Professional Documents
Culture Documents
&
DEPLOYMENT OF OX APP SUITE OVER RED HAT SERVER SYSTEM FOR IDRBT
INTRANET AND IDRBT CLOUD SERVICES
Submitted To:
INSTITUTE FOR DEVELOPMENT AND RESEARCH IN BANKING TECHNOLOGY
HYDERABAD-500057
Project Guide:By:
0|P age
Institute For Development and Research in Banking Technology
Hyderabad-500057
CERTIFICATE
Mr. Shivashish Kumar, student of Integrated M.Tech course at IIT (BHU), Varanasi in the
Department of Applied Mathematics was assigned the projects 1.”Building an easy to use
application for public key cryptosystem using openSSL Libraries” 2.”Installation of OX AppSuite
over red hat server system for IDRBT intranet and IDRBT Cloud Services” under the guidance of
INFINET department of IDRBT. During the course of the project he has undertaken a study of
Public Key Infrastructure (PKI), Java Libraries and Networking Systems.
This is to certify that he has successfully completed the projects assigned to him as an intern at
Institute for Development and Research in Banking Technology, Hyderabad from May 13, 2013
to July 12, 2013.
Dr. N.P.Dhavale
(Project Guide)
Deputy General Manager
IDRBT, Hyderabad
1|P age
ACKNOWLEDGEMENT
Summer project is a golden opportunity for learning and self-development. I consider myself
very lucky and honored to have so many wonderful people lead me through in completion of
this project.
I would like to express my sincere gratitude to the Institute for Development and Research in
Banking Technology (IDRBT) and particularly Dr.N.P.Dhavale, whowas my guide during the
course of the project.I would not hesitate to add that this short span of time in IDRBT has
added a different facet to my life as this is a unique organization being a combination of
academics, research, technology, communication services, crucial applications etc. and at the
same time performing roles as an arm of regulation, spread of technology, facilitator for
implementing technology in banking and non-banking system.
I am really grateful to Dr.N.P.Dhavale who in spite of being extraordinarily busy with his duties,
took time out to hear, guide and keep me on the correct path and allowing me to carry out my
industrial project work at the organization and extending during the training. He helped all time
when we needed and he gave right direction toward completion of project.
I am thankful to the staff of INFINET department at IDRBT for helping me to get familiar with
the applications. They gave me a chance to study the application and its impact from different
perspective. I am also thankful to my college, for giving me this Opportunity to work in a high-
end research institute like IDRBT.
Lastly I will like to thank my family and friends for their support and all others who made this
project successful either directly or indirectly
Shivashish Kumar
Project trainee
IDRBT, Hyderabad
2|P age
ABSTRACT
Project 1.”Building an easy to use application for public key cryptosystem using
openSSllibrary”.The project is about an application for public key cryptosystem using OpenSSL
library. It consists of various functionality offered by the application, associated features,
platforms used and methodology followed by the application. The report also has class diagram
and sequence diagram to emphasize further about the application have actually been built and
a way forward to summarize the task to be done further for this.
Project 2.”Installation of OX AppSuite over red hat server system for IDRBT intranet and cloud”.
The Project is about deployment of OX App Suite over IDRBT intranet .It discusses about OX App
Suite, Its significance inIDRBT environment, and the stepwise instruction followed during the
course of the project for its deployment. It also highlights about the steps required for moving
to the cloud and the difficulties associated with it.
