Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Java Development

Reply
Developer
Posts: 155
Registered: ‎02-18-2009
My Device: Not Specified

BIS compatible open source S/MIME email encryption for BlackBerry

This might be interesting for security conscious BlackBerry users.

 

We have just released our open source BlackBerry application which automatically encrypts all email sent to and from a BlackBerry smartphone with S/MIME. Djigzo for BlackBerry is BIS compatible.

 

Djigzo for BlackBerry is an add-on to the built-in BlackBerry mail application and should be used in combination with the Djigzo open source email encryption gateway. The most difficult part of email encryption is key management. Djigzo for BlackBerry therefore relies on the Djigzo gateway for most certificate management functions.

 

Some of the features:

 

* S/MIME encryption and digital signing using X.509 certificates.

* All email is protected with an encrypted S/MIME tunnel.

* Compatible with BIS.

* Compatible with existing S/MIME clients (like Outlook and Lotus Notes).

* Message body and attachments are encrypted. HTML email supported.

* Uses BlackBerry encryption functionality (3DES, AES, X.509, S/MIME).

* Compatible with the BlackBerry smart card reader.

* Messages are stored on the BlackBerry smartphone in encrypted form.

 

 

Djigzo binaries and source can be downloaded freely from our website. For more information see www.djigzo.com.

 

--
Djigzo open source email encryption

Contributor
Posts: 15
Registered: ‎03-30-2010
My Device: Curve 8520
My Carrier: Vodacom

RE: BIS compatible open source S/MIME email encryption for BlackBerry

Hi Martyijnbrinkers,

 

Firstly, well done, and thanks for contributing to the open source community. It's nice to see a growth in open-source mobile apps.

 

Seems we've been working on similar projects - although mine was commissioned by a client - but my negotiations to release it open-source seem promising.

 

My application allows the user, when editing an email, to encrypt or decrypt the data using a password that is turned into a key (AES/SHA256/Base64). I'm wondering if you can offer me some advice. There are 2 issues I'd like advice on.

 

KEYSTORE:

 

My client asked me if I can add "save password" functionality. Sounds like a security loophole opportunity of note. What do you think is the best way to do this. At the moment I'm attempting to use my Code Signing Key (via the ControlledAccess class) to secure the password, and store it in the PersistentStore. I haven't quite figured out how it all works yet, but do you think that is a reasonable approach?

 

SMS:

 

I see the SMS functionality works quite differently from the email functionality, and I'm wondering if you have any suggestions to how to tackle the SMS side of things. I was thinking that perhaps the best way is to intercept the SMS's as they come in, and ask the user for a password, or if there is a saved password, decrypt them on-the-fly, as they come in, or ask the user for a password as they come in. Alternatively, I can perhaps copy them into an Encrypted Inbox, but that sounds like a lot of work.

 

On the create / send side, I was thinking that perhaps the simplest way is for the user to create the SMS in the email window, and then click encrypt, and then add an "Send as encrypted SMS" in the menu.

 

I'd love to hear your thoughts on the matter.

 

Chat later,

 

Mark

Developer
Posts: 155
Registered: ‎02-18-2009
My Device: Not Specified

Re: RE: BIS compatible open source S/MIME email encryption for BlackBerry

 


My client asked me if I can add "save password" functionality.


You could try to store the secret key in the PersistableRIMKeyStore. One of the overloaded set methods allows you to store a SymmetricKey inside the key store. The main advantage of using the key store is that the key store is protected with the system key store password. A password timeout can be specified. By using the PersistableRIMKeyStore the password will also be backed-up when needed. Djigzo only directly uses public and private keys so I have not tried storing a SymmetricKey but it should work.

 

 


I see the SMS functionality works quite differently from the email functionality, and I'm wondering if you have any suggestions to how to tackle the SMS side of things. I was thinking that perhaps the best way is to intercept the SMS's as they come in, and ask the user for a password, or if there is a saved password, decrypt them on-the-fly, as they come in, or ask the user for a password as they come in. Alternatively, I can perhaps copy them into an Encrypted Inbox, but that sounds like a lot of work.


I haven't worked with SMS myself but a possible option would be to add a decrypt ApplicationMenuItem and when clicked it tries to decrypt the currenly selected field.

 

 


 On the create / send side, I was thinking that perhaps the simplest way is for the user to create the SMS in the email window, and then click encrypt, and then add an "Send as encrypted SMS" in the menu.


That shouldn't be that hard. The main advantage is that SMS only supports Text and no HTML and attachments like email does :smileyhappy: