Chapter 12. PKCS and SMIME in J2EE

Chapter 12. PKCS and S/MIME in J2EE

Public-Key cryptography is seeing wide application and acceptance in e-business applications. One thing is increasingly clear: If public-key cryptography is to be effective in e-business, standards must be interoperable. Even though vendors may agree on the basic public-key algorithms and protocols, compatibility between implementations is not guaranteed . Interoperability requires strict adherence to an agreed-on standard format for transferred data. The Public-Key Cryptography Standards provide such a basis for interoperability.

These PKCS standards include both algorithm-specific and algorithm-independent implementation standards. Two of the many algorithms supported are Rivest-Shamir-Adleman (see Section 10.3.1.1 on page 360) and Diffie-Hellman key exchange (see Section 10.3.1.2 on page 362). However, only RSA and DH are specifically detailed. The PKCS standards also define an algorithm-independent syntax for digital signatures, digital envelopes ”for encryption ”and extended certificates. This enables someone implementing any cryptographic algorithm whatsoever to conform to a standard syntax and thus achieve interoperability.

This chapter addresses the most widely used PKCS standards, which consist of a number of components : PKCS#1, PKCS#5, PKCS#7, PKCS#8, PKCS#9, PKCS#10, and PKCS#12. The PKCS standards are specifications produced by RSA Laboratories in cooperation with secure-system developers worldwide for the purpose of accelerating the deployment of public-key cryptography.

The Multipurpose Internet Mail Extensions provide an extensible standard to send messages and data across the Internet. MIME messages, however, lack most security guarantees , which would be essential to flow confidential data across the unsecured pathways of the Internet. The Secure/Multipurpose Internet Mail Extensions specifications remedy this by building on the PKCS#7 standard to provide signing and encryption to MIME-based messages. The S/MIME specification also provides support for certification request objects conforming to the PKCS#10 standard. In the Java world, S/MIME uses the Java implementations of PKCS#7 and PKCS#10.

The S/MIME specification was designed to be easily integrated into e-mail and messaging products, such as Lotus Notes. In this chapter, we examine how S/MIME builds security on top of the industry-standard MIME protocol, using equally important industry standards for cryptography: the PKCS. The industry has embraced PKCS and S/MIME as the standard techniques through which these types of security objects can be created, packaged, and delivered. Many Java implementations of these standards have emerged and are widely used in today's electronic transactions. The adoption of PKCS and S/MIME has come at a cost, though, as the interoperability of S/MIME was slow in coming, owing to incomplete specifications.