Hc Vin K Thut Mt MMn An Ton Th Tn in TGiao thc S/MIME (Secure/MultipurposeInternet Mail Extensions)Ging vin: Sinh vin : V Vn QunPhan Quc TunNguyn Quc TrungH Ni, 2012

Mc lcPHN I:GII THIU3PHN 2:S/MIME51.Phng thc hot ng ca h thng th in t:51.1SMTP (Simple Mail Transfer Protocol).51.2POP (Post Office Protocol).61.3IMAP (Internet Message Access Protocol).62.Nhng trng Header MIME72.1Trng header MIME-Version72.2Trng Header Content-Type82.3C php ca trng Content-Type92.4Content-Type Default112.5Trng Header Content-Transfer-Encoding122.6Trng Content-ID122.7Trng header Content-Description132.8Cc trng header MIME ph133.Body143.1Gii Thiu V MIME (Multipurpose Internet Mail Extensions)143.2Gii Thiu Mt S Kiu Tng Qut Ban u144.An ton v bo mt cho th in t224.1H tng kha cng khai PKI224.2Giao thc S/MIME245.Chng trnh Demo26

PHN I: GII THIU

Ngy nay, mng Internet tr thnh nn tng chnh cho s trao i thng tin trn ton cu. C th thy mt cch r rng l Internet v ang tc ng ln nhiu mt ca i sng chng ta t vic tm kim thng tin, trao i d liu n vic hot ng thng mi, hc tp nghin cu v lm vic trc tuyn... Nh Internet m vic trao i thng tin cng ngy cng tin li, nhanh chng hn, khi nim th in t (email) cng khng cn my xa l vi mi ngi.L mt dch v ph bin nht trn Internet,thin t gipmi ngi s dng my tnh kt niInternet u c th trao i thng tin vi nhau. Tm li mi giao dch, trao i u c th thng qua th in t.Tuy nhin trn mi trng truyn thng ny, ngoi mt tch cc Internet cng tim n nhng tiu cc ca n i vi vn bo v thng tinDo , nhng yu cu c t ra i vi vic trao i thng tin trn mng: Bo mt tuyt i thng tin trong giao dch m bo tnh ton vn ca thng tin. Chng thc c tnh ng n v php l ca thc th tham gia trao i thng tin. m bo thc th khng th ph nhn hay chi b trch nhim ca h v nhng hot ng giao dch trn Internet.T thc t cn c phng php bo mt thng tin nhm ci thin an ton trn Internet. Vic tm ra gii php bo mt d liu, cng nh vic chng nhn quyn s hu ca c nhn l mt vn lun lun mi. Bo mt phi c nghin cu v ci tin theo kp s pht trin khng ngng ca cuc sng. Lm sao bo mt d liu? Lm sao tin tc truyn i khng b mt mt hay b nh tro? Lm sao ngi nhn bit c thng tin m h nhn c c chnh xc hay khng? b thay i g cha? Lm sao bit c thng tin ny do ai gi n? thuc quyn s hu ca ai?... Nhng cu hi c t ra l mt thch thc rt ln i vi nhng ngi nghin cu v bo mt. C rt nhiu cch thc bo v thng tin trn ng truyn, nhiu gii php c xut nh: s dng mt khu (password), m ha d liu, hay steganography (giu s tn ti ca d liu) Cng vi s pht trin ca cc bin php bo mt ngy cng phc tp, th cc hnh thc tn cng ngy cng tinh vi hn. Do vn l lm sao a ra mt gii php thch hp v c hiu qu theo thi gian v s pht trin mnh m ca khoa hc k thut.C hai phng php s dng c ch mt m kha bt i xng. PGP v S/MIME. C hai phng php ny u cho php ch k s v m ha ni dung email. PGP c pgp.com (http://www.symantec.com) cp v tng thch vi hu ht cc email client chun. S/MIME c s dng choMicrosoftOutlook v mt s email client khc, nhng trc khi s dng S/MIME, bn phi c c chng ch S/MIME do mt cng ty th ba cung cp. Trong khun kh ca bn tiu lun ny, s i su vo trnh by v c ch S/MIME s dng trong k v m ha th in t.

