Trusting Your E-mail with Java Security

By Theodore J. Shrader
2003-12-04


Security requirements
You've received a message, purportedly from Ben, but you can't be sure. You need to authenticate the sender of the message, but you also need to verify the integrity of the message, ensuring the original content remains intact and unaltered from its point of origin. In other words, you need to verify that Ben sent the original message and that the message you received is the same as the one Ben sent.

The two requirements of authentication and integrity have great benefit, but alone, they would allow anyone snooping on the wire to view the contents of the message, even if they couldn't change it. The contents of public messages need not be enshrouded, but private messages must be protected from unintended recipients. Our third security requirement, confidentiality, protects the contents of confidential messages from all eyes except those of the intended recipient. Lastly, we also need to provide a standard way in which senders and receivers can publicize information about themselves and trust information from others. A standard publication mechanism plays a key role in allowing the other requirements to work to their full potential.

In summary, our list of security requirements is:

• Authentication
• Integrity
• Confidentiality
• Publication

With these security requirements identified, we will examine possible actions that users and developers could try to fulfill their e-business security needs. Unfortunately, these possible actions each contain critical deficiencies and thus, fail to meet our security requirements. With the lessons learned from these failing scenarios, we will explore not only the promise but also the availability of public key technologies to provide these security requirements. We give particular emphasis to the use of public keys in the Java platform and to one of the most fundamental security operations -- signing and verifying data.

Tutorial Pages:
» Java technologies give you a complete and secure solution
» Security requirements
» Failing scenarios
» Building closed systems
» Using a secret key
» Opening the message
» Public and private keys
» Signing a message
» Signing messages with Java technologies
» Using PKCS and S/MIME
» Encrypting messages
» Conclusion


First published by IBM DeveloperWorks

Related Tutorials: » All about JAXP, Part 1 » Make Database Queries Without the Database » Load List Values for Improved Efficiency » 2 Ways To Implement Session Tracking » A Simple Way to Read an XML File in Java » Develop Aspect-Oriented Java Applications with Eclipse and AJDT

Tutorials AJAX ASP CGI & Perl CSS Flash HTML Illustrator Java JavaScript Linux MySQL PHP Photoshop Python Wireless XML Miscellaneous Scripts AJAX ASP ASP.NET CGI & Perl Flash Java JavaScript PHP Python Remotely Hosted Tools & Utilities XML Web Hosting Articles ASP.NET Budget Dedicated Servers Ecommerce Linux Resellers Shared Small Business Windows Developer Manuals Learn HTML Learn PHP Learn CSS Learn AJAX Learn JavaScript Learn Pear White Papers Resources Developer Tools Developer Content