Design and development of OTRmail security engine for thunderbird
Date of Issue2010
School of Computer Engineering
Centre for Multimedia and Network Technology
Electronic mail has become an important mode of communication, thus security and privacy of correspondence has become an increasing concern. It is also noted that emails which are sent in clear are easily eavesdropped by intermediate nodes forwarding the emails. To overcome this issue, secure email solutions are being used. Currently, secure email solutions use either Secure/Multipurpose Internet Mail Extension (S/MIME), Pretty Good Privacy (PGP) or OpenPGP protocols. These protocols are not suitable for personal communication as they use long-lived encryption keys, digital signatures and complex key distributions. Hence, the use of Off-The-Record Mail (OTRmail) protocol is suggested. Not only does the OTRmail handles the key distribution for the users, it also provides perfect forward secrecy and repudiability, which is ideal for casual personal communication. However, the protocol had only been implemented using Java as a proof of concept. In order to garner wider public acceptance, an extension to Mozilla Thunderbird to enable support of the OTRmail protocol was developed. The development of the extension is divided into two parts, namely the graphical user interface (GUI) and the XPCOM components as the security engine. This project focused mainly on the engine component of the extension while a prototype GUI was created for the purpose of testing the engine. In this report, the OTRmail protocol design and the cryptographic algorithms used are introduced. The Mozilla extension API (Gecko) and the Network Security Services (NSS) are covered in detail. The design and implementation of both the engine and GUI are also discussed in detail along with the extension file structure and the necessary files to create this Mozilla extension. Essential information about the OTRmail security engine, which has been successfully developed and thoroughly tested, is provided. This report will serve as a guide for developers either in using the security engine in their extension or in improving the security engine capabilities.
DRNTU::Engineering::Computer science and engineering::Data::Data encryption
Final Year Project (FYP)
Nanyang Technological University