利用DiskOnKey的金鑰建構企業安全的電子郵件

Abstract

公開金鑰基礎建設已廣泛使用於網路交易、身分認證等領域，透過私密金鑰電子憑證在網路上提供解密、簽章、身分鑑別與不可否認性，如同網路上的個人身分證，因此私密金鑰的保護，一直是大眾所關注的議題。DiskOnKey是一種連接在USB介面的隨身硬碟，可以安全的存放小量的資料，本研究利用DiskOnKey裝置具有隱藏區的特性，將使用者私鑰加密儲存在隱藏區裡，使用者是看不到私密金鑰的，只有應用程式能夠讀取，使用者只需帶著DiskOnKey接上使用者電腦，即可匯入公鑰憑證和私鑰，Outlook Express上的郵件就可以加密或簽章。本研究另外實作了CA自簽憑證用來簽發DiskOnKey使用者憑證，另外，利用CA憑證建立安全的加密連線，提供沒有DiskOnKey的使用者傳送簽發憑證要求，用這三個部分建立一個安全電子郵件的小型區域網路，如同一般的企業網路。

Public Key Infrastructure has been widely utilized in fields of e-commerce and identity authentication. private key certificate, which is similar to real personal identification on the network, provides decryption, signature, authentication and non-repudiation. Therefore, the protection of private key has been largely concerned. DiskOnKey is a removable USB flash disk. It can save a small amount of data. This thesis made use of the hidden area characteristic of DiskOnKey device to store the encrypted user’s private key in the hidden area. Users could not see the private key. Only the application program could read and recognize it. Users merely need to carry the DiskOnKey and connect it to the computer, and public key certificate and private key can be imported. Thus, the e-mails in Outlook Express can be encrypted or signed. In addition, the thesis implemented CA selfsigned certificate for signing DiskOnKey user’s certificate. CA selfsigned certificate could also construct secure connection to assist users who do no have DiskOnKey to send certificate sign request. Therefore, we can use the above methods to construct local area network of secure e-mail, which is resemble to general enterprise network.