Iaetsd secure emails an integrity assured email

SECURE EMAILS: AN INTEGRITY ASSURED EMAIL
SYSTEMS USING PKI
Mohd Yousuf Md Touseef Sumer
Dept. of Computer science & Engineering Dept. of Electronics and Communication Engineering
Maulana Azad National Urdu University Maulana Azad National Urdu University
Hyderabad Hyderabad
yousuf.asifia@gmail.com touseefsumer@yahoo.com
Abstract - Most important aspect of any application is security. Complex business systems, e-Commerce and automated business
transactions require robust security measures. Companies using the internet environment as a platform to conduct business have a
better probability of success if there is security. However, for e-commerce on the internet, additional security and integrity
mechanism becomes necessary. Merchants are typically not willing to ship goods or perform services until a payment has been
accepted for them. Authentication can allow for a measure of non-repudiation so the customer cannot deny the transaction
occurred. Similarly, consumers need assurance that they are purchasing from a legitimate enterprise, rather than a hacker’s site
whose sole purpose is to collect credit card numbers. With the changes in today’s business environments and the shift from the
traditional face-to-face business models, mechanisms must be developed to ensure that trusted relationships are maintained. The
PKI message service is intended to provide mechanisms to ensure trusted relationships are established and maintained. PKI
Message Service with PKI Plug-in demonstrates how public key cryptography supports risk management requirements and solves
e-commerce security problems in network environments. This is one such application which provides necessary security services to
users. This application is also intended to help organizations determine their requirement and necessity for a PKI, and what features
are needed for their specific business. The PKI Message Service and PKI Plug-in may find its application in business transactions,
banking, military etc.
I. INTRODUCTION
As SMTP email is an open protocol in that a message can be
intercepted and read by any number of third parties. When you
send an email message, that message can be seen and read by
anyone who comes in contact with the message; just like a
postcard. For example, your message may pass through a
number of Internet Service Providers on its journey and
administrators for these ISPs will almost undoubtedly have
access to the contents of messages that you send. When we talk
about secure email, we are talking about the ability to secure a
message in such a way that the contents of that message remain
private between you and your intended recipient and vice versa.
This is achieved through encryption.
A second (and arguably more important) issue with SMTP
email is that it is open to abuse and manipulation. It is very easy
for a third party to forge an SMTP message and make up its
content and address details. This act of impersonation is
commonly known as spoofing. From this perspective, SMTP
email is also unsecure. Therefore, any solution for secure email
should not only provide encryption for privacy but also ideally
authentication and validation that messages are genuine and can
be guaranteed to have originated from the apparent sender. The
act of validating the authenticity of a message is known as
digital signing.
II. REVIEW OF PKI
The PKI Message Service is a mail application which is based
on the idea of PKI. PKI assumes the use of key cryptography,
which is the most common method on the Internet for
authenticating a message sender or encrypting a message. The
mail application provides Information Security of user messages
over insecure networks such as the Internet. This application
can be deployed in domains where monetary transactions
happen seldom.The PKI Message Service offers two-factor
authentication of messages sent, therefore providing privacy,
authentication, integrity, and non-repudiation; these being
referred as the PAIN properties satisfied by most of application
pertaining to Security. The Message Service having been based
on the idea of PKI is bound to use asymmetric keys for its
operations. The application provides services to access private
keys from hardware crypto-tokens such as Aladdin/SafeNet e-
tokens. It also provides for accessing private keys from local
file system. The public keys are maintained by the server of the
PKI Message Service, thereby acting similar to a Key
Distribution Centre (KDC).The users of this mailing application
can send messages which are encrypted, digitally signed or
signed and encrypted to their respective destinations. The users
who receive these messages from other users of the same
application can decrypt, verify or verify and decrypt the
messages from their peers. The asymmetric cryptographic
functions offered by the PKI Message Service is provided by
software programs typically coded in JAVA which run on the
client side of the PKI Messaging Service application. The PKI
Message Service employs a server to manage user’s public key
certificates and other details. The Server scripts are typically
coded in PHP, HTML, CSS and JavaScript along with the
services of a Database to store all the related user information.
The purpose of having such an application on the web reduces
effort to create and maintain similar such applications on
multiple platforms. This application is platform independent and
serves well in Microsoft Windows, Mac OS X Systems.
III. PKI FEATURES AND APPLICATIONS
PKI is a security architecture that has been introduced to
provide an increased level of confidence for exchanging
information over an increasingly insecure internet. PKI expands
as Public Key Infrastructure, which is the most common method
on the internet for authenticating a sender or encrypting a
message. Public key infrastructure encompasses comprehensive
security technologies and policies using cryptography and
provides standards for fundamental computing infrastructure
improvement [1].PKI involves the hardware, software, policies,
and standards that are necessary to manage SSL (Secure Socket
Layer) certificates. A PKI lets users: [1] Authenticate other
users more securely than standard usernames and passwords.
[2] Encrypt sensitive information. [3] Electronically sign
documents more efficiently.
The PKI technology works with a pair of keys. One of
the two keys may be used to encrypt information which can
only be decrypted with the other key. One key is made public
and the other is kept secret. The secret key is usually called the
Proceedings of International Conference on Advances in Engineering and Technology
www.iaetsd.in
ISBN : 978 - 1505606395
International Association of Engineering and Technology for Skill Development
1

