SlideShare a Scribd company logo

Computer Security Laboratory Manual .pdf

D
DebebeKebede

This manual is prepared using OpenSSL toolkit.

Technology
1 of 45
Download to read offline
1 College of Engineering and Technology School of Computing and Informatics Department of Computer Science Laboratory Manual for Computer Security Compiled By: Debebe Kebede (MSc.)
Lab 1: Installing and Configuring OpenSSL Lab 2: Introduction and Commands Used in OpenSSL Lab 3: Symmetric encryption with OpenSSL: Lab 4: Encrypting File Using DES Algorithm Lab 5: Asymmetric Encryption With OpenSSL Lab 6: Encrypting File Using RSA Lab 7: Digital Certification With OpenSSL Lab 8: Digital Signature 2 Lab Sessions
❖ Before installing OpenSSL, it’s worth checking if it is already present on our ubuntu system from previous installation. ❖ To check if OpenSSL is installed, use this command: $ openssl version ❖ If OpenSSL is installed, it will print out the version information like: ❖ This indicates OPenSSL is already available and we likely do not need to install it again. ❖ If the OpenSSL command is not found, we will see an error like: Bash: openssl: command not found 3 Lab 1: Installing and Configuring OpenSSL on Ubuntu
OpenSSL is a toolbox for cryptographic material implementing SSL and TLS. It gives: 1. A library to program in C allowing to construct client/server applications using SSL/TLS 2. A command line (openssl) allowing ❖ Creation of RSA, DSA keys ❖ Creation of X509 certificates ❖ Digest computation (MD5, SHA, …) ❖ Ciphering and Deciphering (DES, IDEA, RC2, RC4, Blowfish …) ❖ Tests of client/server SSL/TLS ❖ Signature and ciphering of mails (S/MIME) Secure Multi- Purpose Internet Mail Extension 4 Lab 2: Introduction and Commands Used in OpenSSL
❖ To know everything about OpenSSL: man openssl ❖ The general syntax of openssl is: openssl> <command> <options> 5 Cont’d
To encrypt a file with openssl using a DES encryption: openssl> enc –des3 –in file –out file2 The result is in the file file2 ❖ To decrypt the same file: openssl> enc –des3 –d –in file2 –out filedecrypted Here, file and filedecrypted should contain the same content. 6 Lab 3: Symmetric encryption with OpenSSL: Basic Commands
❖ By default, you have to type a password, to protect the encryption. ❖ This password is a generator for the symmetric key. Create and Print Keys ❖ To create a symmetric key: openssl> enc –des3 –P ❖ This command asks for the password. ❖ It generates a key, starting from a password and a random “salt”. – This salt is there to scramble the password. ❖ This command prints the used salt, the generated key and an initialization vector (iv) to be used with the key for encryption. 7 Cont’d
❖ This command encrypt with DES3, the file file1 to the file file2, using the key key and the initialization vector vector. Openssl> enc –des3 –in file1 –out file2 –k key –iv vector Remarks: ❖ We can use directly openssl des3 (instead of openssl enc –des3) ❖ We can use base64 instead of des3. ❖ The file is then not ciphered, since base64 is a coding system (clear text) allowing data to be independent of any architecture (useful when data are sent between different computers, OSs, networks,…). 8 Cont’d
❖ Step 1: Create a file name abe using debe@debe-VirtualBox:~$ cat> abe Welcome to Dilla University Then, change the command line into openssl using: debe@debe-VirtualBox:~$ openssl ❖ Step 2: Encrypt the file name abe into kebe using DES: openssl> enc –des3 -in abe -out kebe It will then request you to enter password: enter des-ede3-cbc encryption password: 123456 verifying - enter des-ede3-cbc encryption password: 123456 9 Lab 4: Encrypting a File Using a DES Algorithm
❖ Then it creates the encrypted file named with kebe ❖ Step 3: Now to decrypt the encrypted file named with kebe into some other file name selam, use the following command: openssl>enc –des3 -d -in kebe -out selam enter des-ede3-cbc decryption password:123456 ❖ Now, the decrypted file named with selam has been created. ❖ To see the decrypted file selam, change the command line: debe@debe-VirtualBox:~$ cat selam Welcome to Dilla University 10 Cont’d