3|P age
TABLE OF CONTENT
Project I
1. Introduction................................................................................................................................ 7
2. Project Description....................................................................................................................... 7-10
2.1 Application Software........................................................................................................... 7
2.2 Cryptography..................................................................................................................... 7-8
2.3 Cryptography Terms………………………………………………………………… 9-10
2.4 openSSL ……………………………............................................................................... 10
3. Objective....................................................................................................................................... 10
4 Functionality............................................................................................................................... 11
5. Platform................................................................................................................................... 11
6. Overview……………………………………………………………………………………….. 11-12
7. Requirements................................................................................................................................. 12
8. Significance………………………………………………………………………………… 13
9. Methodology…………………………………………………………………………………… 14-28
9.1 Sequence Diagram……………………………………………………………………….. 14
9.2 Operating Instructions…………………………………………………………………… 15-20
9.3 Class Diagram…………………………………………………………………………… 21-28
10/Features…………………………………………………………………………………………. 29-30
11. Way Forward…………………………………………………………………………………… 30
Summary…………………………………………………………………………………………… 31
References………………………………………………………………………………………….. 32
4|P age
Project II
1. Introduction................................................................................................................................ 34
2 Objectives.................................................................................................................................. 34
3. Definitions................................................................................................................................ 34-35
4 Platform………………………................................................................................................ 35
5. Requirements………………………………………………………………………………… 35
6. OX App Suite at IDRBT…………………………………………………………………….. 36
7. Installation and deployment………………………………………………………………… 36-39
5.1 OX App Suite over Intranet............................................................................................ 36-38
5.2 OX App Suite over Cloud ………………........................................................................ 39
Summary........................................................................................................................................ 40
References...................................................................................................................................... 41
5|P age
PROJECT 1
6|P age
1. INTRODUCTION
This project mainly concentrates about developing a Java based application which will let the
user perform different cryptographic instruction in GUI (Graphic user Interface) mode. The
developed application is a desktop application which on receiving various cryptographic
requests from the user will process and execute them accordingly. All the digital features of
Public key Infrastructure like key generation, certificates, message digest, encryption and
signatures have been combined with the application itself to make it a standalone application
2. Project Description
2.1Application software is all the computer software that causes a computer to perform
useful tasks beyond the running of the computer itself. A specific instance of such software is
called a software application or easy to use application
2.2Cryptography
Cryptography or cryptology is the practice and study of techniques for secure communication
in the presence of third parties
Symmetric-key cryptography refers to encryption methods in which both the sender and
receiver share the same key. This method have historically been susceptible to known-plaintext
attacks, chosen plaintext attacks, differential cryptanalysis and linear cryptanalysis.
Public-key cryptography refers to a cryptographic system requiring two separate keys, one of
which is secret and one of which is public. Although different, the two parts of the key pair are
mathematically linked. One key locks or encrypts the plaintext, and the other unlocks or
decrypts the cipher text.
Public-key encryption, in which a message is encrypted with a recipient's public key. The
message cannot be decrypted by anyone who does not possess the matching secret key,
7|P age
who is thus presumed to be the owner of that key and the person associated with the
public key. This is used in an attempt to ensure confidentiality.
Digital signatures, in which a message is signed with the sender's secret key and can be
verified by anyone who has access to the sender's public key.This ensures that the message
has not been tampered, as any manipulation of the message will result in changes to the
encoded message digest, which otherwise remains unchanged between the sender and
receiver.
This entire process of using public- key cryptography is public key cryptosystem
image sourcegdp.globus.org
8|P age
2.3Cryptography Terms:
2.3.1 Symmetric Key: Key that is used with the operations of a symmetric encryption scheme is
the symmetric key
2.3.3 Key Pair: Every digital certificate has a pair of associated cryptographic keys. This pair of
keys consists of a private key and a public key. A public key is part of the owner's digital
certificate and is available for anyone to use. A private key, however, is protected by and
available only to the owner of the key.
2.3.4 Root Certificate: A root certificate is either an unsigned public key certificate or a self-
signed certificate that identifies the Root Certificate Authority (CA).
2.3.7 Certificate signing: A CA issues digital certificates that contain a public key and the
identity of the owner. A CA's obligation in such schemes is to verify an applicant's credentials,
so that users and relying parties can trust the information in the CA's certificates.
2.3.8 PKCS#12 Certificate: PKCS #12 defines an archive file format for storing many
cryptography objects as a single file. It is commonly used to bundle a private key with
its X.509 certificate or to bundle all the members of a chain of trust.
2.3.10 Message Digest: A cryptographic hash function is algorithm that takes an arbitrary block
of data and returns a fixed-size bit string, the (cryptographic) hash value, the data to be
encoded are often called the "message," and the hash value is sometimes called the message
digest or simply digests.
2.3.11 Encryption is the process of encoding messages (or information) in such a way that
eavesdroppers or hackers cannot read it, but that authorized parties can.
9|P age
2.3.12 Decryption: The process of decoding data that has been encrypted into a secret format.
Decryption requires a secret key (private or symmetric)
2.3.13 Cipher: a cipher (or cypher) is an algorithm for performing encryption or decryption—a
series of well-defined steps that can be followed as a procedure.
2.3.14 Base64 encoding: Base64 is a group of similar binary-to-text encoding schemes that
represent binary data in an ASCII string format by translating it into a radix-64 representation.
