIhvcNAQECBQADQQABpH1/eqAnA6bA6zxDYZvJp8I8qXabr1ltGda7 j5spulsbuzkpia0dgw2o21fythz5nyb6oo9mjeiythgw3voh - 48 -
9.7 1) From: smime-info@verisign.co.jp To: sawano@orangesoft.co.jp Subject: Your VeriSign Class 1 S/MIME Digital ID Errors-to: errors@verisign.co.jp MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=================verisignonlineca_926060059_" X-winbiff-flags: Seen --=================VeriSignOnlineCA_926060059_ Content-Type: application/x-pkcs7-mime; name="verisign.p7c" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="verisign.p7c" MIIH4gYJKoZIhvcNAQcCoIIH0zCAAgEBMQAwCwYJKoZIhvcNAQcBoIAwggRzMIID 3KADAgECAhBSHbxudA47yQAkoRWHwCk0MA0GCSqGSIb3DQEBBAUAMIG1MRwwGgYD nbbrrt38ggtb5uzc1d3ltwruluuewztysgqfzdipgmnwlihsvrq+8lcnl0hzjk4b htmvd1ekbp84wuohkzi2m7b9ochvlvj0rjjxfqjgi2d/bjccgfyzg4lpzaz1gwbz AAAxAAAA --=================VeriSignOnlineCA_926060059_ Content-Type: text/plain; charset=iso-2022-jp Content-Transfer-Encoding: 7bit S/MIME ID JIS VeriSign Digital ID Center id-center@verisign.co.jp --=================VeriSignOnlineCA_926060059_ Content-Type: text/plain; charset=iso-2022-jp Content-Transfer-Encoding: 7bit --=================VeriSignOnlineCA_926060059_-- 2) PKCS#7 1 From: Taro Sawano <sawano1@orangesoft.co.jp> Mime-Version: 1.0 Content-Type: MultiPart/Mixed; Boundary="---------971840212-66036305" X-winbiff-flags: Seen -----------971840212-66036305 Content-Type: text/plain; charset=iso-2022-jp JIS -----------971840212-66036305 Content-Transfer-Encoding: Base64 Content-Type: application/pkcs7-mime; name="sawano1.p7c" Content-Disposition: attachment; filename=" sawano1.p7c" MIAGCSqGSIb3DQEHAqCAMIACAQExADALBgkqhkiG9w0BBwGggDCCBHQwggPdoAMCAQICED8 lxampnts5jp/o62cvbmwdqyjkozihvcnaqeebqawgbuxhdaabgnvbaote1zlcmltawduieph ZdIPGMNWLiHsVRQ+8lCnL0Hzjk4bhtMvd1ekbp84WuohKzi2m7b9OcHvlVJ0rJJxfqjgi2D/ bjccgfyzg4lpzaz1gwbzaaaxaaaaaaaaaa== -----------971840212-66036305 - 49 -
3) DER X.509 From: Taro Sawano <sawano1@orangesoft.co.jp> Mime-Version: 1.0 Content-Type: MultiPart/Mixed; Boundary="---------971840212-66036305" X-winbiff-flags: Seen -----------971840212-66036305 Content-Type: text/plain; charset=iso-2022-jp JIS -----------971840212-66036305 Content-Transfer-Encoding: Base64 Content-Type: application/ pkix-cert; name="sawano1.cer" Content-Disposition: attachment; filename=" sawano1.cer" MIAGCSqGSIb3DQEHAqCAMIACAQExADALBgkqhkiG9w0BBwGggDCCBHQwggPdoAMCAQICED8 lxampnts5jp/o62cvbmwdqyjkozihvcnaqeebqawgbuxhdaabgnvbaote1zlcmltawduieph ZdIPGMNWLiHsVRQ+8lCnL0Hzjk4bhtMvd1ekbp84WuohKzi2m7b9OcHvlVJ0rJJxfqjgi2D/ bjccgfyzg4lpzaz1gwbzaaaxaaaaaaaaaa== -----------971840212-66036305 - 50 -
10 VeriSign md5withrsaencryption RSA(1024 ) - 51 -
md5withrsaencryption 49 AB 1D AC 7A BF 6D 54 09 E0 53 0C DB CF 53 8E 32 7D 0E 1E EB 17 F9 A6 BC 5B 12 D2 8A 6D C3 DE CC 7C 4B 47 A9 20 DA 31 3F B9 C6 50 46 26 31 36-52 -
11 14 Class1( )4( ) Class1 OK X.500 OU = Class 1 Public Primary Certification Authority O = VeriSign, Inc. C = US OU = Class 1 Public Primary Certification Authority O = VeriSign, Inc. C = US CA X.500 CN = VeriSign Class 1 CA - Individual Subscriber OU = Terms of use at https://www.verisign.co.jp/rpa (c) 98 OU = VeriSign Trust Network O = VeriSign Japan K.K. X.500 E = sawano@orangesoft.co.jp CN = Hiroyuki Sawano OU = Digital ID Class 1 - SMIME Orangesoft Inc./Winbiff/2.1 OU = www.verisign.com/repository/cps Incorp. by Ref.,LIAB.LTD(c)96 OU = VeriSign Class 1 CA - Individual Subscriber O = VeriSign Japan K.K. C = JP VeriSign VeriSign Web Repository VeriSign PKI Hierarchy http://www.verisign.com/repository/hierarchy/hierarchy.pdf - 53 -
12 1) 2) Web Microsoft Outlook Express Internet Explorer 3) SHA.1 20 MD5 16-54 -
13 () () PKI () PGP Simon Garfinkel () () UNIX & Simon Garfinkel Gene Spafford () E-Mail Bruce Schneier () 1998.2 () IPA RFC http://www.ipa.go.jp/security/rfc/rfc.html () http://www.sisnet.or.jp/sis/dokuhon/index.html (ECOM) http://www.ecom.or.jp/qecom/about_wg/wg05/cr-swg/code-index.html PKIX Working Group http://www.imc.org/ietf-pkix/ S/MIME Working Group http://www.imc.org/ietf-smime/ - 55 -
FAX:03-5978-7518 e-mail: isec-info@ipa.go.jp - 56 -