Step 1: To create a symmetric key, use: openssl> enc –des3 -P enter des-ede3-cbc encryption password: 123456 Verifying-enter des-ede3-cbc encryption password: 123456 salt=CB832CAA53360439 key=065BD1FC9A761790B53F1410B3372176D99F06FBEC3FB7 F3 iv=5DA7C1A98C9908DB Step 2: create a new file named debe debe@debe-VirtualBox:~$ cat> debe Hello Security World! 11 Creating and printing keys (DES)
Then, change the command line into openssl using: debe@debe-VirtualBox:~$ openssl Step 3: Use the key(k) and initialization vector(iv) to encrypt filename debe to the file name kebe with DES3: openssl>enc –des3 –in debe –out kebe –k 065BD1FC9A761790B53F1410B3372176D99F06FBEC3FB7 F3 –iv 5DA7C1A98C9908DB ❖ Now, the encrypted file name kebe has been created. 12 Creating and printing keys (DES)
❖ To decrypt the encrypted file kebe into other file name abe openssl>enc –des3 –d –in kebe –out abe –K 065BD1FC9A761790B53F1410B3372176D99F06FBEC3FB7 F3 –iv 5DA7C1A98C9908DB ❖ To see the content of abe debe@debe-VirtualBox:~$ cat abe Hello Security World! 13 Creating and printing keys (DES)
RSA with OpenSSL Generating key pairs: ❖ To create a pair of keys, the genrsa command is used: openssl> genrsa size ❖ Here, size is the size of the key. ❖ To save this key in keyfile.pem, use the option: -out keyfile.pem openssl> genrsa -out keyfile.pem size ❖ The format of the file is PEM (Privacy Enhanced Mail, format in base64) 14 Lab 5: Asymmetric Encryption with OpenSSL
Visualizing RSA keys: ❖ The command rsa allows to visualize the content of a file (PEM format) containing a RSA key pairs. openssl> rsa –in keyfile.pem –text –noout ❖ The option –text asks for a decrypted output of the key pair. ❖ The option –noout allows to avoid the normal output of the command rsa. 15 Cont’d
Visualizing RSA keys: ❖ The different elements of the key (size, modulus, exponents, primes, …). ❖ By default, we can see that the public exponent is always 65537 (the option -3 is the other option and uses 3 as the public exponent). ❖ The three last numbers (exponent1, exponent2 and coefficient) are only used for optimization purpose. 16 Cont’d
Ciphering the key file: ❖ In the file, the private key is in clear text and could be extracted. ❖ It is necessary to encrypt it. – It can be done at the generation of the key (genrsa command), or – at any time with the rsa command. ❖ In both case, the option is –des, -des3 or –idea : 17 Cont’d
Ciphering the key file: openssl> rsa –in keyfile.pem –des3 –out keyencrypted.pem ❖ The file keyencrypted.pem contains an encrypted version of the key, encrypted with DES3 algorithm. ❖ Here a password is used to protect the access to the key. 18 cont’d
Exporting the public key: ❖ The public key should be extracted from the file (encrypted file or not), since this public key should be transmitted to anyone. ❖ The command rsa with the option –pubout allows to export the public part of the key. openssl> rsa –in keyencrypted.pem –pubout –out publickey.pem 19 Cont’d
Ciphering data with RSA: ❖ To cipher data with RSA key, use the command rsautl (RSA utile functions): Openssl> rsautl –encrypt –in inputfile –inkey keyfile.pem –out outputfile ❖ The inputfile is the file to encrypt (-encrypt). ❖ Caution: The file should not be too large for the key (116 bits for a 1024 bits key). ❖ The keyfile.pem contains the RSA key. ❖ If only the public key is in the file, the option –pubin must be used. 20 Cont’d
Ciphering data with RSA: ❖ To decrypt, replace the option -encrypt with -decrypt. ❖ Then the keyfile must contain the private key. Openssl> rsautl –decrypt –in inputfile – inkey keyfile.pem –out outputfile 21 Cont’d
Step 1: Create a pair of keys: openssl>genrsa 512 Generating RSA private key, 512 bit long modulus ………..++++++++ …………… ++++++++ e is 65537(0x10001) ------BEGIN RSA PRIVATE KEY------ MIIB0QI…. ------END RSA PRIVATE KEY------ Note: 512 is the size of the key. 22 Lab 6: Encrypting Files Using RSA