2.3.15 Crypto Token: A security token (or sometimes a hardware token, authentication
token, USB token) may be a physical device that an authorized user of computer services is
given to ease authentication
3. Objective
10 | P a g e
4. Functionality
4.1 Generation of key pair and associated certificates including self-signed root certificate.
5. Platform
6. Overview
The application has been developed in Java using different packages and libraries. Application
has nine buttons in its homepage where each of the button performs a specific task it has been
assigned with. With the click of the user, application executes the request for further
processing. With each of the request, application asks for the input file and processes them
using openSSL instructions to execute the output
11 | P a g e
* ->security standards
Buttons
6.1Generate Key: This button generates private, public or key-pair with specific number of bits
and secures it with passphrase (if provided) using RSA algorithm
6.2Generate Certificate: It provides the option to generate certificate request,to create a self-
signed root certificate for the system/Server with the mentioned validity period and name or to
sign a certificate request using root CA account
6.4Generate Digest: This button lets user create a digest for a given file, add digital signature
for a message or to verify a signature
6.5Encrypt/Decrypt: Encrypts a particular file using cipher through passphrase and similarly
decrypts a file. It provides user with the option of base 64 encoding.
6.6 Generate Signature: This option lets user generate their digital signature for a message
through signing certificate.
6.7 Sign & Encrypt: This button will create a compressed file containing encrypted form of the
message along with the user’s signature, its certificate as well as the encrypted passphrase.
6.8 Verify Signature: This Command verifies the signature of the sender with the actual
message sent
6.9 Decrypt & Verify: It decrypts the message received as well as verifies the signature to
ensure authenticity of the message by selecting the files sent by the sender.
7. Requirements
12 | P a g e
8.Significance at IDRBT
8.1 Current Scenario
IDRBT CA uses an application build by TCS for public key infrastructure requirement including
signing certificates. It requires high end servers and huge database from oracle.IDRBT do not
have its own application as of now to provide assistance to banks for PKI on demand
8.2 Drawback
Huge expenditure of money
Different banks run multiple level of application which requires security like structured
financial messaging system (SFMS), National electronic Fund Transfer (NEFT) which must
be secured. This application will let IDRBT provide banks with public key cryptography
facilities on their request for enabling PKI facilities in their application.
13 | P a g e
9. Methodology
9.1 Sequence Diagram
Homepage
Actor
Generate key Generate Export PKCS#12 Generate Encrypt/ Generate Verify Sign & Decrypt &
Certificate certificate Digest Decrypt Signature Signature encrypt verify
14 | P a g e
9.2 Operating Instruction
9.2.1Generate Key
Another frame will open up where user will have to select the path where key is to be stored.
This is done using JFileChooser class of javax.swing package.
User will also have to provide specific number of bits and passphrase (optional)
User will finally select the choice to generate public key, private key or key pair. In case of key
pair, application will first generate private key and then will itself write public key in the same
file
9.2.2Generate Certificate
An option frame will open up to select for one of the provided option.
15 | P a g e
9.2.2.1 for certificate request, click on first button.
Another frame will open up asking user to provide with the instructions like validity and
certificate name.
After the instruction are provided, Certificate will be generated in .pem format
9.2.2.2To generate self-signed root CA account, user will need to click to second button.
Firstly, Root CA account have to be configured in the system by clicking on configure button. It
will create a folder with the entire CA configuration files so that root certificate and keys get
stored there
Root certificate name and validity period have to be provided to generate the certificate.
9.2.2.3 To sign a certificate using root account, third option will be selected were CA admin will
have to input its signing certificate
It will ask for the root password through pop up box and if correct will sign the certificate
16 | P a g e
The message box is displayed using JOptionPane class of the javax.swing package
User will have to select the certificate file to be exported using JFileChooser class and the name
of the certificate.
A click on export button will export the certificate in .pfx format in the selected location
Another frame will open up asking user to input the message file .Also user will have the option
to select the digest method from the dropdown menu (Optional)
17 | P a g e
Digest of the method will be created in the same directory as inputfile_out.extension file
9.2.5 Encrypt/Decrypt*
Another Frame will open up asking user to provide the message file and passphrase (symmetric
key) to be selected in GUI mode using JFileChooser class
User can also select base 64 encoding option and cipher (optional).
In case of encryption, it will then encrypt the file as inputfile_enc.extension in the same
directory and similarly for decryption, it will decrypt the file as inputfile_dec.extension in same
directory
9.2.6Generate Signature
Another Frame will open up where users have to provide the input file for which signature has
to be done and the signing certificate
Application will extract the private key from the certificate in the backend and will then create
the signature for the file using default/selected hashing algorithm as inputfile_sign extension in
same directory
18 | P a g e
* -> based on symmetric key algorithm
Fig 14: Screenshot for message box
A pop up window will display providing user the option to compress the message file with
signature. If selected, a .zip file will be created with the required document in selected folder
9.2.7Verify Signature:
In the next frame User will provide the sender’s certificate, signature file and the actual
message file.
Application will extract the public key from the certificate to create digest from signature and
then will check it with the digest of the message file
If both will be equal, message box will displaywith “verified OK” or else “verification failure”.
