|
|
|
|
|
Posted by Les Ismore on February 3, 2005, 2:15 pm
If you were Registered and logged in, you could reply and use other advanced thread options
My company was recently awarded a project to develop software for a
customer. The software is required to digitally sign and encrypt
documents before transmitting them via SMTP to the recipient. The
customer has specifically stated that S/MIME v2 must be used and the
platform is UNIX/Linux.
My knowledge of internet security is minimal, at best. I started
exploring the web for information and I have read some FAQs & white
papers at RSA's and OpenSSL's websites. I also searched for open source
APIs/libraries/toolkits that will allow me to wrap documents using
S/MIME, while also digitally signing and encrypting them. I found
S/MIME implemented in Mozilla as well as OpenSSL. Apart from that, I
also found toolkits called CryptLib & AICrypto, which claim to do what
I am looking for. However, the poor quality of documentation combined
with my relative ignorance are making it very difficult for me to make
any headway.
I was wondering if somebody could explain the following concepts or at
least point me to sources of information, that are easy to digest.
- S/MIME
- Digital signatures
- Encryption
So far, I have understood that Digital ignatures allow the recipient to
verify that the mail was not tampered with and that the sender of the
email is really who he/she claims to be. Also, I understood that
encryption will prevent unintended recipients from reading the contents
of the email.
My questions are these:
- Where do the concepts of RSA's public/private keys come into the
picture? Is it part of Encryption? Or Digital Signatures? Or both?
- Is it possible (or does it make sense) to encrypt as well as
digitally sign a document before sending it via e-mail?
- If the answer to the above question is 'Yes', do we have to do the
above operations in a certain order/sequence, viz. encryption before
digital signatures or vice versa?
- Are there places on the internet where I can see some sample source
code that implements some or all of these operations, so that I can get
a better idea of how its typically done?
- Does S/MIME include the concepts of encryption and digital
signatures? Or, are they all separate tools that can be used to protect
emails?
I thank you profusely in advance for all tips/pointers/help that you
can provide.
-Les
|
|
Posted by all mail refused on February 3, 2005, 10:48 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Les Ismore wrote:
>My company was recently awarded a project to develop software for a
>customer. The software is required to digitally sign and encrypt
>documents ... stated that S/MIME v2 must
You seem a bit unprepared for work you seem to have accepted -
and perhaps even looked for. (And I wonder what your customer
is up to.)
>- S/MIME
>- Digital signatures
>- Encryption
The O'Reilly (www.ora.com) book on Pretty Good Privacy is a
good introduction to the principles.
There are lots of niggling implementation details that make
all the difference when it comes to security - just because
you get working crypto doesn't mean the product is secure
and useful.
> ... encryption will prevent unintended recipients from reading ...
Well, maybe. Safe handling of keys - and knowing which key belongs
to which person/organisation is all part of the work.
>- Does S/MIME include the concepts of encryption and digital
>signatures? Or, are they all separate tools that can be used to protect
>emails?
http://www.imc.org/ietf-smime/
--
Elvis Notargiacomo master AT barefaced DOT cheek
http://www.notatla.org.uk/goen/
Elections must be close. Simon Hughes MP (LibDem) (well, an assistant)
has replied to my letter from 9 months ago.
|
|
Posted by jpd on February 5, 2005, 12:45 am
If you were Registered and logged in, you could reply and use other advanced thread options
> My company was recently awarded a project to develop software for a
> customer. The software is required to digitally sign and encrypt
> documents before transmitting them via SMTP to the recipient. The
> customer has specifically stated that S/MIME v2 must be used and the
> platform is UNIX/Linux.
>
> My knowledge of internet security is minimal, at best.
You scare me.
You could try and read on, for example, here:
http://www.cs.auckland.ac.nz/~pgut001/
You're in for a couple of years worth of background and learning from
other people's misteaks. Or you could hire someone who actually knows
what (s)he is talking about. To do it right you probably should.
Mind that lots of components are available, even for free, on the 'net
already. Cobbling them together the right way is a different matter.
--
j p d (at) d s b (dot) t u d e l f t (dot) n l .
And mind that I am neither prepared nor qualified to
properly negotiate this particular minefield.
|
|
Posted by Nigel Horne on April 27, 2005, 6:34 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> My company was recently awarded a project to develop software for a
> customer. The software is required to digitally sign and encrypt
> documents before transmitting them via SMTP to the recipient. The
> customer has specifically stated that S/MIME v2 must be used and the
> platform is UNIX/Linux.
>
> My knowledge of internet security is minimal, at best.
So how come you got the business?
|
| Similar Threads | Posted | | Discussion Regarding Digital Signatures | August 1, 2007, 1:12 pm |
| Need digital signatures for signing documents sent to clients | August 12, 2004, 3:26 am |
| Re: Need digital signatures for signing documents sent to clients | August 13, 2004, 5:15 am |
| Security Flaw with Digital signatures in Microsoft Outlook | February 17, 2005, 9:09 pm |
| Email Encryption | September 17, 2005, 12:20 am |
| New email encryption website | October 9, 2008, 2:20 am |
| User Friendly email Encryption | April 4, 2006, 8:49 am |
| multiple signatures in an xml file | April 24, 2006, 1:34 pm |
| X.509 Digital Certificates | March 7, 2005, 8:56 pm |
| Digital Machine Certificate - Win XP Pro SP1 | May 12, 2004, 1:43 pm |
|
|
|
XML site map