Certificateless cryptography for email application

Abstract

Certificateless cryptography is recently proposed to solve the certificate management problem of public key infrastructure and the key escrow problem of identity-based cryptography. In this scheme, certificate is no longer needed and the trusted-third party can no longer generate the complete private key of any user. The cryptographic services in certificateless cryptography are associated with the users’ identity. Since every e-mail address is unique, it can be used as the identity of user in certificateless cryptography. In this project, an extension called Certificateless E-mail is implemented for Mozilla Thunderbird. Certificateless cryptography is applied in this extension to provide cryptographic services such as encryption and signature on e-mail messages. In this report, a review of the public key infrastructure, identity-based cryptography and certificateless cryptography is provided. These three schemes are compared in the review which will provide readers with a basic understanding of them. After that, a system specification is provided to show the desired features of this system. Then the technology used and screenshots of the system are provided in the Implementation Detail section. A few scenarios are provided to analyze the security of this system. Finally, the work of this project is concluded and a few directions of further developments are discussed.