Security flaws in email signatures and end-to-end encryption

16.08.2019 - Jens Müller

In cooperation Münster University of Applied Sciences, we published two more “Johnny” papers on email security. “Johnny, you are fired!” (USENIX Security 2019, https://usenix.org/system/files/sec19-muller.pdf) shows practicals forgery attacks against various implementations of OpenPGP and S/MIME email signature verification in five different attack classes. “Re: What's up Johnny” (ACNS 2019, https://arxiv.org/pdf/1904.07550) depicts covert content attacks on OpenPGP and S/MIME encryption and signatures in the context of email. In both papers we do not target the underlying cryptographic primitives, but instead abuse legitimate features of email-related RFCs.

tags: email, openpgp, smime