How to send encrypted email using Java / Spring Boot

Emails are used as a communication mode for most of the times. Not always people use encrypted email when sending business sensitive information. Outlook and other email client have inbuilt support for this and you can do this with simple click. But what if you need to send encrypted email via your custom application. In this article we will see how we can send an encrypted email in Java. We will use Spring Boot project for this.

Software used

In this tutorial we will use PKI to encrypt and sign our emails. For testing purpose we will prepare couple of self signed certificates using Java Keytool and use them in our example.

Encrypted Email Prerequisite

Create Certificate for Signer : We will use our domain name certificate as signer when we only sign and send an email. Below command gives us a JKS file with private key and public certificate for our site. We will use this to sign our email.

Create Certificate for Mail Receipient : When encrypted email is sent to any email id or recipient we need to have his public key. So the same can be used to encrypt an email for that user. In our tutorial we will use email id “solapure@opencodez.com” and we will use a self signed certificate for this email id. Command to prepare the JKS for this is

As this is self signed certificate we need to trust this in our machine. We will install this certificate along with its private key. So when an encrypted email is sent the mail client will be able to access correct certificate and key. To do that we will convert our JKS to PKCS #12 using below command.

Once done, just double click the “solapure.p12” file, you will be prompted to install this certificate. Follow the instructions and install this certificate as Trusted Authority.

The Project

Now we will go through actual encrypted email project. We will be extending our existing project from github repository. The most important is that we add bouncy castle dependencies to our pom.xml along with other default spring boot items.

Now lets look in to our MailEncryptionUtil.java

Email Signing

The first thing this utility method does is to add Bouncy Castle as one of the Security Provider. Then we read the certificates from JKS we prepared earlier. You can refer more on this utility in our previous article

Then we add some default SMIME  capabilities and create signer object. The signer also needs details about the certificate we read earlier. The signer then can generate MimeMultipart object which we can send.

To send mail in our example we will do like

Post this, once you receive mail in your mail box you can verify signature as below.

 

Encrypted Email

For encryption of email, the utility class has separate method as below

The first step is similar to signing and we need to let JVM know about our security provider. The method getRecipientPublicCertificate is externalized. In this example we are reading fixed certificate for an email but in reality this has to be dynamic. We need to figure out a way to fetch public certificate based on emails from public certificate directory.

Once encrypted mail is sent, based upon your recipients email client he will be asked to allow access to private key. You will see screen as below 

If you allow it then only you will be able to open your encrypted mail. The opened email will look like 

So now we are sure that our email is encrypted and only the actual recipient will be able to open and read it.  You can download the code from our Github

Download Code

 

Summary

The tutorial gives you working example on email encryption and signing. I hope you like it and find it useful. Please do not hesitate to comment or ask question or two.

Add a Comment

Your email address will not be published. Required fields are marked *