1. Building an easy to use application for
public-key cryptosystem using OpenSSL
library
Guided by:
Dr.N. P. Dhavale Shivashish Kumar
IIT(BHU),Varanasi
2. Aims at developing a user friendly application so that
user can securely transmit data or information with
limited knowledge about cryptographic algorithms
This application will let them use cryptographic
functions in a easy way through interface.
Application reduces the effort of executing commands
one after another enabling user to view, control, and
manipulate multiple things simultaneously.
3. .Functionality
• Generation of key pair and associated certificates including self-
signed root certificate
• Signature and verification of signature
• Encryption and decryption
• Combination of signature and encryption
Platform
• Java using swing and awt packages
• OpenSSL crypto libraries
• Support for FIPS 140 label 2 complying crypto tokens
4. A click on any of these buttons will produce the
desired output
8. Sign & Encrypt
Click on Sign & Encrypt button.
Another Frame will open up where user will provide
the required instruction.
Sign will be generated by executing the provided inputs.
Further inputs will be asked in another frame for
encryption like receiver’s certificate and passphrase
Actual text file will then be encrypted using selected
/default algorithm
All these required documents will now be zipped in
a single file created at the desktop
9. Generate certificate button
Click on Generate certificate button
An option frame will open up to select for one
of the provided option.
For certificate request, click on first button.
Another frame will open up asking user to
with the instructions like validity and certificate
name
After the instruction are provided,
Certificate will be generated in .pem format
10. To generate self signed root CA account, user will need to click to
second button.
Firstly ,Root CA account have to be configured
in the system by clicking on configure button.
Root certificate name and validity period have to
be provided to generate the certificate.
To sign a certificate using root account, third option will be
selected were CA admin will have to input its
signing certificate as well as the passphrase
11. The application will ensures security of the
keys by supporting crypto token reducing
considerably the chances of any of its
misuse.
Facilitates the user to continue with the
default ciphers and hashing algorithms or
provide it themselves to ensure further
security
An embedded Log File for complete
record of files with performed operation.
Encourage the use of passphrase while
generating keys/certificate.
12. Current software
uses High end server
and oracle database
requiring a huge
amount of money.
Similar performance
of task can be done
in a much reduced
cost through this
application
Can be used to
provide assistance to
banks to let them
enable PKI in their
application
13. Complete reliance of the application with
crypto tokens.
Attached Help Directory for the
application to provide detailed assistance.
Deployment of the application over
IDRBT intranet.
14. Installation of OX App Suite over Red Hat server
system for IDRBT Intranet
• OX App Suite let user control all their digital activities from a single
platform including managing appointments, viewing and storing
attachments
15. Governing Council
Instructions for the
testing of the
application
Deployment of this
application over
Intranet will ensure
security of the user
content and better
management.
16. OX App Suite is
supported only on Linux
Servers, so a Red Hat
enterprise operating
system is installed over
Windows OS using
Virtual box.
Open Xchange database
is initialized and a
connection is established
between the local server
and the database
Apache webserver files
are configured properly to
access the groupware
frontend.
After the whole setup is
complete ,a context user and
default user account is
created and various
functionality of the
application is tested
Open Xchange Application is running over the Intranet
and can be accessed at IP 172.16.0.22.
17. Roadmap ahead is to setup the application over
Private Cloud for better management of accounts
with effective performance and maximum
coverage.
Good Afternoon.I will start with the introduction of my project that is Building an application for public key cryptosystem using openSSL library. well let me explain a few terms I have mentioned here.public key cryptography refers to a cryptographic system which rely on 2separate keys,private and public wich are mathemalically linked.this process of using public key crypotgaphy is public key cryptosystem.openSSl is an open source library devloped in C which implements various cryptographic function and algorithm. basic aim is to develop a user friendly app to let user transmit data or information securely with limited knowledge about crytographic algo .
OpenSSl being a command line based tool is difficult to use and requires sequential instruction to be provided manually through DOS. This application will make the use of openSSL function easy through interface
Application also reduce the effort of executing command one after the another enabling user to view,control,manipulate multiple things simuntaneously.
Multiple functionality in one application
No security concern from the company.,.its own application
Openssl library usage
the basic functionality of the application includes:
Generation of key pair using RSA algorithms and associated certificates including self-signed root certificates.
Signature and verification of signature
Encryption and decryption
Combination of signature and encryption
As we can see,in its homepage,application has nine buttons for performing various function.user can click on any of these to get the desired output.
application has been devloped in java using swing and awt packages using openSSL crypto libraries.application has an in- built support for FIPS 140 label 2 crypto token
(which are physical devices to ease authentication for authenticated user)
Now , I will like to discuss each of these button in brief:
Generate Key: This button generates private, public or key-pair with specific number of bits and secure it with passphrase if provided
Generate Certificate: It provide option to either generate a certificate request,create a self signed root certificate or to sign a certificate using root certificate.In easch of these options,user have to provide some specific inputs.
Export PKCS#12 Certificate: It exports a certificate in .pfx format so as to be import it to the browser or other platforms for its further usage
Generate Digest: This button lets user cerate a digest for a given file using default algorithm or by selecting it from dropdown menu,and also let them sign data or verify Encrypt/Decrypt: It will encrypts the selected file using cipher through passphrase and similarly can decrypt a file. It provides user with the option of base 64 encoding
the second set of button presented here emphasises on the two major functions of public key cryptography i.e.
Public key encryption where a message is encrypted using recepient’s public key and digital signature in which a message is signed with the sender’s private key and can be verified with anyone having public key of sender
Generate Signature: This option allow user to generate their digital signature for a message using signing certificate
Sign & Encrypt: This button will create a compressed file containing encrypted form of the message along with the user’s signature, its certificate as well as the passphrase encrypted using cipher
Verify Signature: It will verifies the signature of the sender with the actual message sent by extracting public key of the sender from the certificate
Decrypt & Verify: This button outputs the actual message received by decrypting the passphrase first using their private key and using it further to decrypt the message and verify the signature as well to ensure its authenticity
Each of these buttons operates in a different way but due to the constraints,I will be able to discuss working of one of the button ,say sign & encrypt
From the home page,user will click on sign &encrypt button
It will open up another frame asking user to provide the input file and signing certificate. user can also select hashing algorithm for signing .Selection of files will be done using jfilechooser Application will generate the signature for the message file by executing the command followed by another frame for encryption.
User will now have to provide the passphrase file as well as receiver’s certificate
public key will be extracted from in there to encrypt the passphrase which encrypts the actual messaage file using cipherfinally,Application will compress all these required files into a single zip files created at the desktop.
Step 2: (selection of file will be done using JFileChooser)
Step 5: Public key extracted from receiver’s certificate
Step 5:using passphrase and the passphrase will also be
encrypted using public key
Apart from the basic functionality of the application,I will like to highlight some of the features of the application further,foremost being its ability to support crypto token which will ennsre security of the keys and certificate reducing considerably the chances of its misuse
As we have seen,It facilitates the usert o continue with the default cipher and hashing algorithms or can edit it accordingly to ensure further security
Application have an embeede log file attached within to have complete record of the file path with the operations performed in it and resulting output
Also,application wil encourage the use of passphrase while generation of keys/certificates
Well,I still have some time left and some tasks are still incomplete.Complete reliance of the application with crypto token need to be done i.e their usage should be prioritised.We have already requested for the sdk from watchdata for this. Also an attached help directory need to be attached with the application for user’s assistance
Apart from this,I have parallely worked on ANOTHER PROJECT WHICH I WILL LIKE TO PRESENT .ITS THE INSTALLATION OF ox APP Suite over the intranet.OX App Suite is central management system in which users can access email, contacts, calendar or address book without flipping back and fourth between applications.
Thus,Application will have tremendous effect on the day to day working of employees helping them to store attachments ,maintain appointment digitally
Though,this application can run over OX cloud but its deployment over intranet will ensure security of the data as everything will be within the premises and better management
Well,I have tried to summarize the installation and result part of this project,,,,as OX App suite is supported only on linux based server,so red hat OS is installed over windows server using virtual box
Open xchange Database is created and initialised and a connection is established beetween the local server and the database.further,apache webserver files were configured in a proper manner using scripts to access the groupwarre frontend .Lastly a context user and end user accounts were created to check out for the working functionaliies .
We have OX app suite application running over Intranet now at 172.6.0.22.the application need to be moved to private IDRBT cloud for its effective performance and maximum coverage…Thanks