IDRBT Project: Application Development in Java for public key cryptography

0|P a g e

BUILDINGANEASYTOUSEAPPLICATIONFORPUBLICKEYCRYPTOYSTEMUSINGOPENSSLLIBRARY

&

DEPLOYMENTOFOXAPPSUITEOVERREDHATSERVERSYSTEMFORIDRBTINTRANETANDCLOUD

Submitted To:

INSTITUTE OF DEVELOPMENT AND RESEARCH IN BANKING TECHNOLOGY

ROAD NO. 1, CASTLE HILLS, MASAB TANK,

HYDERABAD-500057

Project Guide:

By:

Dr.N.P.Dhavale Shivashish Kumar

Deputy General Manager, Part‐III,

IDRBT,Hyderabad Mathematics and Computing

IIT(BHU),Varanasi

PROJECTREPORT:

1|P a g e

InstituteofDevelopmentandResearchinBankingTechnology

RoadNo.1,CastleHills,MasabTank,

Hyderabad‐500057

CERTIFICATE

Mr. Shivashish Kumar, student of Integrated M.Tech course at IIT(BHU),Varanasi in the

Department of Applied Mathematics was assigned the projects 1.”Building an easy to use

application for public key cryptosystem using openSSl libraries” 2.”Installation of OX AppSuite

over red hat server system for IDRBT intranet and cloud” under the guidance of INFINET

department of IDRBT. During the course of the project he has undertaken a study of Public Key

Infrastructure (PKI), Java Libraries and Networking Systems.

This is to certify that he has successfully completed the projects assigned to him as an intern at

Institute for Development and Research in Banking Technology, Hyderabad from May 13, 2013

to July 12, 2013.

Dr. N.P.Dhavale

(Project Guide)

Deputy General Manager

IDRBT, Hyderabad

2|P a g e

ACKNOWLEDGEMENT

Summer project is a golden opportunity for learning and self‐development. I consider myself very lucky and honored to have so many wonderful people lead me through in completion of this project.

I would like to express my sincere gratitude to the Institute for Development and Research in Banking Technology (IDRBT) and particularly Dr.N.P.Dhavale Sir, who was my guide during the course of the project. . I would not hesitate to add that this short span of time in IDRBT has added a different facet to my life as this is a unique organization being a combination of academics, research, technology, communication services, crucial applications etc. and at the same time performing roles as an arm of regulation, spread of technology, facilitator for implementing technology in banking and non‐banking system.

I am really grateful to Dr.N.P.Dhavale Sir who in spite of being extraordinarily busy with his duties, took time out to hear, guide and keep me on the correct path and allowing me to carry out my industrial project work at the organization and extending during the training. He helped all time when we needed and he gave right direction toward completion of project. I am also thankful to Mahesh Sir,Srihari Sir and Anuradha Madam with whom I worked throughout my stint at IDRBT and this project was possible only with their cooperation I am thankful to the staff of INFINET department at IDRBT for helping me to get familiar with the applications. They gave me a chance to study the application and its impact from different perspective. I am also thankful to my college, for giving me this Opportunity to work in a high‐end research institute like IDRBT. Lastly I will like to thank my family and friends for their support and all others who made this project successful either directly or indirectly Shivashish Kumar Project trainee

IDRBT, Hyderabad

3|P a g e

ABSTRACT

Project 1.”Building an easy to use application for public key cryptosystem using openSSl library” The project is about an application for public key cryptosystem using OpenSSL library. It consists of various functionality offered by the application, associated features, platforms used and methodology followed by the application. The report also has class diagram and sequence diagram to emphasize further about the application have actually been built and a way forward to summarize the task to be done further for this. Project 2.”Installation of OX AppSuite over red hat server system for IDRBT intranet and cloud”. The Project is about deployment of OX App Suite over IDRBT intranet .It discusses about OX App Suite, Its significance in IDRBT environment, and the stepwise instruction followed during the course of the project for its deployment. It also highlights about the steps required for moving to the cloud and the difficulties associated with it.

4|P a g e

TABLE OF CONTENT

Project I

1. Introduction................................................................................................................................ 7

2Project Description......................................................................................................................... 7-10

2.1 Application Software........................................................................................................... 7

2.2 Cryptography..................................................................................................................... 7-8

2.3 Cryptography Terms…………………………………………………………………

2.4 openSSL ……………………………...............................................................................

9-10

10

3. Objective....................................................................................................................................... 10

4 Functionality...............................................................................................................................

5. Platform...................................................................................................................................

6. Overview………………………………………………………………………………………..

7. Requirements.................................................................................................................................

8. Significance…………………………………………………………………………………

9. Methodology……………………………………………………………………………………

9.1 Sequence Diagram………………………………………………………………………..

9.2 Operating Instructions……………………………………………………………………

9.3 Class Diagram……………………………………………………………………………

10/Features………………………………………………………………………………………….

11. Way Forward……………………………………………………………………………………

Summary……………………………………………………………………………………………

References…………………………………………………………………………………………..

11

11

11-12

12

13

14-28

14

15-20

21-28

29-30

30

31

32

5|P a g e

Project II

1. Introduction................................................................................................................................ 34

2 Objectives.................................................................................................................................. 34

3. Definitions................................................................................................................................ 34-35

4 Platform………………………................................................................................................ 35

5. Requirements…………………………………………………………………………………

6. OX App Suite at

IDRBT……………………………………………………………………….

7. Installation and deployment…………………………………………………………………

5.1 OX App Suite over Intranet............................................................................................

5.2 OX App Suite over Cloud ………………........................................................................

Summary........................................................................................................................................

.

35

36

36-39

36-38

39

40

References...................................................................................................................................... 41

6|P a g e

PROJECT1

BUILDINGANEASYTOUSEAPPLICATIONFORPUBLICKEYCRYPTOSYSTEMUSINGOPENSSLLIBRARY

7|P a g e

1.INTRODUCTION

This project mainly concentrates about developing a Java based application which will let the

user perform different cryptographic instruction in GUI (Graphic user Interface) mode. The

developed application is a desktop application which on receiving various cryptographic

requests from the user will process and execute them accordingly. All the digital features of

Public key Infrastructure like key generation, certificates, message digest, encryption and

signatures have been combined with the application itself to make it a standalone application

2.ProjectDescription

2.1 Application software is all the computer software that causes a computer to perform useful tasks beyond the running of the computer itself. A specific instance of such software is called a software application or easy to use application

2.2Cryptography

Cryptography or cryptology is the practice and study of techniques for secure communication

in the presence of third parties

In modern era, there are 2 ways of cryptography:

1. Symmetric key cryptography

2. Public key cryptography

Symmetric‐key cryptography refers to encryption methods in which both the sender and

receiver share the same key. This method have historically been susceptible to known‐plaintext

attacks, chosen plaintext attacks, differential cryptanalysis and linear cryptanalysis.

Public‐key cryptography refers to a cryptographic system requiring two separate keys, one of

which is secret and one of which is public. Although different, the two parts of the key pair are

mathematically linked. One key locks or encrypts the plaintext, and the other unlocks or

decrypts the cipher text.

There are two main uses for public‐key cryptography:

Public‐key encryption, in which a message is encrypted with a recipient's public key. The message cannot be decrypted by anyone who does not possess the matching secret key,

8|P a g e

who is thus presumed to be the owner of that key and the person associated with the public key. This is used in an attempt to ensure confidentiality.

Digital signatures, in which a message is signed with the sender's secret key and can be verified by anyone who has access to the sender's public key. This ensures that the message has not been tampered, as any manipulation of the message will result in changes to the encoded message digest, which otherwise remains unchanged between the sender and receiver.

This entire process of using public‐ key cryptography is public key cryptosystem

I image source gdp.globus.org

A public‐key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.

In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). The user identity must be unique within each CA domain.

Image source: ei4africa.eu

Fig2:PKISystem

Fig1:Publickeycryptography

9|P a g e

2.3CryptographyTerms:

2.3.1 Symmetric Key: Key that is used with the operations of a symmetric encryption scheme is

the symmetric key

2.3.2 Digital Certificate: In cryptography, a public key certificate or digital certificate is an electronic document that uses a digital signature to bind a public key with an identity — information such as the name of a person or an organization, their address, and so forth.

2.3.3 Key Pair: Every digital certificate has a pair of associated cryptographic keys. This pair of keys consists of a private key and a public key. A public key is part of the owner's digital certificate and is available for anyone to use. A private key, however, is protected by and available only to the owner of the key.

2.3.4 Root Certificate: A root certificate is either an unsigned public key certificate or a self‐signed certificate that identifies the Root Certificate Authority (CA).

2.3.5 Certification Authority (CA): It is an entity that issues digital certificates

2.3.6Certification request: a certificate signing request (also CSR or certification request) is a message sent from an applicant to a certificate authority in order to apply for a digital certificate

2.3.7 Certificate signing: A CA issues digital certificates that contain a public key and the identity of the owner. A CA's obligation in such schemes is to verify an applicant's credentials, so that users and relying parties can trust the information in the CA's certificates.

2.3.8 PKCS#12 Certificate: PKCS #12 defines an archive file format for storing many cryptography objects as a single file. It is commonly used to bundle a private key with its X.509 certificate or to bundle all the members of a chain of trust.

2.3.9 Digital Signature: It is a mathematical scheme for demonstrating the authenticity of a digital message or document.

2.3.10 Message Digest: A cryptographic hash function is algorithm that takes an arbitrary block of data and returns a fixed‐size bit string, the (cryptographic) hash value, the data to be encoded are often called the "message," and the hash value is sometimes called the message digest or simply digests.

2.3.11 Encryption is the process of encoding messages (or information) in such a way that eavesdroppers or hackers cannot read it, but that authorized parties can.

10|P a g e

2.3.12 Decryption: The process of decoding data that has been encrypted into a secret format. Decryption requires a secret key (private or symmetric)

2.3.13 Cipher: a cipher (or cypher) is an algorithm for performing encryption or decryption—a series of well‐defined steps that can be followed as a procedure.

2.3.14 Base64 encoding: Base64 is a group of similar binary‐to‐text encoding schemes that represent binary data in an ASCII string format by translating it into a radix‐64 representation.

2.3.15 Crypto Token: A security token (or sometimes a hardware token, authentication token, USB token) may be a physical device that an authorized user of computer services is given to ease authentication

2.4 OpenSSL is an open‐source implementation of the SSL and TLS protocols. The

core library, written in the C programming language, implements the

basic cryptographic functions and provides various utility functions.

3.Objective

3.1Userfriendlyapplicationforsecuretransmission.

Basicaimistodevelopauserfriendlyapplicationsothatusercansecurelytransmitdataorinformation with limited knowledge about cryptographic algorithms. Any individual ororganizationcanrelyonthisapplicationforconfidentialityandauthenticityofresources

3.2Easyimplementationofcryptographicfunction

Cryptographic libraries are based on command line tools and are difficult to be used. ItrequiressequentialinstructiontobeprovidedmanuallythroughDOS.Thisapplicationwillmaketheuseofcryptofunction(openSSL)easythroughinterface.

3.3Combinationofdifferentfunctionalities

Application reduces the effort of executing commands one after another enabling user to view,

control, and manipulate multiple things simultaneously. Also application executes multiple

tasks to be performed in one step.

11|P a g e

4.Functionality

4.1 Generation of key pair and associated certificates including self‐signed root certificate.

4.2 Signature and verification of signature

4.3 Encryption and decryption

4.4 Combination of signature and encryption

5.Platform

5.1 Java using swing and awt packages 5.2 OpenSSL crypto libraries 5.3 Support for FIPS 140 label 2* complying crypto tokens.

6.Overview

The application has been developed in Java using different packages and libraries. Application has nine buttons in its homepage where each of the button performs a specific task it has been assigned with. With the click of the user, application executes the request for further processing. With each of the request, application asks for the input file and processes them using openSSL instructions to execute the output

* -> security standards

Fig3:screenshotofapplication’shomepage

12|P a g e

Buttons

6.1 Generate Key: This button generates private, public or key‐pair with specific number of bits and secure it with passphrase (if provided) using RSA algorithm

6.2 Generate Certificate: It provides the option to generate certificate request, to create a self‐signed root certificate for the system/Server with the mentioned validity period and name or to sign a certificate request using root CA account

6.3 Export PKCS#12 Certificate: It exports the certificate in .pfx format so as to be imported to the browser or other platforms.

6.4 Generate Digest: This button lets user create a digest for a given file, add digital signature for a message or to verify a signature

6.5 Encrypt/Decrypt: Encrypts a particular file using cipher through passphrase and similarly decrypts a file. It provides user with the option of base 64 encoding.

6.6 Generate Signature: This option lets user generate their digital signature for a message through signing certificate.

6.7 Sign & Encrypt: This button will create a compressed file containing encrypted form of the message along with the user’s signature, its certificate as well as the encrypted passphrase.

6.8 Verify Signature: This Command verifies the signature of the sender with the actual message sent

6.9 Decrypt & Verify: It decrypts the message received as well as verifies the signature to ensure authenticity of the message by selecting the files sent by the sender.

Default hashing algorithm: SHA1

Default Cipher: aes‐192‐cbc

7.Requirements

Java development kit(6.0 and above) Microsoft Windows Operating system 7‐Zip OpenSSL library (0.9.81 and above) FIPS 140 label 2 crypto tokens

13|P a g e

8.SignificanceatIDRBT

8.1CurrentScenario

IDRBT CA uses an application build by TCS for public key infrastructure requirement including signing certificates. It requires high end servers and huge database from oracle. Also IDRBT do not have its own application to provide assistance to banks for PKI on demand

8.2Drawback

Huge expenditure of money

Not complete utilization of huge resources due to small scale usage

8.3ProposedSystem

The application developed during this project requires a minimal cost for its usage and

will work properly in a small level organization such as IDRBT CA. Expenditure of small

amount of money for ensuring security of the application will be the only cost and the

application to serve the same purpose.

Different banks run multiple level of application which requires security like structured

financial messaging system (SFMS), National electronic Fund Transfer (NEFT) which must

be secured. This application will let IDRBT provide banks with public key cryptography

facilities on their request for enabling PKI facilities in their application.

14|P a g e

9.Methodology

9.1SequenceDiagram

Figure4:workflowmodel

15|P a g e

9.2OperatingInstruction

9.2.1GenerateKey

Click on generate key button from home page. Another frame will open up where user will have to select the path where key is to be stored. This is done using JFileChooser class of javax.swing package. User will also have to provide specific number of bits and passphrase (optional) User will finally select the choice to generate public key, private key or key pair. In case of key pair, application will first generate private key and then will itself write public key in the same file 9.2.2GenerateCertificate Click on Generate certificate button An option frame will open up to select for one of the provided option.

Fig5:Screenshotofkeygeneration

Fig6:Screenshotof certificateframe

16|P a g e

9.2.2.1 for certificate request, click on first button.

Another frame will open up asking user to provide with the instructions like validity and certificate name. After the instruction are provided, Certificate will be generated in .pem format 9.2.2.2 To generate self‐signed root CA account, user will need to click to second button.

Firstly, Root CA account have to be configured in the system by clicking on configure button. It will create a folder with the entire CA configuration files so that root certificate and keys get stored there Root certificate name and validity period have to be provided to generate the certificate. 9.2.2.3 To sign a certificate using root account, third option will be selected were CA admin will have to input its signing certificate It will ask for the root password through pop up box and if correct will sign the certificate

The message box is displayed using JOptionPane class of the javax.swing package

Fig7:Screenshotofcertificaterequest

Fig8:screenshotforRootCertificate

Fig9:screenshotforcertificatesigning

17|P a g e

9.2.3ExportPKCS#12certificate User will have to select the certificate file to be exported using JFileChooser class and the name of the certificate.

A click on export button will export the certificate in .pfx format in the selected location 9.2.4GenerateDigest Click on Generate Digest Button Another frame will open up asking user to input the message file .Also user will have the option to select the digest method from the dropdown menu (Optional) Digest of the method will be created in the same directory as inputfile_out.extension file

Fig10:screenshotforPKCS#12export

Fig11:screenshotforfileselection

Fig12:screenshotforgeneratingdigest

18|P a g e

9.2.5Encrypt/Decrypt* User will click on the Encrypt/Decrypt button and then encrypt or decrypt option Another Frame will open up asking user to provide the message file and passphrase (symmetric key) to be selected in GUI mode using JFileChooser class User can also select base 64 encoding option and cipher (optional). In case of encryption, it will then encrypt the file as inputfile_enc.extension in the same directory and similarly for decryption, it will decrypt the file as inputfile_dec.extension in same directory 9.2.6GenerateSignature User will click on the Generate Signature Button Another Frame will open up where users have to provide the input file for which signature has to be done and the signing certificate Application will extract the private key from the certificate in the backend and will then create the signature for the file using default/selected hashing algorithm as inputfile_sign extension in same directory

*‐>basedonsymmetrickeyalgorithm

Fig13:screenshotfordecryption*

Fig14:screenshotforsignatureframe

19|P a g e

A pop up window will display providing user the option to compress the message file with

signature. If selected, a .zip file will be created with the required document in selected folder

9.2.7VerifySignature: User will click on the verify Signature Button In the next frame User will provide the sender’s certificate, signature file and the actual message file. Application will extract the public key from the certificate to create digest from signature and then will check it with the digest of the message file If both will be equal, message box will display with “verified OK” or else “verification failed”.

9.2.8Sign&Encrypt

Fig14:Screenshotformessagebox

Fig15:Screenshotforverification

Fig16:Screenshotforsignature Fig17:Screenshotforencryption

20|P a g e

Click on Sign & Encrypt button.

Another Frame will open up where user will provide the required instruction for signing

Application will generate the signature by executing the provided inputs.

Further inputs will be asked in another frame for encryption like receiver’s certificate and

passphrase.

Actual text file will then be encrypted using selected/default algorithm and the passphrase will

be encrypted using public key of the receiver.

All these required documents will now be zipped in a single file created at the desktop.

92.9Decrypt&Verify User Will Click on the Decrypt & verify button Another frame will open up where user will have to select the compressed .zip file with the entire required file. Application will uncompressed the file and extract all the required documents. It will then decrypt the message file by first decrypting the symmetric key using the private key of the receiver and then using that symmetric key to decrypt the actual message file. Further, the digest of the actual message file is compared with the signature file to ensure the authenticity of the message

Fig18:Screenshotformessagebox

Fig19:screenshotfordecrypt&verify

21|P a g e

9.3ClassDiagrams

9.3.1Homepage

Figure20:Defaultpackage

22|P a g e

9.3.2KeyGeneration

Figure21:testpackage

23|P a g e

9.3.3Certificates

Fig22:Certificatepackage

24|P a g e

9.3.4Digest

Figure23:DigestPackage

25|P a g e

9.3.5 Encrypt/Decrypt

Figure24:encryptpackage

26|P a g e

9.3.6Signature

9.3.7VerifySignature

Figure25:signpackage

Figure26:verifypackage

27|P a g e

9.3.8Sign&Encrypt

Figure27:signencryptpackage

28|P a g e

9.3.9Decrypt&Verify

Figure28:userdecryptpackage

29|P a g e

10.Features

10.1EnhancedSecurity The application will ensures security of the keys by supporting crypto token reducing considerably the chances of any of its misuse.Compatilibity has been maintained between application and token so that keys and certificate generated will get stored in the token itself and the application will prompt the selection of certificate from there only.

Image source: blog.cryptographyengineering.com

10.2SelectionofAlgorithm:Facilitates the user to continue with the default ciphers and hashing algorithms or provide it themselves to ensure further security. A user based on his knowledge can either select suitable algorithms or can rely on the application to do it for them.

10.3AttachedLogfile An embedded Log File that is an excel file is associated with the application for complete record of files with performed operation. An administrator or owner of the system/organization Can always have a look regarding different operations and certificates used with the application

Fig29:cryptotokens

Fig30:Screenshotforlogfile

30|P a g e

10.4DataIntegrity

Access forces user to enter a value for a value in each column. User will not be able to leave

that field blank since a message will pop up to let a user know that they need to enter a value

for those fields

10.5Useofpassphrase

Application encourage the use of passphrase while generating keys/certificate which is always

advisable in cryptographic functions

11.Way Forward

11.1Complete reliance of the application with crypto token

Crypto tokens or USB tokens are the essential requirements for an public key cryptography

application to be complete. Application need to be completely relied on all sorts of USB tokens,

So that a user can feel safe and assured

11.2AttachedUserDirectory

A user directory or help file with step by step instruction should be clipped with the application for easy usage of application for the end‐user

11.3DeploymentoverIDRBTIntranetandcloud

Once the application is fully complete and tested, it can be installed in a server system as well

as to cloud to facilitate its usage for all the concerned staff

Fig31:Screenshotformessageboxforinputpath

31|P a g e

Summary

The application which was developed during the course of the project will have a tremendous impact at the end‐user level. The application will let user transfer data and information digitally in a much simplified way. At an organization like IDRBT, it will enable Public key infrastructure usage in a concise and easy manner .The application reduces the trouble of relying over multiple applications for different cryptographic function as it provides entire set of public key cryptosystem functionality and also enhanced security through its in‐built support for crypto tokens.

This project will also help IDRBT CA to cut off their expenditure as it provides a much easy and simplified way of signing certificate and will also help associated banks and concerned services for securely running their application. Application also has enhanced security features and support for lot many ciphers and hashing algorithms which will ensure that from a beginner to a professional user, it can be accessed by anyone. Administrator privileges have been ensured to reduce the chances of any misuse of application and certificates.

