安全電子郵件系統公鑰自動取得機制之研製

Abstract

電子郵件(Electronic mail，email)已經成為網際網路上非常重要的應用，越來越多的人利用電子郵件作為主要溝通和傳遞訊息的工具，因此電子郵件的安全性變成一個很重要的議題，如何讓電子郵件能提供保密性和確認性的基本安全性要求，有兩種主流的架構已經在網際網路上被廣泛採用： PGP (Pretty Good Privacy) 與 S/MIME。這兩種架構均採用非對稱式公鑰加密技術來解決session key交換的問題，使用者均必須先取得收件人的公鑰才能作加密的動作，而公鑰可以經由不同的管道傳播，公鑰伺服器(Public-Key Server，PKS) 或憑證機構 (Certificate Authority，CA) 提供了公鑰取得和驗證的服務，但不同的收件人對於自己的公鑰有不同的傳播方式，所以使用者面臨公鑰不易取得的問題，例如:不同的公鑰伺服器、不同的憑證機構、個人Homepage、親自面交、、等各式各樣的傳播方式。上述情況，造成使用者意願不高。針對此問題，我們提出一個具有開放性架構來解決公鑰不易取得的問題，並且相容於現有的電子郵件系統，主要的目的是由『公鑰自動取得』的機制，達到加密信件過程自動化，在這架構之中，我們提供了使用者一個方便的操作介面以利於使用者加解密電子郵件，使得電子郵件的安全性能夠被一般使用者重視和廣泛使用，來保障個人應有隱私權，進而能將電子郵件服務更能被廣泛應用於各種需求。

The e-mail has become the killer application on the internet. Using e-mail is a main way of communications, so the secure e-mail becomes a very important subject. PGP (Pretty Good Privacy) and S/MIME (Secure/Multipurpose Internet Mail Extensions) are widely adopted on the Internet to let e-mail provide the secure services of confidentiality and integrity. Both of the solutions adopt public-key cryptography to solve the session key exchange problem. Public-key has the various ways of distribution. Public-key server and Certificate authority provide public-key services of retrieval and authentication, but different users have different methods to distribute public-key information; users face the problem of public-key information that is not easily retrieval. In this thesis, we proposed an open architecture to solve the problem of public-key information that is not easily retrieval. The main purpose is to design an automatic public-key retrieval mechanism that must be compatible with mostly e-mail system. In this architecture, we also provide friendly user interface of secure e-mail to users, make it more convenient when one uses secure e-mail solutions. By the security and convenience, let it be more and more users to use secure e-mail solutions in the future of the proposed architecture.