[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Using RSA with SFL v1.7???


1.)  Yes, all you have to do is define SM_FREE3_RSA_INCLUDED and re-build
the entire free3 CTIL component.  It was disabled in v1.7 due to patent
restrictions.  The newer v1.8 has this definition on by default.  The v1.8
version also uses Crypto++ v3.2.

2.)  The reference to the keys has to do with the proprietary (sort of
pkcs-8 password protected) private key protection.  I could not find a way
to incorporate the same private key in both the BSafe CTIL and the Free3
CTIL.  The easiest way to use a private key, compatible with MS
Outlook/Express would be to get the smimeR1.8 version; it will read PKCS12
files directly in the Free3 CTIL (an example is provided).

3.)  There are no new files produced by the library; the RSA logic is
already part of the Free3 sources.

4.)  The autoHi project main program does not link to the Free3 CTIL (it is
possible to link directly to a single CTIL, see autoAlg project).  The
autoHi main dynamically loads the sm_free3DLL.dll file, accesses a global
function to produce a class, and uses the library through the virtual
methods of the class CSM_TokenInterface.  The config file defines the
certificate and private keys necessary to build a successful login (e.g.
./smimeR1.8/test/LoginsAlld.cfg).  The only example that can work with MS
Outlook would look like:

BuildArgs=sm_Free3DLL  ./certs/DaisyRsaExts.out
./certs/private.d/DaisyRsaF3X_8.dat ElmoRocks sm_Free3DLL

5.)  As to a brief demonstration in class, good luck with brief.  This
library is much too low a level for the full client interface you need to
interoperate with MS Outlook Express.  Our library only produces the ASN.1
encoded components used in MIME messages, we do not actuall wrap the results
for e-mail MIME messages (that is up to the application).  We have some
utilities to wrap/unwrap e-mail; we also have some utilitites to produce
private key/certificate pairs for testing, but they are all very restricted,
undocumented and scattered in different utility programs.  You must also be
careful about the data loaded into both the certificates and the message for
MS Outlook to understand, it is very picky about the certificate DNs.  You
seek more of an e-mail client; this library is intended only to provide the
low-level security processing.

As to a demonstration, the easiest way to use our library to interact with
MS Outlook/Express would be to 
	1.) obtain a certificate (e.g. from Verisign) in MS Outlook/Express,

	2.) create a message to a user, SIGNED (an option on the compose
	3.) send the message, or save as draft
	4.) save the message to disk in ASCII (this result should be in MIME
format, if not you will have to find a way to send the message to someone
that can save it for you in MIME format; our MS Outlook client cannot save a
message in MIME format due to the MS Exchange processing, your local e-mail
server may do the same).
	5.) process the MIME message using "report_tool".

The "report_tool" is a separate utility (not delivered, but I can send it to
you for smimeR1.8) that can read a MIME message (if the MIME_INCLUDED define
is set).  The autoHi test program can read MIME, but you will have to create
configuration files as well as obtain the MIME++ library.  You will need to
use the MIME++ 1.1 library (I can send this as well).  These utilities are
not delivered in the release due to the licensing restrictions on MIME++
(and I am a bit out-of-date with the newest release of MIME++).

If you wish to create a MIME message to be processed by MS Outlook/Express,
this will be much more difficult using our utilities.

Bob Colestock

-----Original Message-----
From: Amelia Estwick [mailto:aestwick@xxxxxxx]
Sent: Thursday, December 07, 2000 10:33 AM
To: imc-sfl@xxxxxxx
Cc: John Pawling
Subject: Using RSA with SFL v1.7???

Hello All,

I am using the SFL package v1.7 (SNACC v1.3R2 & Crypto++ v3.1 with MSVC 6 on
Win98 OS) for a class project and I am trying to use RSA without BSAFE.  I 
read in the archive that the "sm_free3 CTIL will do the RSA sign/verify & 
encrypt/decrypt operations if I enable these features in the sm_free3 CTIL 
build through the define SM_FREE3_RSA_INCLUDED".  My questions:

Is just defining the RSA (through sm_free3 in the Crypto++) enough or do I 
have to do something else?  I know I read something about the building of
in sm_free3???

What new files and/or dll's should be created once the RSA is enabled in the

sm_free3 project? (I defined the RSA in the sm_free3.h file (compiled and 
debugged), I build the sm_free3dll in the smime project... using the auto_hi

files as main project... is this procedure correct???)

If I just wanted to show a brief demonstration in class, how can I link all
this together (SFL, RSA with Crypto++...lolevel & hilevel) with Microsoft 
Outlook to produce s/mime messages (Again, for demonstration purposes only)?

I apologize for the elementary questions.....very new to all of this!!!!

All comments are appreciated.

Thank you,