PHN 2:S/MIME

1. Phng thc hot ng ca h thng th in t:Ngy nay, th in t hot ng da trn m hnh client/server. Ngha l, mt email s c to bi mt Mail User Agent (MUA) v c gi n mt mail server, sau mail server s chuyn email n mail server ca ngi nhn. M hnh sau s m t iu ny:

M hnh client/serverCng nh bt c mt dch v no lin quan n my tnh, th in t i hi mt ngn ng chung cho vic truyn th trn Internet, ngn ng c ni n nh l mt giao thc (protocol) c dng truyn thng gia cc mail server vi nhau hoc gia MUA vi mail server. SMTP (Simple Mail Transfer Protocol) l mt giao thc ph bin nht trong vic gi th v trong vic nhn th th phi k n l hai giao thc POP (Post Office Protocol) v IMAP (Internet Message Access protocol).1.1 SMTP (Simple Mail Transfer Protocol).SMTP l mt giao thc c s dng rng ri cho vic gi mail t MUA n mail server hoc t mail server ny n mail server khc. SMTP bao gm mt tp cc cu lnh n gin c dng khai bo cc thng tin cn thit trong vic gi mail nh l a ch ngi nhn, ngi gi v d liu thc t ng vi cc lnh MAIL, RCPT v DATA.c bit, giao thc SMTP khng i hi phi xc nhn ngi gi l ai (authentication), do bt k ai trn Internet cng c th gi email n mt ngi hoc thm ch mt nhm ngi no , y l l do v sao li xut hin th nc danh, th qung co (spam) trong hp th ca chng ta.1.2 POP (Post Office Protocol).Khi ai gi mail cho bn th mail s c lu trong hp th ca ti khon ca bn trn mail server. POP l mt giao thc cho php bn ng nhp vo mail server vi ti khon v mt m ca bn, sau ly th ang c lu trong hp th v qun l trn my cc b ca bn, thng sau khi bn ly th v th th s b xo trn server. Phin bn hin nay ca POP l POP3 v ang c s dng rt ph bin nh vo nhng u im nh cc mail c ly v my cc b nn khi c mail th khng cn phi kt ni Internet v gim ng k khng gian lu tr trn mail server. Nhng POP cng c nhng hn ch nh bn khng th c mail bi nhiu my khc nhau, v d nh mt nhn vin vn phng duyt mail mt my no trong vn phng th h khng th duyt nhng mail mt ln na ti nh v nhng mail c ly v my ti vn phng v khng cn trn mail server na. Vn trn s c gii quyt nu s dng giao thc IMAP duyt mail. Giao thc IMAP s c trnh by ngay sau y.1.3 IMAP (Internet Message Access Protocol).Nh ni trn, IMAP cho php bn duyt mail trc tip ngay trn mail server m khng ph thuc bn s dng my tnh no duyt mail. iu cho thy bn c th duyt mail bt c u, bng bt c my tnh no nhng cng vn c hn ch nh nu bn khng th kt ni Internet hay cht lng ng truyn qu xu th bn khng th duyt mail c. Phin bn hin nay ca IMAP l IMAP4 v v vic hin thc giao thc IMAP rt phc tp cho nn IMAP khng c s dng rng ri bng POP. Tm li, mi giao thc POP v IMAP u c u im v khuyt im ring nn ty vo cc iu kin c th m s dng cho thch hp.

2. Nhng trng Header MIME MIME nh ngha mt s trng header mi so vi RFC822 m c dng miu t ni dung ca mt MIME entity. Nhng trng header ny xy ra t nht trong hai tnh hung:(1) Nh mt phn ca message header thng thng. (2) Trong mt MIME body part header trong vng mt cu trc multipart.nh ngha chnh thc ca nhng trng header ny nh sau: entity-headers := [ content CRLF ][ encoding CRLF ] [ id CRLF ] [ description CRLF ]*( MIME-extension-field CRLF )MIME-message-headers := entity-headers fields version CRLFMIME-part-headers := entity-headers [ fields ]Cu trc ca nhng trng header MIME khc nhau s c miu t trong phn sau.2.1 Trng header MIME-VersionTrng ny dng khai bo phin bn ca Internet message body format ang dng. Message son tho ph hp vi chun ny phi bao gm mt trng header ny vi text ng nguyn vn nh sau:MIME-Version: 1.0S c mt ca trng header ny l mt s khng nh m message ny c son tho theo ng chun ny. Trong tng lai chun ny c th m rng nh dng chun cho message ln na. BNF a ra ni dung ca trng MIME-version:Phin bn := "MIME-Version" ":" 1*DIGIT "." 1*DIGITDo vy, nhng specifier nh dng tng lai c th thay th hoc m rng 1.0, n b p buc l hai trng s nguyn phn bit bi du chm. Nu mt message c nhn vi mt gi tr MIME-version khc 1.0 th n khng th khng c tht ph hp vi chun ny.Ch rng trng header MIME-Version c bt buc mc cao ca mt message. N khng cn cho mi body part ca mt multipart entity. N c yu cu cho cc header c nhng ca mt body theo kiu message/rfc822 hoc message/partial nu v ch nu message c nhng th khng chnh n l MIME-conformant. l mt lu sai phin bn iu khin cc kiu mi trng c bit th khng y trong vic s dng c ch MIME-Version. Ni ring, mt vi nh dng (nh ng dng/postscript(tibt)) c nhng tha thun ngm v s phin bn m n bn trong nh dng mi trng. Ni no c cc s tha thun tn ti, kiu mi trng MIME kkng lm g thay th chng. Ni no khng c cc s tha thun ny tn ti th kiu mi trng c th s dng mt thng s phin bn trong trng Content-Type nu cn.Ch i vi ngi thc hin: Khi kim tra gi tr MIME-Version ca bt c nhng chui li ch gii c mt th phi l i. Ni ring, bn trng MIME-Version sau cng tong t.MIME-Version: 1.0MIME-Version: 1.0 (produced by MetaSend Vx.x)MIME-Version: (produced by MetaSend Vx.x) 1.0MIME-Version: 1.(produced by MetaSend Vx.x)0Trong s vng mt ca trng MIME-Version, mt chng trnh nhn mail (liu c thch hp vi cc yu cu MIME hoc khng) c th la chn mt ty hiu body ca message ty theo cc tha thn cc b. Nhiu s tha thun hin ti ang c s dng v n nn c ch thch trong thc hnh cc message non-MIME c th cha v bt c th g.N th khng c kh nng t no mt message mail non-MIME th tht s l plain text trong character set US-ASCII mt khi n c th l mt message m s dng mt vi tp ca cc s tha thun cc b khng chun m d on l MIME bao gm text trong character set khc hoc d liu non-textual c trnh by trong mt manner m n khng th t ng nhn ra.2.2 Trng Header Content-TypeMc ch ca trng Content-Type l miu t d liu c cha trong body mt cch y m chng trnh nhn mail c th ly n t mt chng trnh ph hp hoc c ch biu din d liu cho ngi dng hoc ngc li s gii quyt d liu trong mt cch thch hp. Gi tr ca trng ny c gi l kiu mi trng.Ni chung, kiu mi trng mc cao thng dng khai bo kiu chung ca d liu trong khi kiu ph ch ra mt nh dng c bit cho kiu d liu. Do , mt kiu mi trng ca image/xyz th ni vi mt ni nhn mail kiu d liu l mt hnh nh thm ch ni nhn khng bit nh dng hnh nh c bit xyz. Nhiu thng tin c th c s dng v d: quyt nh liu c hoc khng a ra cho ngi dng d liu th t mt kiu ph cha nhn ranh mt hnh ng c th l l do cho nhng kiu ph cha c nhn ra ca text nhng khng cho nhng kiu ph khng c nhn ra ca hnh nh hoc m thanh. V l do ny, nhng kiu ph c registered ca text, hnh nh, audio v video khng nn cha thng tin c nhng th l mt kiu khc. Nhiu nh dng ghp nn c trnh by s dng kiu multipart hoc application.Nhng thng s l ca kiu ph ca mi trng v c bn khng nh hng n bn cht ca ni dung. Tp hp cc thng s ph thuc vo cc kiu v kiu ph ca mi trng. Hu ht cc thng s u ph hp vi mt kiu ph c th. Tuy nhin, mt kiu mi trng mc cao c th nh ngha cc thng s m c th p dng c vi bt k kiu ph ca kiu . V d: thng s charset th c th dng cho bt k kiu ph ca text trong khi thng s boundary th phi c cho bt k kiu ph no ca kiu mi trng multipartKhng c thng s y ngha m p dng cho tt c kiu mi trng. Nhng c ch chung ch thc c gi thng tt nht trong m hnh MIME bi s nh ngha ca cc trg ph Content-*.Tp hp ca nhng kiu mi trng v c bn hon thnh. Trong tng lai nhng kiu mi trng mc cao hn c th ch c nh ngha bi s m rng standards-track n chun ny. Nu mt kiu top-level khc cng c s dng cho bt k l do no n phi bt u vi X- ch ra trng thi khng chun ca nv trnh mt kh nng xung t vi mt tn chnh thc tng lai.2.3 C php ca trng Content-TypeMt gi tr trng header Content-Type header c nh ngha nh sau:content := "Content-Type" ":" type "/" subtype *(";" parameter)type := discrete-type / composite-typediscrete-type := "text" / "image" / "audio" / "video" /"application" / extension-tokencomposite-type := "message" / "multipart" / extension-tokenextension-token := ietf-token / x-tokenietf-token := x-token := subtype := extension-token / iana-tokeniana-token := parameter := attribute "=" valueattribute := token value := token / quoted-string token := 1* tspecials := "(" / ")" / "" / "@" / "," / ";" / ":" / "\" /