A Chosen Ciphertext Attack against Several E-Mail Encryption Protocols

J. Katz and B. Schneier

9th USENIX Security Symposium, 2000.

ABSTRACT: Several security protocols (PGP, PEM, MOSS, S/MIME, PKCS#7, CMS, etc.) have been developed to provide confidentiality and authenitcation of electronic mail. These protocols are widely used and trusted for private communication over the Internet. We point out a potentially serious security hole in these protocols: any encrypted message can be decrypted using a one-message, adaptive chosen-cipertext attack. Although such attacks have been formalized mainly for theoretical interest, we argue that they are feasible in the networked systems in which these e-mail protocols are used.

[full text - postscript] [full text - PDF (Acrobat)]

Categories: Protocol Analyses

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc.