Tag Archives: aes

Exchanging Encrypted Mails

2016 released Snowden is a biographical movie fictionalised life story of Former NSA employee Edward Snowden. The movie reveals illegal surveillance techniques of the government organization. Also, harversting email and search history data is revealed by Snowden, too. This paranoia might convince Zuckerberg. He covered his webcam and mic with tape.

Beyond the paranoia, doubt often forces more rigorous scientific analysis and leads discoveries. In other words, thoroughly conscious ignorance. So, we can protect mails even if they are harvested by third parties. In this post, we will mention an implementation of exchanging encrypted mails.

We will build an exchanging encrypted mail implementation, and run it via gmail infrastructure. In order to work on gmail, you need to allow less secure applications to access your gmail account. You should skip this step if you work on an alternative mail server. Also, we would develop this implementation by referencing Java Mail API.

Continue reading

Protecting Java Codes: Encrypted Class Loader

Cloud services are adopted by both start-ups and enterprises in recent years. However, it comes security issues. At this point, developed codes differ from the data. Critical data should be stored as encrypted. On the other hand, developed codes are mostly installed on server vulnerably. For istance, Java projects could be installed on a server as a jar/ear extention file. This files include java classes hierarchically. However, there are several decompilers extract original java codes from class files.

What if the developed code includes patentable algorithm? An enterprise might protect its intellectual property. In this case, installing the project on a server directly would be like turkeys voting for Christmas. So, what we are saying is that we should encrypt the important codes just as critical data, store them in cloud database, and decrypt it on runtime to protect intellectual property. In this way, custom codes would be still secure even if the cloud system is invaded because encryption key would not be stored on cloud system.

Continue reading