private key. Since anyone may obtain the public key, users may
initiate secure communications without having to previously
share a secret through some other medium with their
correspondent.PKI enables users of an insecure public network
to securely and privately exchange data and money through the
use of a public and a private cryptographic key pair that is
obtained and shared through a trusted authority. PKI provides
for a digital certificate that can identify an individual or an
organization and directory services that can store and, when
necessary, revoke the certificates. Although the components of a
PKI are generally understood, a number of different vendor
approaches and services are emerging. Meanwhile, an internet
standard for PKI is being worked on.PKI binds public keys with
a person so in a way that allows users to trust the certificate.
Public Key Infrastructures most commonly use a certificate
authority (also called a Registration Authority) to verify the
identity of an entity and create unforgeable certificates. Web
browsers, web servers, email clients, smart cards, and many
other types of hardware and software all have integrated,
standards-based PKI support that can be used with each other.
A PKI is only as valuable as the standards that are established
for issuing certificates [1].
IV. APPLICATIONS OF PKI:
The most widespread use of PKI is server
identification of certificates. SSL requires a PKI certificate on
the server to assert its identity in a trustworthy manner to the
client. Every HTTPS (Hyper Text Transport Protocol Secure)
web server connection uses SSL and therefore also uses PKI.
This outreach web focuses on client-side applications of PKI -
using end user PKI certificates instead of or in addition to server
certificates [2].
Client-side applications of PKI fit into three main categories:
 Authentication
 Digital signatures
 Encryption
Authentication applies to any application that needs to
know with assurance the identity of the user and that the user is
actually the one who is present. Traditional authentication
typically uses usernames and passwords. PKI provides a more
secure alternative to this whereby identity is proven by
possession of a private key instead of a password. A password
is still usually required to protect the private key, but that
password is managed by the user instead of shared with the
application server (a major improvement in security).Digital
signatures enable a user to put their "digital signature" on an
electronic document. This is directly analogous to signing in
pen on a paper document except it goes one step further and
associates the exact contents of the digital document with the
signature in a way that makes tampering with the document's
contents after the signature easy to detect. Again, it is
possession of the private key that assures that only the owner of
the PKI digital credentials could have executed the signature.
Encryption is standard protection of data in a file with a
twist. Anyone can encrypt data intended to be read by a
particular user by using their public key for the encryption
process, but only the designated user possesses the private key
that can decrypt the data, so its privacy is assured by the
security of their private key [2].
Some of the popular PKI applications:
[I] Authentication [A] Web applications [a] Portals [b] Student
information systems [c] Library online journals
[B] Network appliances [a] VPN concentrators [b] Firewalls
[c] Wireless access points [II] Digital signatures
[A] S/MIME secure email (sign individual emails)
[B] Electronic document processing [a] Signing XML forms
[b] Signing electronic documents [c] Paperless authorization
processes [C] Instant messaging (sign each message)[D]
Encryption [a] S/MIME secure email (encrypt individual
emails) [b] Instant messaging (encrypt each message)
V. WHO PROVIDES THE INFRASTRUCTURE?
A number of products are offered that enable a
company or group of companies to implement a PKI. The
acceleration of e-commerce and business-to-business commerce
over the internet has increased the demand for PKI solutions.
Related ideas are the virtual private network (VPN) and the IP
security (IPsec) standard [4]. Among PKI leaders are:
[1] RSA, which has developed the main algorithms used by PKI
vendors.[2] VeriSign, which acts as a certificate authority and
sells software that allows a company to create its own certificate
authorities.[3] GTE Cyber Trust, which provides a PKI
implementation methodology and consultation service that it
plans to vend to other companies for a fixed price.[4] Xcert,
whose Web Sentry product that checks the revocation status of
certificates on a server, using the Online Certificate Status
Protocol (OCSP).[5] Netscape, whose Directory Server product
is said to support 50 million objects and process 5,000, queries a
second.[6] Secure E-Commerce, which allows a company or
extranet manager to manage digital certificates.[7] Meta-
Directory, which can connect all corporate directories into a
single directory for security management.
VI. INFORMATION SECURITY AND PAIN
PROPERTIES
PKI technology is used in the project, because of its
property of information security. Privacy, authentication,
integrity and non-repudiation services together provide
Information Security.
Privacy/Confidentiality -Data confidentiality is
designed to protect the data from disclosure attack. It is
designed to prevent snooping and traffic analysis attack. It is
provided by encrypting the message using Public key of the
receiver.
Authentication - Authentication is used to check the
authentication of the sender and receiver during the connection
establishment. It is provides by encipherment, digital signature
and authentication exchanges.
Integrity - Data Integrity security service is used to
ensure whether the integrity of the data has been preserved or
not. It is provided by signing the message using private key of
the sender and verifying the message using sender’s public key.
Non-Repudiation - Non-repudiation service protects
against repudiation by either sender or receiver of the data. In
non-repudiation with proof of origin, the receiver of the data
can later prove the identity of the sender if denied. In non-
repudiation with proof of delivery, the sender of the data can
later prove that the data were delivered to the intended recipient.
It is provided by digital signature, data integrity and
notarization.
VII. LITERATURE SURVEY
www.iaetsd.in
ISBN : 978 - 1505606395
2

