LLMpediaThe first transparent, open encyclopedia generated by LLMs

PGP/MIME

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Cipher Block Chaining Hop 4
Expansion Funnel Raw 110 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted110
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
PGP/MIME
NamePGP/MIME
Introduced1999
DeveloperCounterpane Systems; RFC 3156 editors
StandardRFC 3156
RelatedOpenPGP, MIME, S/MIME, PGP

PGP/MIME

PGP/MIME is a standard for securing email that combines Pretty Good Privacy-derived OpenPGP formats with Multipurpose Internet Mail Extensions multipart packaging. It enables Phil Zimmermann-style encryption and Jon Callas-influenced signing to be transported alongside structured message parts used by clients such as Microsoft Outlook, Mozilla Thunderbird, Apple Mail and server-side systems like Sendmail, Postfix or Exim. The design bridges precedents from S/MIME RFC 3851 and earlier RFC 2015 practices while fitting into an Internet standards process involving the Internet Engineering Task Force and working groups such as IETF OpenPGP Working Group.

Overview

PGP/MIME specifies how to encode OpenPGP encrypted and signed content inside MIME multipart containers so that attachments, inline media and character encodings are preserved when addressed to recipients using clients like Gmail webmail, Yahoo! Mail, Outlook.com or enterprise systems such as IBM Lotus Notes. It defines content types and boundary semantics compatible with existing SMTP transport, IMAP stores of Dovecot or Courier IMAP and POP3 retrieval by software from vendors including Microsoft and Apple Inc.. Implementations interoperate with cryptographic key infrastructures familiar from PGP Corporation history and communities around projects like GnuPG, OpenSSL, LibreSSL and GnuTLS.

History and Development

PGP/MIME emerged from efforts to resolve interoperability problems evident in early PGP "inline" conventions used by users of Usenet and AOL mail, and from debates within the Internet Engineering Task Force that included participants from RSA Security, PGP Corporation, and academic contributors affiliated with MIT, Stanford University, University of California, Berkeley and Carnegie Mellon University. Editors of RFC 3156 drew on the legacies of Phil Zimmermann and engineers such as Jon Callas and discussions involving vendors like Microsoft Corporation and Netscape Communications Corporation. The standardization followed preceding efforts documented in RFCs and was informed by operational experience from early adopters including MIT PGP, German Federal Office for Information Security pilots, and open source communities centered on GnuPG and Sequoia-PGP.

Technical Specifications

PGP/MIME mandates encapsulation of OpenPGP packets within MIME entities using content types such as multipart/encrypted and multipart/signed, employing canonicalization and hashing algorithms referenced by RFC 4880 and leveraging symmetric ciphers like AES and public-key algorithms such as RSA and Elgamal. The MIME layering supports content-transfer-encoding compatible with Base64 and Quoted-Printable used in clients such as Microsoft Outlook Express, Mozilla SeaMonkey, Evolution, and K-9 Mail. Message digest and signature algorithms trace lineage to standards overseen by NIST and used in libraries like libgcrypt and OpenSSL. The format also addresses character set handling under UTF-8 and language tags referenced by IETF BCP 47.

Interoperability and Implementations

Implementations of PGP/MIME exist across ecosystems: GnuPG and Sequoia-PGP provide core processing used by clients such as Mozilla Thunderbird (via Enigmail originally), Claws Mail, Mutt, Sylpheed, Evolution, Outlook via plugins, and mobile apps like OpenKeychain for Android and iOS integrations. Server-side gateways in enterprises running Postfix, Exim or Sendmail may perform archival and filtering in combination with DLP appliances from vendors like Symantec or McAfee. Interop testing has involved projects such as IETF Interop events and mail transport tests among providers including Google, Microsoft, Yahoo! and academic mail services at MIT and Stanford University.

Security Considerations

PGP/MIME's security depends on the robustness of OpenPGP primitives, the confidentiality provided by symmetric ciphers like AES-256 and the authenticity ensured by signature schemes such as RSA-PSS or DSA. Threat models reference adversaries studied by institutions like EFF, SANS Institute and NIST; real-world incidents investigated by CERT and ENISA emphasize secure key management, trust models, and protection against metadata leakage via mail headers handled by SMTP and archived by services like Google Workspace or Microsoft 365. Integration with hardware security modules from Yubico and smartcard standards like PKCS#11 mitigates private-key exfiltration risks flagged in audits by Kaufman, Perlman, and Speciner and others.

Adoption and Usage

Adoption has been strongest among privacy-focused communities, open-source developers and academic researchers at institutions such as MIT, Harvard University, University of Oxford and University of Cambridge, and within activist networks associated with Electronic Frontier Foundation and Tor Project. Enterprises in finance, healthcare and government evaluated PGP/MIME in pilot programs led by IBM, Siemens, Deutsche Telekom and national agencies including GCHQ and NSA for compatibility studies. Cloud email providers and major software vendors influenced uptake through client support decisions at Mozilla Foundation, Microsoft Corporation, Google LLC and Apple Inc..

Criticisms and Limitations

Critics from groups such as EFF and researchers at University of California, Berkeley and Princeton University cite usability issues echoed by Bruce Schneier and Ross Anderson, deployment complexity highlighted by IETF discussion threads, and difficulties with key discovery and revocation that intersect with proposals from Keybase, DNSSEC and OpenID Foundation. Interactions with modern mail hygiene systems, mailing lists at LISTSERV installations, and automated processors at Mailman and Sendmail sometimes break multipart semantics, a concern raised in operational reports from USENIX and DEF CON presentations. Scalability and forward secrecy limitations compared to Signal Protocol and OMEMO are further points raised by cryptographers affiliated with Google and academic labs.

Category:Email standards