PEM is the draft Internet Privacy-Enhanced Mail standard, designed, proposed, but not yet officially adopted, by the Internet Activities Board to provide secure electronic mail over the Internet. Designed to work with RFC 822 e-mail formats, PEM includes encryption, authentication, and key management, and allows use of both public-key and secret-key cryptosystems. Multiple cryptographic tools are supported; for each mail message, the specific encryption algorithm, digital signature algorithm, hash function, and so on are specified in the header. PEM explicitly supports only a few cryptographic algorithms; others may be added later. DES (see Question 64) in CBC mode is currently the only message encryption algorithm supported, and both RSA (see Question 8) and DES are supported for key management. Public-key management in PEM is based on X.509 certificates (see Question 165).
The details of PEM can be found in Internet RFCs 1421 through 1424. PEM has been on the draft track for more than two years and it seems that the standard may be superseded by S/MIME and PEM-MIME. Trusted Information Systems has developed a free non-commercial implementation of PEM, and other implementations have been developed such as RIPEM (see Question 178).
| Question 131 |