Literature Survey aims to review the critical points of current
knowledge including substantive findings as well as theoretical
and methodological contributions on the topic.
A. BASICS OF CRYPTOGRAPHY
Cryptography is the practice and study of techniques
for secure communication in the presence of third parties
(adversaries). It is about constructing and analyzing protocols
that overcome the influence of adversaries and which are related
to various aspects in information security such as data
confidentiality, data integrity, and authentication [6]. Modern
cryptography is heavily based on mathematical theory and
computer science practice; cryptographic algorithms are
designed around computational hardness assumptions, making
such algorithms hard to break in practice by any adversary. It is
theoretically possible to break such a system but it is infeasible
to do so by any known practical means. These schemes are
therefore termed computationally secure; theoretical advances
and faster computing technology require these solutions to be
continually adapted. Modern cryptography is based upon:
 Symmetric-key cryptography
 Asymmetric-key cryptography
 Hash
SYMMETRIC KEY CRYPTOGRAPHY
Symmetric-key algorithms are a class of algorithms for
cryptography that use trivially related, often identical,
cryptographic keys for both encryption of plaintext and
decryption of cipher text. The encryption key is trivially related
to the decryption key, in that they may be identical or there is a
simple transformation to go between the two keys [7].The keys,
in practice, represent a shared secret between two or more
parties that can be used to maintain a private information link.
When used with asymmetric ciphers for key transfer,
pseudorandom key generators are nearly always used to
generate the symmetric cipher session keys. However, lack of
randomness in those generators or in their initialization vectors
is disastrous and has led to cryptanalytic breaks in the past.
Therefore, it is essential that an implementation uses a source of
high entropy for its initialization. A disadvantage of symmetric
key algorithms is the requirement of a shared secret key, with
one copy at each end. Since keys are subject to potential
discovery by a cryptographic adversary, they need to be
changed often and kept secure during distribution and in
service. Choosing, distributing, and storing keys without error
and without loss is difficult to reliably achieve. Cryptanalysis of
symmetric key algorithms are easier when compared to that of
asymmetric key algorithms.
ASYMMETRIC KEY CRYPTOGRAPHY
Asymmetric-key cryptography used two separate keys:
one private and one public. If the encryption and decryption are
thought of as locking and unlocking padlocks with keys, then
the padlock with keys, then the padlock that is locked with a
public key can be unlocked only with the corresponding private
key [8]. Public-key cryptography refers to a cryptographic
system requiring two separate keys, one to lock or encrypt the
plaintext, and one to unlock or decrypt the cipher text. Neither
key will do both functions. One of these keys is published or
public and the other is kept private. If the lock/encryption key is
the one published then the system enables private
communication from the public to the unlocking key's owner. If
the unlock/decryption key is the one published then the system
