In this project I built an outlook add-in to encrypt and verify e-mail messages (end to end encryption like TLS).
The encryption was done using RSA and the signing was done using SHA-256 and RSA(All the encryption and decryption was done in the TEE).
In the TEE was generated pair of keys: private(d: 2048 bit) and public key(mod: 2048 bit, e:65537). The TEE also stores the keys in it's memory and sends the public key to the host.
The host sends the public key to the CA Server (on SslStream using TlsClient class found in StreamSupport).
The CA signs on the host's public key, stores it and returns the signing + the original key back to host.
Now the user can sign and encrypt emails as well as decrypt and verify emails sent to him.
The user writes a normal new message in outlook... but when the user clicks send - surprise:
The host sends the recipient's public key and the email content for the TEE. The TEE encrypts the email content with the recipient's public key and sign on the encrypted message with the client's private key and sends the result back to the host which sends it back to outlook add-in.
The result is attached to the original email as a binary file and the user can send it.
The message will go from the add-on through the host (which asks the CA for the sender's public key) to the recipient's TEE, where the signature will be verified and the original message will be decrypted and then the add-in will display the decrypted message like this:
