According to the security level 2 the files are sent confidentially to authenticated users. In our implementation of Hélène, this implies different steps:
- Authorized users are registered. They receive a digital certificate signed from the Hélène Server, which acts as certification authority, including a private key. A public key corresponding to the authorized user is also stored on the server.
- Users are authenticated. When a user sends a request to the Document Server via the web Interface, the server checks the password and verifies that the login of the user corresponds to a registered certificate.
- Files are encrypted before to be sent. The Hélène server uses asymmetric encryption, based on a pair of keys (public and private). The encryption is performed using the public key of the authenticated user. The encrypted document is provided to the user.
- The authenticated user opens the document, which needs the digital certificate, including the private key. A password is also necessary to use this certificate.
E-mailing constitute a simple and robust method for delivering electronic data to targeted users. This is the reason why S/MIME [4] has been chosen to implement the whole process (S/MIME is a normalised extension of MIME), using openSSL [5], an open source toolkit which offers most of the existing cryptographic methods:
- public/private key generation, encryption, decryption, signature, ...
- X.509 certificate management,
- experimental SSL/TLS,
- S/MIME,
- digest generation (MD5, SHA-1, ...,
- S/MIME e-mail generation and verification, ...
The e-mail generated by openSSL can be decrypted, verified and parsed by
the most widely used software, like Microsoft Outlook, Netscape, Mozilla Mail, ...