32|P a g e

References

Links http://www.openssl.org/

http://www.madboa.com/geek/openssl/

http://viralpatel.net/blogs/how‐to‐execute‐command‐prompt‐command‐view‐output‐

java/

http://www.fortystones.com/event‐handlers‐java/

http://stackoverflow.com/questions/17341944/how‐to‐store‐a‐file‐in‐java‐which‐is‐

generated‐on‐execution‐of‐a‐exe‐file

http://idrbtca.org.in/

http://www.eclipse.org/

http://en.wikipedia.org/

http://www.homeport.org/~adam/crypto/

http://www.watchdata.com/en/bank/

PDF

www.cgi.com/cgi/pdf/cgi_whpr_35_pki_e.pdf

citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.127...pdf

WatchSAFE ND 3.4 Std‐Briefing of the support for CryptAPI2.0.pdf WatchSAFE ND 3.4 Std‐Briefing of the support for PKCS.pdf java_2_complete_reference_(5th_ed)Herbert_Schildt

33|P a g e

PROJECT2

DEPLOYMENTOFOXAPPSUITEOVERREDHATSEVERSYSTEMFORIDRBTINTRANETANDCLOUD

image source:www.ox.io

Fig32:OXAppSuiteModel

34|P a g e

1.INTRODUCTION

OX App Suite provides a centralized cloud environment in which users can access email,

contacts, and calendar or address book without flipping back and forth between applications.

OX App Suite let user control all their digital activities from a single platform including managing

appointments, viewing and storing attachments.

To facilitates its usage for the IDRBT employees, it need to be installed over the network

through a server system and further over the cloud

2.Objective

Resolving compatilibity issues of OX AppSuite with private cloud

Deployment of OX app suite over Intranet

Configuration of the mail server and testing other functionality of the application

Study of IDRBT cloud and its feature and deployment of OX App Suite over meghdoot

stack( IDRBT Cloud)

3.Terminology

3.1 OX APP Suite: A centralized cloud environment that lets your users manage their digital lives. 3.2 Red Hat Enterprise Network(RHEL): It is a commercially supported derivative of Fedora tailored to meet the requirements of enterprise customers. It is a commercial product from Red Hat which also sponsors Fedora as a community project 3.3 Apache Web Server : The Apache HTTP Server, commonly referred to as Apache is a web

server software program. Apache supports a variety of features, many implemented

as compiled modules which extend the core functionality

3.4 Open Exchange Server: Open‐Xchange Server is a partially open source project sponsored

by Open‐Xchange, Inc. It is used for developing collaboration software such as email and

calendars.

3.5 MySQL: MySQL is an open source relational database management system (RDBMS) that runs as a server providing multi‐user access to a number of databases.

35|P a g e

3.6 Mail server: A mail server is a computer that serves as an electronic post office for email. Mail exchanged across networks is passed between mail servers that run specially designed software. 3.7 Intranet: An intranet is a computer network that uses Internet Protocol technology to share information, operational systems, or computing services within an organization. 3.8 Cloud Computing: It is a colloquial expression used to describe a variety of different computing concepts that involve a large number of computers that are connected through a real‐time communication network. 3.9 Image: cloud users install operating‐system images and their application software on the

cloud infrastructure. In this model, the cloud user patches and maintains the operating systems

and the application software

3.10 Virtual Machine: A virtual machine (VM) is a software implemented abstraction of the

underlying hardware, which is presented to the application layer of the system. It is a software

implementation of a machine (i.e. a computer) that executes programs like a physical machine.

3.11 Security Group: A security group acts as a firewall that controls the traffic allowed to reach one or more instances. When cloud administrator launches a VM it is assigned with one or more security groups.

4.Platform

4.1 Red Hat Enterprise Linux(RHEL) OS/CentOS operating system

4.2 Apache Webserver

4.3 MySql

4.4 OXAppSuite

4.5 Open Exchange Server

5.Requirements

5.1 Windows/linux/mac Operating system

5.2 Idrbt Intranet

5.3 OX user account in the server system

36|P a g e

6.OXAppSuiteatIDRBT

6.1GoverningCouncilInstructions Directive from the governing council of IDRBT to test the application in our own environment to

look for the functionality it offers.

