E-mail, S/MIME, Digital Signatures & Encryption - HELP!

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
My company was recently awarded a project to develop software for a
customer. The software is required to digitally sign and encrypt
documents before transmitting them via SMTP to the recipient. The
customer has specifically stated that S/MIME v2 must be used and the
platform is UNIX/Linux.

My knowledge of internet security is minimal, at best. I started
exploring the web for information and I have read some FAQs & white
papers at RSA's and OpenSSL's websites. I also searched for open source
APIs/libraries/toolkits that will allow me to wrap documents using
S/MIME, while also digitally signing and encrypting them. I found
S/MIME implemented in Mozilla as well as OpenSSL. Apart from that, I
also found toolkits called CryptLib & AICrypto, which claim to do what
I am looking for. However, the poor quality of documentation combined
with my relative ignorance are making it very difficult for me to make
any headway.

I was wondering if somebody could explain the following concepts or at
least point me to sources of information, that are easy to digest.

- Digital signatures
- Encryption

So far, I have understood that Digital ignatures allow the recipient to
verify that the mail was not tampered with and that the sender of the
email is really who he/she claims to be. Also, I understood that
encryption will prevent unintended recipients from reading the contents
of the email.

My questions are these:
- Where do the concepts of RSA's public/private keys come into the
picture? Is it part of Encryption? Or Digital Signatures? Or both?
- Is it possible (or does it make sense) to encrypt as well as
digitally sign a document before sending it via e-mail?
- If the answer to the above question is 'Yes', do we have to do the
above operations in a certain order/sequence, viz. encryption before
digital signatures or vice versa?
- Are there places on the internet where I can see some sample source
code that implements some or all of these operations, so that I can get
a better idea of how its typically done?
- Does S/MIME include the concepts of encryption and digital
signatures? Or, are they all separate tools that can be used to protect

I thank you profusely in advance for all tips/pointers/help that you
can provide.


Re: E-mail, S/MIME, Digital Signatures & Encryption - HELP!

Les Ismore wrote:

Quoted text here. Click to load it

You seem a bit unprepared for work you seem to have accepted -
and perhaps even looked for.  (And I wonder what your customer
is up to.)

Quoted text here. Click to load it

The O'Reilly (www.ora.com) book on Pretty Good Privacy is a
good introduction to the principles.

There are lots of niggling implementation details that make
all the difference when it comes to security - just because
you get working crypto doesn't mean the product is secure
and useful.

Quoted text here. Click to load it

Well, maybe.  Safe handling of keys - and knowing which key belongs
to which person/organisation is all part of the work.

Quoted text here. Click to load it

http://www.imc.org/ietf-smime /

Elvis Notargiacomo  master AT barefaced DOT cheek
http://www.notatla.org.uk/goen /
    Elections must be close.  Simon Hughes MP (LibDem) (well, an assistant)
    has replied to my letter from 9 months ago.

Re: E-mail, S/MIME, Digital Signatures & Encryption - HELP!

["Followup-To:" header set to comp.security.unix.]
Quoted text here. Click to load it

You scare me.

You could try and read on, for example, here:

  http://www.cs.auckland.ac.nz/~pgut001 /

You're in for a couple of years worth of background and learning from
other people's misteaks. Or you could hire someone who actually knows
what (s)he is talking about. To do it right you probably should.

Mind that lots of components are available, even for free, on the 'net
already. Cobbling them together the right way is a different matter.

  j p d (at) d s b (dot) t u d e l f t (dot) n l .
  And mind that I am neither prepared nor qualified to
  properly negotiate this particular minefield.

Re: E-mail, S/MIME, Digital Signatures & Encryption - HELP!

On Thu, 03 Feb 2005 14:15:39 -0800, Les Ismore wrote:

Quoted text here. Click to load it

So how come you got the business?

Re: E-mail, S/MIME, Digital Signatures & Encryption - HELP!

On Wed, 27 Apr 2005 18:34:25 +0100, Nigel Horne wrote:

Quoted text here. Click to load it


Site Timeline