About SME/KS Processes

This section describes how v encrypts and decrypts message data, verifies digital signatures, and compresses and decompresses message files.

Key Pair Encryption

In key pair encryption, the sender's message is encrypted with the public key and signed by the sender. The signature is then encrypted with the sender’s private key. Upon receipt, the message is decrypted with recipient's private key. In the Keystore, the sender’s public certificate is used to validate the authenticity of the public key. The public certificate contains the sender’s name, institution, and email address, and is signed by a trusted CA. The certificate alias identifies the certificate in the Keystore. The recipient's private key alias and password is used to access the private key from the Keystore and decrypt the message. See Figure 3–1.

Figure 3–1 Encryption Process

Input parameters labeled with an asterisk (*) show the default values.

Signatures and Verification

Signature verification begins when a subscriber publishes a certificate to a CA. Published certificates contain the subscriber’s identity and public key, and are digitally signed by the CA, which safeguards access to the subscriber’s private key. When a subscriber signs and sends a message, SME/KS converts the message to S/MIME format. The message now contains the digital footprint of the subscribers private key. When the message is received, the public key validates the digital signature created by the private key. See Figure 3–2.

Figure 3–2 Verification Process

Input parameters labeled with an asterisk (*) show the default values.

Compression and Decompression

The compression process converts byte type files into PKCS#7 format using the zlib compression library. See Figure 3–3. For more information on the zlib compression library, visit the gzip product home page at http://www.gzip.org.

Figure 3–3 The Compression/Decompression Process