6.2Advantageous Application will have tremendous effect on the day to day working of employees helping them

to store attachments, maintain appointment and contacts digitally

6.3Security Though this application can run over OX cloud but its deployment over intranet will ensure

security of the data as everything will be within the premises and better management

7.InstallationandDeployment

7.1OXAppSuiteoverIDRBTIntranet 7.1.1Methodology 7.1.1.1RHELOperatingSystem

OX App Suite is supported only on Linux based Servers, so a Red Hat enterprise Linux operating

system is installed over Windows OS using Virtual box.

7.1.1.2AddOpen‐XchangeRepository

Open‐Xchange maintains public available software repositories for different platforms, such as

RHEL. This repository was added to the RHEL installation to enable simple installation and

updates.

7.1.1.3Updatingrepositoriesandinstallingpackages

RHEL operating system was updated and following packages were downloaded using the

instruction:

37|P a g e

yum install mysql‐server open‐xchange open‐xchange‐authentication‐database\

open‐xchange‐ajp open‐xchange‐cluster‐discovery‐static open‐xchange‐admin open‐xchange‐

appsuite \

open‐xchange‐appsuite‐backend open‐xchange‐appsuite‐manifest

7.1.1.4Open‐Xchangeconfiguration

Open Xchange database is initialized and a connection is established between the local server

and the database

7.1.1.5Configurationofservices

Apache webserver files are configured properly to access the groupware frontend.

Mod_proxy_ajp module was configured by creating a new Apache configuration file.

Default website settings were modified to display the Open‐Xchange Graphic User

interface(GUI)

7.1.1.6Addingservicestorunlevels

The new services were installed and configured, but to make them start up on a server boot,

some run levels were added

$ chkconfig ‐‐level 345 mysqld on

$ chkconfig ‐‐level 345 httpd on

$ chkconfig ‐‐level 345 open‐xchange on

Fig33:ScreenshotforOXAppSuitelogin

38|P a g e

7.1.1.7Creatingcontextsandusers

After the whole setup is complete and we got a login screen when accessing the server with a

web browser, a context and default user account is created and various functionality of the

application is tested.

7.1.2Result:

Open Xchange Application is running over the Intranet and can be accessed at IP

172.16.0.22.End user accounts were created and all the functionality were checked. Mail server

was configured and attachments were uploaded and stored using the account and were also

viewed digitally. Multiple numbers of accounts were created with different set of data and log

out and deletions of account feature were also tested.

Fig34:ScreenshotforAppSuiteUserHomepage

39|P a g e

7.2OXappsuiteoverCloud*

7.2.1Methodology

OX App Suite is supported only on Linux based operating system, so a centos/red hat

image need to be created in the private cloud

Once the image is created ,application need to be deployed over the virtual machine

with described image

A new security group will be created with all authorized systems(who have the access

right to OX App Suite) and the defined virtual machine will be made accessible to it

7.2.2Advantages

Better management of accounts with effective performance and maximum coverage.

Scalability and sustainability

Effective performance and coverage

All time support irrespective of server system

7.2.3Technicaldifficulty

As of now, there is no virtual machine with Linux based image in the cloud. So an image needs

to be created in the cloud. It requires a virtual drive of the OS which is not available in the

organization.

*‐>IDRBTprivatecloud

40|P a g e

Summary

OX App Suite is a cloud based application which manages the digital life of the user through a

single platform. The deployment of the application requires execution of some

technical/nontechnical step which was performed and effectively we have OX App Suite

running over the Intranet. It will have to be maintained by the administrator of the server

system and a user over IDRBT network can utilize its features

Application need to be moved to the private cloud of IDRBT which is very essential for

performance and security purposes and working for this have been started already. There are

some technical difficulties but once it will be solved application can be moved to the easily to

the cloud by performing the steps.

41|P a g e

References

http://oxpedia.org/wiki/index.php?title=AppSuite:Open‐

Xchange_Installation_Guide_for_RHEL6

https://www.ox.io/

http://www.redhat.com/products/enterprise‐linux/

http://www.mysql.com/

https://en.wikipedia.org

http://httpd.apache.org/

http://www.rackspace.com/knowledge_center/article/creating‐a‐new‐cloud‐server‐

cloning‐from‐a‐saved‐image

http://stackoverflow.com/

http://www.south.cattelecom.com/Technologies/CloudComputing/0071626948_chap0

1.pdf

IDRBT Project: Application Development in Java for public key cryptography

Technology

Transcript of IDRBT Project: Application Development in Java for public key cryptography