Fig 16: Screenshot for signature Fig 17: Screenshot for encryption
19 | P a g e
Click on Sign & Encrypt button.
Another Frame will open up where user will provide the required instruction for signing
Further inputs will be asked in another frame for encryption like receiver’s certificate and
passphrase.
Actual text file will then be encrypted using selected/default algorithm and the passphrase will
be encrypted using public key of the receiver.
All these required documents will now be zipped in a single file created at the desktop.
Another frame will open up where user will have to select the compressed .zip file with the
entire required file.
Application will uncompressed the file and extract all the required documents.
It will then decrypt the message file by first decrypting the symmetric key using the private key
of the receiver and then using that symmetric key to decrypt the actual message file.
Further, the digest of the actual message file is compared with the signature file to ensure the
authenticity of the message
20 | P a g e
9.3Class Diagrams
9.3.1Homepage
21 | P a g e
9.3.2 Key Generation
22 | P a g e
9.3.3 Certificates
23 | P a g e
9.3.4 Digest
24 | P a g e
9.3.5 Encrypt/Decrypt
25 | P a g e
9.3.6 Signature
26 | P a g e
9.3.8 Sign & Encrypt
27 | P a g e
9.3.9Decrypt & Verify
28 | P a g e
10. Features
10.1 Enhanced Security
The application will ensures security of the keys by supporting crypto token reducing
considerably the chances of any of its misuse.Compatilibity has been maintained between
application and token so that keys and certificate generated will get stored in the token itself
and the application will prompt the selection of certificate from there only.
Image source:blog.cryptographyengineering.com
Fig 29: crypto tokens
10.2Selection of Algorithm:
Facilitates the user to continue with the default ciphers and hashing algorithms or provide it
themselves to ensure further security. A user based on his knowledge can either select suitable
algorithms or can rely on the application to do it for them.
An embedded Log File that is an excel file is associated with the application for complete record
of files with performed operation. Anadministrator or owner of the system/organization
Can always have a look regarding different operations and certificates used with the application
29 | P a g e
10.4 Data Integrity
Access forces user to enter a value for a value in each column. User will not be able to leave
that field blank since a message will pop up to let a user know that they need to enter a value
for those fields
11.Way Forward
30 | P a g e
Summary
The application which was developed during the course of the project will have a tremendous
impact at the end-user level. The application will let user transfer data and information digitally
in a much simplified way. At an organization like IDRBT, it will enable Public key infrastructure
usage in a concise and easy manner .The application reduces the trouble of relying over
multiple applications for different cryptographic function as it provides entire set of public key
cryptosystem functionality and also enhanced security through its in-built support for crypto
tokens.
This project will also help IDRBT CA to cut off their expenditure as it provides a much easy and
simplified way of signing certificate and will also help associated banks and concerned services
for securely running their application.
Application also has enhanced security features and support for lot many ciphers and hashing
algorithms which will ensure that from a beginner to a professional user, it can be accessed by
anyone. Administrator privileges have been ensured to reduce the chances of any misuse of
application and certificates.
31 | P a g e
References
Links
http://www.openssl.org/
http://www.madboa.com/geek/openssl/
http://viralpatel.net/blogs/how-to-execute-command-prompt-command-view-output-
java/
http://www.fortystones.com/event-handlers-java/
http://stackoverflow.com/questions/17341944/how-to-store-a-file-in-java-which-is-
generated-on-execution-of-a-exe-file
http://idrbtca.org.in/
http://www.eclipse.org/
http://en.wikipedia.org/
http://www.homeport.org/~adam/crypto/
http://www.watchdata.com/en/bank/
PDF
www.cgi.com/cgi/pdf/cgi_whpr_35_pki_e.pdf
citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.127...pdf
WatchSAFE ND 3.4 Std-Briefing of the support for CryptAPI2.0.pdf
WatchSAFE ND 3.4 Std-Briefing of the support for PKCS.pdf
java_2_complete_reference_(5th_ed)Herbert_Schildt
32 | P a g e
PROJECT 2
33 | P a g e
1. INTRODUCTION
OX App Suite provides a centralized cloud environment in which users can access email,
contacts, and calendar or address book without flipping back and forth between applications.
OX App Suite let user control all their digital activities from a single platform including managing
appointments, viewing and storing attachments.
To facilitates its usage for the IDRBT employees, it need to be installed over the network
through a server system and afterward over the cloud
2.Objective
Configuration of the mail server and testing other functionality of the application
Study of IDRBT cloud and its feature and deployment of OXAppSuite over meghdoot
stack( IDRBT Cloud)
3.Terminology
3.1 OX APP Suite: A centralized cloud environment that lets your users manage their digital
lives.
