Home

Awesome

Welcome

This software system allows you to decrypt and sign your e-mails with your smartphone instead of using a contactless smartcard. The smartphone communicates with your PC via NFC (as a contactless smartcard would).

Alt text

The associated bachelor's thesis can be found here: http://sar.informatik.hu-berlin.de/research/publications/SAR-PR-2014-08/SAR-PR-2014-08_.pdf

Warning: This is just proof-of-concept code and should NOT be used in production environments

Tested platforms:

The Android app only works on Android 4.4 Kitkat and higher.

Building

Build StatusCode CoverageCode Quality

To create this app, eclipse was used.

To use the app, build it using the makefile in the following way:

make ANDROID_SDK_ROOT=$ANDROID_SDK_ROOT

I used adt-bundle-linux-x86-20131030 as SDK. The OS on which I build the app is Debian Jessie (32 Bit).

Installing

Executing the command

make Android-install

will install the app on your smartphone. Make sure it is connected to your PC and USB debugging is enabled!

Using

For usage, see page 48 and following of the bachelor's thesis.

To get a certificate onto the smartphone, you may use the Makefile.

This will create the PKCS15 files on the smartphone:

make create-pkcs15-files

This will generate a 2048 Bit RSA Key on the smartphone:

make generate-key

This will show you the slot id, which you might need for the next step if it is not 01:

make show-slot-and-id

This will create a Certificate Signing Request. You may specify the information for the distinguished name and the slot, if necessary:

make create-csr

So in the end you could do something like:

make create-csr SLOT=02 COMMON_NAME="Erik Nellessen" EMAIL_ADDRESS=mysecretemail@doesnt.exist

You can have a look at the CSR by executing:

make show-csr

Now you need to sign the certificate signing request with a CA. The Makefile target creates a demo CA using openssl. After that, it signs the certificate. You may specify the path to your openssl.cnf in the OPENSSL_CONF environment variable.

make get-cert

The last step is to store the certificate on the smartphone:

make store-certificate

Now you can configure Thunderbird/Icedove as described in the bachelor's thesis on page 51 and start decrypting/signing e-mails!

Have fun!