serves as a signature verifier of documents locked by the owner
of the private key. Thus, unlike symmetric key algorithms, a
public key algorithm does not require a secure initial exchange
of one, or more, secret keys between the sender and receiver.
These algorithms work in such a way that, while it is easy for
the intended recipient to generate the public and private keys
and to decrypt the message using the private key, and while it is
easy for the sender to encrypt the message using the public key,
it is extremely difficult for anyone to figure out the private key
based on their knowledge of the public key. The distinguishing
technique used in public key cryptography is the use of
asymmetric key algorithms, where the key used to encrypt a
message is not the same as the key used to decrypt it. Each user
has a pair of cryptographic keys―a public encryption key and a
private decryption key. The publicly available encrypting-key is
widely distributed, while the private decrypting-key is known
only to the recipient. Messages are encrypted with the
recipient's public key and can be decrypted with the
corresponding private key. The keys are related mathematically,
but parameters are chosen so that determining the private key
from the public key is prohibitively expensive [9].
The two main branches of public key cryptography are:
Public key encryption: a message encrypted with a recipient's
public key cannot be decrypted by anyone except a possessor of
the matching private key―presumably, this will be the owner of
that key and the person associated with the public key used.
This is used for confidentiality.
Digital signatures: a message signed with a sender's private
key can be verified by anyone who has access to the sender's
public key, thereby proving that the sender had access to the
private key (and therefore is likely to be the person associated
with the public key used), and the part of the message that has
not been tampered with.
HASH
Hash is the transformation of a string of characters into
a usually shorter fixed-length value or key that represents the
original string. Hashing is used to index and retrieve items in a
database because it is faster to find the item using the shorter
hashed key than to find it using the original value. It is also used
in many encryption algorithms [10].
STEGANOGRAPHY
The word Steganography means covered writing in
contrast with cryptography. Steganography means concealing
the message itself by covering it with something else [11]. The
advantage of Steganography, over cryptography alone, is that
messages do not attract attention to themselves. Plainly visible
encrypted messages-no matter how unbreakable-will arouse
suspicion, and may in them be incriminating in countries where
encryption is illegal. Therefore, whereas cryptography protects
the contents of a message, Steganography can be said to protect
both messages and communicating parties. However, it can also
pose serious problems because it is difficult to detect. Network
surveillance and monitoring systems will not flag messages or
files that contain steganographic data. Therefore, if someone
attempted to steal confidential data, they could conceal it within
another file and send it in an innocent looking email.
CRYPTOGRAPHY VS STEGANOGRAPHY
The purpose of Cryptography and Steganography is to
provide secret communication. However, Steganography is not
www.iaetsd.in
ISBN : 978 - 1505606395
3