3.3 Apache Web Server: The Apache HTTP Server, commonly referred to as Apache is a web
server software program. Apache supports a variety of features, many implemented
as compiled modules which extend the core functionality
3.4 Open Exchange Server: Open-Xchange Server is a partially open source project sponsored
by Open-Xchange, Inc. It is used for developing collaboration software such as email and
calendars.
3.5 MySQL:MySQL is an open source relational database management system (RDBMS) that
runs as a server providing multi-user access to a number of databases.
34 | P a g e
3.6Mail server: A mail server is a computer that serves as an electronic post office for email.
Mail exchanged across networks is passed between mail servers that run specially designed
software.
3.7 Intranet: An intranet is a computer network that uses Internet Protocol technology to share
information, operational systems, or computing services within an organization.
3.9 Image: cloud users install operating-system images and their application software on the
cloud infrastructure. In this model, the cloud user patches and maintains the operating systems
and the application software
3.10 Virtual Machine: A virtual machine (VM) is a software implemented abstraction of the
underlying hardware, which is presented to the application layer of the system. It is a software
implementation of a machine (i.e. a computer) that executes programs like a physical machine.
3.11 Security Group: A security group acts as a firewall that controls the traffic allowed to reach
one or more instances. When cloud administrator launches a VM it is assigned with one or
more security groups.
4.Platform
4.2Apache Webserver
4.3MySql
4.4OXAppSuite
5.Requirements
35 | P a g e
6.OX App Suite at IDRBT
Directive from the governing council of IDRBT to test the application in our own environment to
look for the functionality it offers.
6.2Advantageous
Application will have tremendous effect on the day to day working of employees helping them
to store attachments, maintain appointment and contacts digitally
6.3 Security
Though this application can run over OX cloud but its deployment over intranet will ensure
security of the data as everything will be within the premises and better management
7.1.1Methodology
36 | P a g e
yum install mysql-server open-xchange open-xchange-authentication-database\
open-xchange-appsuite-backend open-xchange-appsuite-manifest
7.1.1.4Open-Xchange configuration
Open Xchange database is initialized and a connection is established between the local server
and the database
37 | P a g e
7.1.1.7Creating contexts and users
After the whole setup is complete and we got a login screen when accessing the server with a
web browser, a context and default user account is created and various functionality of the
application is tested.
7.1.2 Result:
Open Xchange Application is running over the Intranet and can be accessed at IP
172.16.0.22.End user accounts were created and all the functionality were checked. Mail server
was configured and attachments were uploaded and stored using the account and were also
viewed digitally. Multiple numbers of accounts were created with different set of data and log
out and deletions of account feature were also tested.
38 | P a g e
7.2 OX app suite over Cloud*
7.2.1Methodology
OXAppSuite is supported only on Linux based operating system, so a centos/red hat
image need to be created in the private cloud
Once the image is created ,application need to be deployed over the virtual machine
with described image
A new security group will be created with all authorized systems(who have the access
right to OXAppSuite) and the defined virtual machine will be made accessible to it
7.2.2Advantages
Better management of accounts with effective performance and maximum coverage.
Scalability and sustainability
Effective performance and coverage
All time support irrespective of server system
7.2.3Technical difficulty
As of now, there is no virtual machine with Linux based image in the cloud. Some image needs
to be created in the cloud. It requires a virtual drive of the OS which is not available in the
organization.
39 | P a g e
*-> IDRBT private cloud
Summary
OXApp Suite is a cloud based application which manages the digital life of the user through a
single platform. Thedeployment of the application requires execution of some
technical/nontechnical step which was performed and effectively we have OXAppSuite running
over the Intranet. It will have to be maintained by the administrator of the server system and a
user over IDRBT network can utilize its features
Application need to be moved to the private cloud of IDRBT which is very essential for
performance and security purposes and working for this have been started already. There are
some technical difficulties but once it will be solved application can be moved to the easily to
the cloud by performing the prescribed steps.
40 | P a g e
References
http://oxpedia.org/wiki/index.php?title=AppSuite:Open-
Xchange_Installation_Guide_for_RHEL6
https://www.ox.io/
http://www.redhat.com/products/enterprise-linux/
http://www.mysql.com/
https://en.wikipedia.org
http://httpd.apache.org/
http://www.rackspace.com/knowledge_center/article/creating-a-new-cloud-server-
cloning-from-a-saved-image
http://stackoverflow.com/
http://www.south.cattelecom.com/Technologies/CloudComputing/0071626948_chap0
1.pdf
41 | P a g e