Monday May 04, 2009

Sending Secure Electronic Mail (S/MIME) in Java (CAPS) the Easy Way

Every now and then one needs to secure communications between parties. Some would say it is necessary to do that all the time and perhaps it is. The issues are the complexity and expense. The complexity comes from having to configure a bunch of tools to support things like encryption and digital signatures for more then a single party. The expense comes from typically having to purchase cryptographic instruments from well known Certification Authorities, and keep on purchasing them all over again every 1 or 2 years. This discussion introduces a class library that offers a set of simple methods for constructing and sending secure electronic mail using the Secure Multipurpose Internet Mail Extensions (S/MIME), the Bounce Castle Cryptographic Libraries and the Java programming language. The intent is to allow a Java CAPS developer, or a Java developer, to add Secure Electronic Mail functionality quickly and easily, and without having to make too much of a time investment learning about PKI-based security and related matters. This addresses the complexity issue. The expense issue is addressed in my Blog Entry, “Producing Free, Private X.509 Certificates for use with PKI-based Solutions”, at http://blogs.sun.com/javacapsfieldtech/entry/producing_free_private_x_509. That blog discusses how to roll out a private Certification Authority and obtain X.509 Certificates., and other cryptographic objects, for free.

This document discusses the use of cryptographic software and manipulation of cryptographic objects. Using or discussing cryptography software is illegal in some parts of the world. It is you responsibility to ensure that you comply with any import/export and use laws that apply to you.

SendingSecureEMailUsingJavaCAPS.pdf


Producing Free, Private X.509 Certificates for use with PKI-based Solutions

When working with PKI-based security solutions one typically requires one or more X.509 Certificates and related private keys. X.509 Certificates are typically purchased from well known Certification Authorities, such Verisign, for a fair amount of money and are valid for 1 or 2 years. It is not perhaps widely known that one can create a perfectly functional X.509 Certificate and use it in PKI-based solutions by oneself, free of charge and valid for an arbitrary amount of time. While tools are available to both generate key pairs and create X.509 Certificates, the how of it is somewhat obscure.  This document discusses the use of the OpenSSL software in creation of private PKI objects such as Key Pairs and X.509 Certificates and PKCS#12 Keystores. It discusses the use of Windows-based scripts, developed by the author, that make the process painless and quick.

This document discusses the use of cryptographic software and manipulation of cryptographic objects.  Using or discussing cryptography software is illegal in some parts of the world. It is you responsibility to ensure that you comply with any import/export and use laws that apply to you.

SettingUpCryptoToolsAndObjects.pdf

About

In this Blog I post abstracts of articles / writeups / notes on various aspects of Java CAPS and SOA Suite including solutions, discussions and screencasts. The links to the referenced material are included in the bodies of the abstracts.

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today