the same as cryptography. Cryptography hides the contents of a
secret message from a malicious people, whereas
Steganography even conceals the existence of the message.
Steganography must not be confused with cryptography, where
we transform the message so as to make it meaning obscure to a
malicious people who intercept it. Therefore, the definition of
breaking the system is different. In cryptography, the system is
broken when the attacker can read the secret message. Breaking
a steganographic system need the attacker to detect that
Steganography has been used and he is able to read the
embedded message. In cryptography, the structure of a message
is scrambled to make it meaningless and unintelligible unless
the decryption key is available. It makes no attempt to disguise
or hide the encoded message. Cryptography offers the ability of
transmitting information between persons in a way that prevents
a third party from reading it. Cryptography can also provide
authentication for verifying the identity of someone or
something.It is possible to combine the techniques by
encrypting message using cryptography and then hiding the
encrypted message using Steganography. The resulting stego-
image is transmitted without revealing that secret information is
being exchanged. Furthermore, even if an attacker were to
defeat the steganographic technique and detect the message
from the object, he would still require the cryptographic
decoding key to decipher the encrypted message [12].
VIII. PROGRAM MODULES
 PUBLIC KEY CERTIFICATE VALIDATION
The validation of the certificate is done with the help
of the applet by checking the email id of the user and expiration
date of the certificate. This date is verified with the server date
to check if the certificate is valid. By this we validate the users
public certificate.
 ALADDIN E-TOKEN ACCESS
To access the e-token we use JCE. The following is an
extract of code to access the e-token.
----------------------------------------------------------------------------
String os1=System.getProperty("os.name").toUpperCase();
if(os1.startsWith("WINDOWS"))
{ String configDir="";
if(os1.contains("Windows 9"))
configDir = System.getenv("WinDir");
else
configDir = System.getenv("SystemRoot");
String
etoken_path=configDir+"system32eTPKCS11.dll";
String pkcs11ConfigSettings="";
if(os1.equalsIgnoreCase("WINDOWS XP") ||
os1.equalsIgnoreCase("WINDOWS NT") ||
os1.equalsIgnoreCase("WINDOWS 98") ||
os1.equalsIgnoreCase("WINDOWS 2000") ||
os1.equalsIgnoreCase("WINDOWS ME"))
{
pkcs11ConfigSettings ="name = SmartCardn" + "library =
"+etoken_path;
}
else
{
pkcs11ConfigSettings = "name =
SmartCardn" + "library =
"+etoken_path+"n"+"slot=2";
}
byte[] pkcs11ConfigBytes = pkcs11ConfigSettings.getBytes();
ByteArrayInputStream confStream = new
ByteArrayInputStream(pkcs11ConfigBytes);
sun.security.pkcs11.SUNPKCS11 Class sunPkcs11Class =
Class.forName("sun.security.pkcs11.SunPKCS11");
Constructor pkcs11Constr = sunPkcs11Class.getConstructor(
Java.io.InputStream.class);
pkcs11Provider = (Provider)
pkcs11Constr.newInstance(confStream);
Security.addProvider(pkcs11Provider);
-----------------------------------------------------------------------------
First, we check if the user operating system is
windows; Sun PKCS#11 provider acts as a bridge between the
Java JCA and JCE APIs and the native PKCS#11 cryptographic
API, translating the calls and conventions between the two.
Cryptographic devices such as Smartcards and hardware
accelerators often come with software that includes a PKCS#11
implementation. For SafeNet e-token it is eTPKCS11.dll. We
add this Security provider to access the e-token.
 EXTRACTING PUBLIC KEY FROM CERTIFICATE
(.CRT)
The following is an extract of code to obtain public key
from a .crt file.
-----------------------------------------------------------------------------
InputStream in=new FileInputStream("/Path/to/.crt/files");
CertificateFactory cf=CertificateFactory.getInstance("X.509");
X509Certificate -
cert=(X509Certificate)cf.generateCertificate(in);
PublicKey pk=(PublicKey)cert.getPublicKey();
-----------------------------------------------------------------------------
The variable in contains a reference to a .crt file. A
X.509 certificate instance is obtained in the variable cf and the
certificate is generated with the file stream in. The public key is
extracted from the certificate object cert using the built-in
function getPublicKey() which returns a reference of a
PublicKey object pk.
 EXTRACTING PRIVATE KEY
Extracting Private Key from .p12 file on local file system.
The following is an extract of code to obtain private key from a
.pfx file on local file system.
---------------------------------------------------------------------------
KeyStore pfx = KeyStore.getInstance("pkcs12");
FileInputStream fin=new FileInputStream("path/to/private
key/certificate.p12");
char[] password="user_password".toCharArray();
pfx.load(fin,password);
fin.close();
String alias=”alias name of the .pfx file of interest”;
pfx.getCertificateChain(alias);
KeyStore.PasswordProtection pass=new
KeyStore.PasswordProtection(password);
KeyStore.PrivateKeyEntry pkEntry =
(KeyStore.PrivateKeyEntry) pfx.getEntry(alias, pass);
PrivateKey myPrivateKey = pkEntry.getPrivateKey();
----------------------------------------------------------------------------
www.iaetsd.in
ISBN : 978 - 1505606395
4

