ODS Webmail Example for Encrypting Emails using special search of the recipient's Public Key by domain
ODS Webmail offers the feature of sending encrypted message to recipient by gathering information for the recipient using XRD Provisioning Protocol.
Assume John wants to send encrypted email message to Kate, and Kate does not share her public key to John and John does not have Kate in his AddressBook? contacts.
Instead, when John attempts to send encrypted email message to recipient for ex: kate@mytest.com, then the system perform search by the given recipient domain, using the XRD protocol, if there is registered user in ODS with the given mail.
In case of found, next the system checks if the user has X.509 Certificate.
If found, request its public key.
When the public key is retrieved successfully, the message should be send successfully and then retrieved from Kate her ODS Webmail Inbox.
The scenario from below describes these steps:
Prerequisites
- Perform the steps from the Virtuoso ODS-Mail Installation Guide.
- In our example we will use for domain name: mytest.com
- Install the ODS Addressbook vad package: ods_addressbook_dav.vad
- Set the Virtuoso Server HTTP port and DefaultHost? from [URIQA] section in the ini section by default to be 80:
...
[HTTPServer]
ServerPort = 8893
...
[URIQA]
DefaultHost = mytest.com:8893
...
- Make sure, for ex.
for Windows users, to set the domain i.e.
mytest.com in C:\Windows\system32\drivers\etc.\host:
...
127.0.0.1 mytest.com
...
Configure ODS User and Webmail settings
- Register user John with email for ex.: john@yahoo.com
- Register user Kate respectively with email for ex.: kate@mytest.com
- John and Kate create ODS Webmail instances:
- Go to Application Settings ->Application Management and click "New Web Application" button:
- Click "Create Application" for application type "Mail".
- In the presented form choose domain "mytest.com":
- Click "Create and Launch Application"
- John creates X.509 Certificate with mail john@mytest.com.
- Kate creates X.509 Certificate with mail kate@mytest.com.
- John exports his X.509 Certificate, for ex.
to local file with name john.p12.
- Kate exports her X.509 Certificate, for ex.
to local file with name kate.p12.
- Kate imports the content of her certificate in ODS Profile Edit->Security->X.509 Certificates.
- John and Kate set in their ODS Profile a Private Key:
- Go to Profile ->Edit ->Security->Certificate & Private Key
- Click "Import key from local file" and respectively for John select his certificate john.p12 and for Kate select her certificate kate.p12:
- Enter "Key Name" for ex.
respectively for John: JohnKey? and for Kate: KateKey? and provide the certificate password:
- Click "Import Key"
- As result for both John and Kate should be displayed in the Certificate & Private Key List the imported certificate:
- John configures his Webmail Settings:
- Go to Webmail instance->Preferences and set:
- For "Encryption (with certificate)": select the "JohnKey?" key.
- Select "Required (can't send message unless all recipients have certificates)"
- Finally click "Save"to set the changes.
- Kate goes to her Webmail instance->Preferences and sets:
- For "Encryption (with certificate)": select the "KateKey?" key.
- Finally click "Save"to set the changes.
- John sends encrypted email message to recipient kate@mytest.com
- John goes to his Webmail instance -> Write Message:
- John recipient email kate@mytest.com>:
- John enters "Subject" for ex: "This is encrypted msg" and "Message": "Simple test"
- John clicks "send message"
- The system perform search by the given recipient domain if there is registered user in ODS with the given mail.
In case of found, next the system checks if the user has X.509 Certificate.
If found, request its public key.
When the public key is retrieved successfully, a message for successfully sending the message should be shown:
- Kate receives the encrypted message from John:
- Kate goes to her Webmail instance -> Inbox where should be displayed the new message from John:
Related