Our solution for automatic email signing is based on industry standard protocols, and the information flow is handled in such a way that the integrity of messages is absolutely preserved; no modifications are needed in email clients or email generating applications, apart from the change of the outgoing SMTP server address.
In fact our server is a relay outgoing SMTP server, that has to be configured for the accepted domains via our comprehensive web interface, conforming to RFC2821 for SMTP and eventually RFC2847 for SMTP TLS; it is able to accept incoming messages in compliance with RFC2822 for Internet Message Format, and with (MIME) as defined in RFC2045 et al.
The messages queued in the server for delivery are screened for specific sender addresses; when no one is found, the message is simply sent to another server (e.g. Company's already existing email gateway) for final delivery or directly delivered to the recipient(s).
If any of the senders is defined in the application's database, the appropriate X.509 certificate is loaded, the private key is identified among those already contained in the HSM, and the message is signed according to RFC2311 - S/MIME Version 2 Message Specification, natively interfacing to the HSM API library for maximum speed and flexibility; the process is eventually repeated for every sender address, encapsulating multiple signatures for correct verification by email clients run by the recipients. When this phase is completed the message is queued for final delivery as in the case of unsigned messages.
It must be quite clear that the whole operation is absolutely transparent to applications and clients; the server appears as an usual SMTP relay, with full standard compliance, and needs no change to an existing system apart from a simple address swap. In fact the automatic email signature server is a subsystem of the certified email server that has already been approved since 2 years by the Italian Government Agency CNIPA, and has been widely used by a national certified email provider with thousand of customers, using all kind of email clients, ranging from Microsoft Outlook and Outlook Express to Lotus Notes, Mozilla Thunderbird and so on.
Of course there is a web interface that handles all maintenance and operational duties, like:
- private keys and X.509 certificate signing requests generation, with association to a given sender address and related attributes
- X.509 certificate uploading to database; all kind of formats generated by Certification Authorities like Verisign are accepted
- X.509 expiration handling, with automated renewal warning messages to system administrators, and automated key changeover
- HSM initialization and security setup
The web interface is written in J2EE running in Tomcat; the access to the system can be controlled either via an username/password procedure or with a stronger smartcard authentication.
More than one server can operated in parallel, for better availability; the database can be shared among the servers or each server can operate on a restricted group of addresses.
Many financial institutions prefer to acquire their hardware by themselves; in this case we simply require the delivery of the machine (s) and the HSM to our company for the installation and testing; the required minimal configuration (to be evaluated according to the size and number of messages to be signed per second) is 1 GB RAM, Xeon 3 GHz, appropriate network interfaces, at least 36 GB RAID-1 disks, and an nCipher HSM; the system must be certified for running Red Hat Enterprise Linux 4, preferably at CAPP/EAL3+ level: otherwise we can deliver turnkey systems at various configuration levels.