Java Cryptographic extension provides a Keystore to
store private keys and certificates. A keyStore object type
pkcs12 is obtained to a variable pfx. The variable fin holds the
reference of the certificate file on the local file system. A
function load() which takes two arguments, a file reference and
the corresponding passcode to the file loads the certificate. The
alias variable holds an alias name of the certificate which helps
identify the certificate in the keystore.
The PasswordProtection object is initialized with the
passcode. Entry to the E-Token is obtained with the built-in
function getEntry() which takes two arguments, the alias and the
password. The function getPrivateKey() returns a reference to
the private key stored in the certificate.
 Loading Aladdin E-token and Extracting private key
from a .p12 certificate.
The following is an extract of code to load the E-Token, and
obtain a private key from a .p12 file.
-----------------------------------------------------------------------------
KeyStore keyStore = KeyStore.getInstance("PKCS11");
String Pass=”passcode_of_e-token”;
keyStore.load(null, Pass); // loads the token.
String alias=”alias name of the .pfx file of interest”;
keyStore.getCertificateChain(alias);
KeyStore.PasswordProtection pass=new
KeyStore.PasswordProtection(password);
KeyStore.PrivateKeyEntry pkEntry =
(KeyStore.PrivateKeyEntry) keyStore.getEntry(alias, pass);
PrivateKey myPrivateKey = pkEntry.getPrivateKey();
-------------------------------------------------------------------------
Here an instance of PKCS11 keystore is obtained since
e-token are categorized under PKCS11 standards. All other
procedures to extract the private key remain the same, as
explained in the above section.
 SIGNING MESSAGES
The following is an extract of code which sign a
message with SHA-512 and RSA.
-----------------------------------------------------------------------------
import Java.security.*;
privateKey =(PrivateKey) keyStore.getKey(alias_dup, null);
Signature instance =
Signature.getInstance("SHA512withRSA");
instance.initSign(privateKey);
instance.update((sign1_extra.text1).getBytes());
byte[] signature = instance.sign();
char[] signature1 = Base64Coder.encode(signature);
sign1_extra.s5=new String(signature1);
String text2=sign1_extra.text1+":"+sign1_extra.s5;
char[] c2=Base64Coder.encode(text2.getBytes());
----------------------------------------------------------------------------
The variable alias_dup is the alias name of the private
key certificate in the e-token. The variable sign1_extra.text1
contains the text which is to be digitally signed. The variable
signature contained the signed data which is encoded using
base64 encoder and stored in signature1. The original text and
the signed data are concatenated and stored in the character
array c2.
 VERIFYING MESSAGES
The following is an extract of code to verify digital
signatures.
-----------------------------------------------------------------------------
import Java.security.*;
Signature
instance1=Signature.getInstance("SHA512withRSA");
instance1.initVerify(publicKey);
instance1.update(sig2_text_split.getBytes());
if(instance1.verify(sig2)){System.out.println("true");
String param=sig2_text_split;
Object[] params = {param};
verify3.browserWindow.call("f1", params);
System.exit(0);}
---------------------------------------------------------------------------
The variable sig2_text_split contains the original text.
The Signature object is initialized with the signature algorithm.
The function call verify(sig2) verifies the digital signature on
the variable sig2.
 ENCRYPTING MESSAGES
Messages are encrypted with RSA algorithm.
-----------------------------------------------------------------------------
Cipher
pkcipher=Cipher.getInstance("RSA/ECB/PKCS1Padding");
pkcipher.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] buffer = plaintext.getBytes("UTF-8");
byte[] encrypted = pkcipher.doFinal(buffer);
byte[] encoded = Base64Coder.encode(encrypted);
-----------------------------------------------------------------------------
The above code illustrates encrypting and encoding
plain text messages. A pkcipher is initialized with RSA in ECB
mode. The plaintext message is converted to a byte
representation of the String. The function doFinal() takes one
argument, buffer and encrypts the data in the buffer returning an
array of encrypted bytes. The encrypted bytes are encoded to
base64 format to enable the database to store the encrypted data.
 DECRYPTING MESSAGES
Messages are encrypted with RSA algorithm.
-----------------------------------------------------------------------------
Cipher
pkcipher=Cipher.getInstance("RSA/ECB/PKCS1Padding");
pkcipher.init(Cipher.DECRYPT_MODE, privateKey);
byte[] bts = Base64Coder.decode(encrypted.toCharArray());
byte[] text = pkcipher.doFinal(bts);
-----------------------------------------------------------------------------
The above code decrypts an encrypted data. First the
encoded data is decoded with a base64 coder. The decoded text
is decrypted by the pkcipher initialized with the RSA algorithm
in decrypt mode. The function doFinal() returns decrypted bits.
SIGNING AND ENCRYPTING MESSAGES
The message is first digitally signed with the private
key of the sender. This signature is encrypted with the public
key of the receiver. This double encryption satisfies all
properties of PAIN.
DECRYPTING AND VERIFYING MESSAGES
This operation takes place at the receiving end.
Messages which are signed and encrypted are fed to this
operation. The secure message is first decrypted with the private
key of the receiver and the signature on the data is verified with
the public key of the sender.
IX. OUTPUTS
www.iaetsd.in
ISBN : 978 - 1505606395
5

