Manualshelf

Sendmail 8.13.3 Securing Mailing Solution

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 ONC and NFS Software
12345678910
communication over the Internet. It enables the SMTP agents to protect some or all of
their communications from eavesdroppers and attackers.
The STARTTLS feature offers the following benefits:
Verifies the identity of the client and server in a mail transmission.
Authenticates a user for relaying through a mail server.
Encrypts mail transmissions.
Encrypts transmissions between two mail servers over the Internet.
Sendmail 8.13.3 relies on the OpenSSL implementation for cryptographic algorithms.
The cryptographic algorithms used for encrypting messages are completely transparent
to Sendmail 8.13.3.
OpenSSL is an open source implementation of the SSL and TLS protocols. The version
of OpenSSL available on the HP-UX 11i v1 and HP-UX 11i v2 operating systems is
OpenSSL A.00.09.07l. The version of OpenSSL available on the HP-UX 11i v3 operating
system is OpenSSL A.00.09.08d. Both OpenSSL A.00.09.07l and A.00.09.08d include a
general-purpose cryptography library and implementation of the Secure Sockets Layer
(SSL v2/v3) and Transport Layer Security (TLS v1) protocols.
This section addresses the following topics:
“Cryptography Algorithm” (page 10)
“Certificates and Authorities” (page 11)
Cryptography Algorithm
The TLS subsystem uses the following components to provide services, such as integrity
checking, authentication, and confidentiality:
Private key algorithms, or symmetrical cryptography. This component uses a
shared secret and the key, for both encryption and decryption of a message. Input
data is mathematically processed using the algorithm and the key, to produce the
ciphertext output that must be decrypted for the recipient. Commonly used private
key algorithms include DES, Blowfish, AES, and IDEA.
Public key algorithms. These algorithms use two mathematically related keys to
separate the processes of encryption and decryption. By using functions that are
easy to perform in one direction but difficult to perform in the opposite direction,
the two keys provide a high level of security if large numbers are used. Commonly
used public key algorithms include RSA, El Gamal, and Diffie-Hellman.
While establishing a TLS session, you can use public key cryptography to exchange
a session key that is used in a private key algorithm. You can also use these public
keys to authenticate the server and, if required, the client, and to provide
session-level encryption and confidentiality for the entire session.
Hash algorithms. These algorithms are a set of one-way functions that accept a
variable length input, and, after mathematical processing, produce a fixed length
output. The transformations of the data produce a fingerprint of the input. The
10