Sunday, October 18, 2009

Secure/Multipurpose Internet Mail Extensions (S/MIME)
















































Secure/Multipurpose Internet Mail Extensions (S/MIME)


S/MIME, or the Secure/Multipurpose Internet Mail
Extensions, defines a method of sending MIME data securely. If you have
ever received an e-mail that indicated it was signed or encrypted,
chances are it was an S/MIME message you were looking at.


Like other Internet standards, S/MIME is defined using
an RFC, in this case RFC 3851, that describes S/MIME version 3.1. There
are additional standards based on S/MIME, which define variants such as
AS2, which are used for business-to-business electronic commerce.


In the Bouncy Castle APIs there are two packages devoted to S/MIME: org.bouncycastle.smime,
which contains the high-level classes that handle creation and
processing of MIME messages involving encryption, signing, and
compression, and org.bouncycastle.asn1.smime, which is a
collection of low-level classes that provide Java object equivalents
for the ASN.1 structures defined in the S/MIME ASN.1 module. As S/MIME
is a combination of MIME objects and the structures used in CMS, using
S/MIME also involves using the JavaMail API, and you will also find
some of the classes in the Bouncy Castle CMS API talked about earlier
in this chapter will be useful from time to time.


I've written this section of the chapter in a manner
that does not assume you are already familiar with the JavaMail API—the
examples will tell you the minimum you need to know. I would recommend,
however, that you take some time to read the documentation accompanying
the JavaMail API if you want to take full advantage of S/MIME.


Before I start on the particulars of the API for the
three content types, I'll just start with two of the general classes
that make up the API so I can refer to them later. They are CMSProcessableBodyPart and SMIMEUtil.




The CMSProcessableBodyPart Class



The org.bouncycastle.mail.smime.CMSProcessableBodyPart class is a general implementation of CMSProcessable that just uses the Part.writeTo() method to output the data to the stream passed in to the CMSProcessable.write()
method. It is used by the classes involved with processing enveloped
and compressed mime messages to feed the bytes making up the MIME
message into the appropriate classes in the CMS API. Usually you will
not need to use this class directly, but it is worth being aware of its
existence.





The SMIMEUtil Class


The org.bouncycastle.mail.smime.SMIMEUtil class provides a couple of utility methods that are of general use when working with S/MIME messages. The two methods are toMimeBodyPart() and createIssuerAndSerialNumberFor().




SMIMEUtil.to MimeBodyPart()


The toMimeBodyPart() method takes a byte array and returns a MimeBodyPart created from the byte array. You can use this method for recovering a MimeBodyPart from the bytes you extract from the two classes representing compressed and enveloped S/MIME message—SMIMECompressed and SMIMEEnveloped.





SMIMEUtil.create IssuerAndSerialNumberFor()


The createIssuerAndSerialNumberFor() method returns an IssuerAndSerialNumber object for the X509Certificate object passed to it as a parameter. The IssuerAndSerialNumber class is in the org.bouncycastle.asn1.cms package and represents the Java equivalent to the IssuerAndSerialNumber
structure in the CMS ASN.1 definitions you saw earlier in the chapter.
You will mainly find this useful for creating the encryption key
preference attribute, which is one of the attributes you can attach to
a S/MIME signed message. You'll look at how to do this in the next section.









































Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)