Notes - Yash-777/Java_Mail GitHub Wiki

redhat.com: Public-key cryptography and related standards underlie the security features of many products such as signed and encrypted email, single sign-on, and Secure Sockets Layer (SSL) communications.

Symmetric-Key Encryption Public-Key Encryption
Asymmetric Encryption

Each public key is published, and the corresponding private key is kept secret.

Generating and Verifying Signatures : Oracle

PKCS12: Multipart Multiple Mail : Use Loop

MimeMessage message = new MimeMessage((Session)null);
message.addRecipient(RecipientType.TO/CC/BCC, new InternetAddress(recipientId));

message.setSubject(subject);
message.addHeader( ... );

MimeBodyPart messageText = new MimeBodyPart();
messageText.setText(body);

InputStream is = attachment.getContent();
DataSource attachementDataSource = new ByteArrayDataSource(is, attachment.getContentType(),attachment.getName());
attachmentMimeBody.setDataHandler(new DataHandler(attachementDataSource));
attachmentMimeBody.setFileName(attachementDataSource.getName());

OLD WAY to get Cert from CF:
KeyStore keystore = KeyStore.getInstance("PKCS12", "BC");
keystore.load(is, password.toCharArray());
Enumeration<String> keyStoreAliasEnum = keystore.aliases();
// First Alias Enumaration
PrivateKey privateKey = (PrivateKey) keystore.getKey(alias, password.toCharArray());

CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate certificate = keystore.getCertificate(alias);
ByteArrayInputStream bais = new ByteArrayInputStream(certificate.getEncoded());
X509Certificate x509Certificate = (X509Certificate) cf.generateCertificate(bais);
Certificate[] chain = (Certificate[]) keystore.getCertificateChain(alias);
if (chain != null) {
	signerCertificatesChain = new X509Certificate[chain.length];
	for (int i = 0; i < chain.length; i++) {
		signerCertificatesChain[i] = (X509Certificate) chain[i];
	}
}

//Signing Data: https://www.baeldung.com/java-bouncy-castle
//------------
CMSSignedDataGenerator cmsGenerator = new CMSSignedDataGenerator();
cmsGenerator.addSignerInfoGenerator(
		new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder()
			.setProvider(MailDomain.EMAIL_PROVIDER.getValue()).build()).build(contentSigner, x509Certificate));
cmsGenerator.addCertificates(certs);

Log4J.consoleLog("Original Message : " + secretMessage);
byte[] data = secretMessage.getBytes();

CMSTypedData cmsData= new CMSProcessableByteArray(data);
CMSSignedData cms = cmsGenerator.generate(cmsData, true);
byte[] signedMessage = cms.getEncoded();


//Encryption Enveloped:
//--------------------
SMIMEEnvelopedGenerator encrypter = new SMIMEEnvelopedGenerator();
encrypter.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(encryptionCertificate).setProvider("BC"));
CMSEnvelopedData encryptedPart = encrypter.generate(MimeMessage message,
				new JceCMSContentEncryptorBuilder(CMSAlgorithm.RC2_CBC, 40).setProvider("BC").build());
byte[] encryptedData = cmsEnvelopedData.getEncoded();

SMTPMessage msg = new SMTPMessage(finalMimeMessage);
msg.setReplyTo(message.getAllRecipients());
msg.setNotifyOptions(SMTPMessage.NOTIFY_SUCCESS + SMTPMessage.NOTIFY_FAILURE);
msg.setReturnOption(SMTPMessage.RETURN_HDRS);

Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files UnlimitedJCEPolicyJDK8C:\Softwares\JDK\jdk1.8.0_121\jre\lib\security

we need to extract the zipped file into a directory of our choice – which contains two jar files: local_policy.jar, US_export_policy.jar
Finally, we need to look for the {JAVA_HOME}/lib/security folder and replace the existing policy files with the ones that we’ve extracted here.

Java KeyStores (*.jks, *.keystore, *.jceks, *.ks) PKCS #12 Keystores (*.pfx, *.p12) Bouncy Castle Keystores (*.bks, *.uber)

Baeldung.com Preparing Certificate And Private Key Baeldung.cer, Baeldung.p12 (password = “password”)

W3C Symmetric Key encryption: The private keys and corresponding certificates are stored in files ending with ".p12". These are PKCS12 files with password passwd.

KeyStore Explorer @kaikramer github KeyStore Explorer is an open-source GUI replacement for the Java command-line utilities keytool and jarsigner.

⚠️ **GitHub.com Fallback** ⚠️