a. PKI MESSAGE HOME PAGE
b. NEW USER REGISTRATION
c. COMPOSING A TEXT MESSAGE
d. DIGITALLY SIGNING A TEXT MESSAGE
e. SELECTING A PRIVATEKEY CERTIFICATE
FROM THE KEYSTORE OF E-TOKEN
X. CONCLUSION
There is an increasing need for secure system with increase in
cyber fraud and crimes. With advancement in technology,
internet is now an alternative workspace for cloud users and
users of online project management services. Users of such
services work on data of private nature, which may be
detrimental to them if there happened to be a change in the
integrity of these data. PKI is an emerging technology based on
Asymmetric cryptography which proposes certain practices
which ensure information or data security.PKI Message service
is based on PKI and provides information security to user
messages through Privacy, Integrity, Authentication of end
users and Non-Repudiation services. PKI Message Service
ensure security of data over insure networks. PKI Message
Services’ dependence on certificates issued by CA makes it
more a reliable service. PKI Message Service proves to be
useful in the Online Banking, Online Purchasing and other areas
where security happens to be a critical concern. PKI Message
can also be embedded into social networking sites to provide a
higher level of security
XI. ACKNOWLEDGMENT
This work is to enable more security for Complex business
systems, e-Commerce and automated business transactions
who uses internet service.
XII. REFERENCES
[1].http://www.dartmouth.edu/~deploypki/overview.html
[2].http://www.dartmouth.edu/~deploypki/application.html
[3].http://www.blogs.technet.com/b/indust2006/06/438895.aspx
[4].http://www.2.dir.texas.gov/pubs/srrpubs13-providers.aspx
[5].http://www.en.wikipedia.org/wiki/certificate_authority
[8].http://www.en.wikipedia.org/wiki/Public-key_cryptography
[9].http://www.it.toolbox.com/wik/Asymmetric_key_encryption
[10].http://www.en.wikipedia.org/wiki/Cryptographic_function
[11].http://www.en.wikipedia.org/wiki/steganography
[12].http://www.vspages.com/Cryptography-vs-Steganography4
[13].http://www.technet.microsoft.com/cc77982(v=ws.10).aspx
[14].http://www.cca.gov.in/
[15].http://www.redbooks.ibm.com/redbooks/pdfs/s924978.pdf
www.iaetsd.in
ISBN : 978 - 1505606395
6

Iaetsd secure emails an integrity assured email

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (7)

Similar to Iaetsd secure emails an integrity assured email

Similar to Iaetsd secure emails an integrity assured email (20)

More from Iaetsd Iaetsd

More from Iaetsd Iaetsd (20)

Recently uploaded

Recently uploaded (20)

Iaetsd secure emails an integrity assured email