PEM - Privacy Enhanced Mail

PEM (Privacy Enhanced Mail) is an Internet standard for secure electronic mail. The standard adds several security services to the Internet electronic mail messages (i.e. RFC 822):

message origin authentication - identity of the originator of a message is corroborated
message integrity - the message has not been altered in an unauthorized manner
nonrepudiation of origin - the originator can not deny having sent the message
message confidentiality (optional) - the message is not made available or disclosed to unauthorized individuals, entities or processes

PEM is designed to support these services in the RFC 822 context, meaning that they can be applied only to plain text messages. An attempt to provide PEM solutions to the MIME (Multipurpose Internet Mail Extensions) messages is called MOSS (MIME Object Security Services). PEM standard is specified in the following RFCs (Request for Comments):

Implementations

To date several implementations of PEM have been introduced. Among implementations from Europe, we can mention those that were developed during the PASSWORD project and ICE-TEL project, e.g.

SECUDE from GMD,
EXMH from UNINETT
plug-in for MS Exchange from GMD

Several graphical interfaces for secure e-mail use these packages and integrate them with different mailers. You should try OUR that works with SECUDE and is based on Motif.

Other known implementations are

RSA and Trusted Information Systems: TIS/PEM
RIPEM, Riordan's Internet Privacy Enhanced Mail
FJPEM (From Japan PEM)
COST - PEM (Sweden)

Tutorials

A tutorial on PEM from COST (Sweden)

Last modified: 9.10.1995 by Tomaz K.