Security flaws in email signatures and end-to-end encryption

16.08.2019 - Jens Müller

In cooperation Münster University of Applied Sciences, we published two more “Johnny” papers on email security. “Johnny, you are fired!” (USENIX Security 2019, shows practicals forgery attacks against various implementations of OpenPGP and S/MIME email signature verification in five different attack classes. “Re: What's up Johnny” (ACNS 2019, depicts covert content attacks on OpenPGP and S/MIME encryption and signatures in the context of email. In both papers we do not target the underlying cryptographic primitives, but instead abuse legitimate features of email-related RFCs.

tags: email, openpgp, smime