This software system allows you to decrypt and sign your e-mails with your smartphone instead of using a contactless smartcard. The smartphone communicates with your PC via NFC (as a contactless smartcard would).
The associated bachelor's thesis can be found here: http://sar.informatik.hu-berlin.de/research/publications/SAR-PR-2014-08/SAR-PR-2014-08_.pdf
Warning: This is just proof-of-concept code and should NOT be used in production environments
- Android 4.4 Kitkat on Nexus 5
- Android 4.4 Kitkat on LG G2 Mini
The Android app only works on Android 4.4 Kitkat and higher.
To create this app, eclipse was used.
To use the app, build it using the makefile in the following way:
make ANDROID_SDK_ROOT=$ANDROID_SDK_ROOT
I used adt-bundle-linux-x86-20131030 as SDK. The OS on which I build the app is Debian Jessie (32 Bit).
Executing the command
make Android-install
will install the app on your smartphone. Make sure it is connected to your PC and USB debugging is enabled!
For usage, see page 48 and following of the bachelor's thesis.
To get a certificate onto the smartphone, you may use the Makefile.
This will create the PKCS15 files on the smartphone:
make create-pkcs15-files
This will generate a 2048 Bit RSA Key on the smartphone:
make generate-key
This will show you the slot id, which you might need for the next step if it is not 01:
make show-slot-and-id
This will create a Certificate Signing Request. You may specify the information for the distinguished name and the slot, if necessary:
make create-csr
So in the end you could do something like:
make create-csr SLOT=02 COMMON_NAME="Erik Nellessen" EMAIL_ADDRESS=mysecretemail@doesnt.exist
You can have a look at the CSR by executing:
make show-csr
Now you need to sign the certificate signing request with a CA. The Makefile target creates a demo CA using openssl. After that, it signs the certificate. You may specify the path to your openssl.cnf in the OPENSSL_CONF environment variable.
make get-cert
The last step is to store the certificate on the smartphone:
make store-certificate
Now you can configure Thunderbird/Icedove as described in the bachelor's thesis on page 51 and start decrypting/signing e-mails!
Have fun!