Step 2: Save the key in file name privatekey.pem openssl>genrsa -out privatekey.pem 512 Generating RSA private key, 512 bit long modulus ..+++++++++++++++ ………………….++++++++++ e is 65537 (0x10001) 23 Encrypting Files Using RSA
Step 3: To visualize the content of privatekey.pem containing RSA key pairs, openssl>rsa –in privatekey.pem -text –noout Private-Key: (512 bit) Modulus: 00:d9:e0:58: ... publicExponent: 65537 (0x10001) privateExponent: 6b:11:72: … prime1: 00:f5: … prime2: 00:e2: … exponent1: 00:cd: … exponent2: 24 Encrypting Files Using RSA
Step 4: Encrypt the private key using the following command: openssl>rsa -in privatekey.pem -des3 -out privatekey_encrypted.pem writing RSA key Enter PEM passphrase: 123456 Verifying – Enter PEM pass phrase: 123456 ❖ Now the private key privatekey.pem is encrypted as privatekey_encrypted.pem ❖The pass word: 123456 is used to protect access to the key. 25 Encrypting Files Using RSA
Step 5: Extract the public key from the encrypted file privatekey_encrypted.pem, openssl>rsa -in privatekey_encrypted.pem – pubout –out publickey.pem Enter pass phrase for privatekey_encrypted.pem:123456 writing RSA key 26 Encrypting Files Using RSA
Step 6: Visualize the public key openssl>rsa –pubin –in publickey.pem –text – noout or debe@debe-VirtualBox:~$ cat publickey.pem ---------BEGIN PUBLIC KEY------- MFww … ---------END PUBLIC KEY--------- 27 Encrypting Files Using RSA
Step 7: Cipher kidus with RSA key into yosef file name, debe@debe-VirtualBox:~$ cat> kidus Ciphering file with RSA demo debe@debe-VirtualBox:~$ openssl>rsautl –encrypt - in kidus –pubin -inkey publickey.pem -out yosef 28 Encrypting Files Using RSA
Step 8: decrypt the encrypted file name yosef into hana, openssl> rsautl –decrypt -in yosef -inkey privatekey.pem -out hana debe@debe-VirtualBox:~$ cat hana Ciphering file with RSA demo 29 Encrypting Files Using RSA
❖ Certificate Authority (CA) acts as the trusted third party, which serves to issue digital certificates and validate them in Public Key Infrastructure (PKI). ❖ The most important part of X.509 is its structure for public-key certificates. ❖ Each user has a distinct name. ❖ A trusted Certification Authority (CA) assigns a unique name to each user and issues a signed certificate containing the name and the user’s public key. ❖ If Alice wants to communicate with Bob, she first gets his certificate from a database. 30 Lab 7: Digital Certification with OpenSSL
❖ Then she verifies its authenticity. ❖ If both share the same CA, this is easy. Alice simply verifies the CA’s signature on Bob’s certificate. ❖ If they use different CAs, it’s more complicated. ❖ Think of a tree structure, with different CAs certifying other CAs and users. ❖ On the top is one master CA. ❖ Each CA has a certificate signed by the CA above it, and by the CAs below it. 31 Digital Certification with OpenSSL
❖ Suppose we have two certification authorities CA1 and CA2. ❖ CA1 is the root certification authority, and CA2 is certified by CA1. ❖ Let us create a certificate request and sign it by CA2. Step1: First we have to generate RSA private key having 4096 bit length for the CA1 to be stored in CA1 file: Openssl> genrsa –out CA1.key key size openssl> genrsa -out CEOca.key 4096 32 Digital Certification with OpenSSL
Step 2: Create Self-signed certificate for CA RootCA.crt: openssl> req –new –x509 –days no_of_days –key RootCA1.key –out RootCA1.crt openssl> req –new –x509 –days 730 –key CA1.key –out CA1.crt 33 Digital Certification with OpenSSL
Where: -req - Command passed to OpenSSL intended for creating and processing certificate requests. -x509 -This multipurpose command allows OpenSSL to sign the certificate somewhat like a certificate authority. -X.509 - refers to a digitally signed document according to RFC 5280. -days - The number of days that the certificate will be valid.( In this case for two years/730 days/). -out - The location to output the certificate file itself. 34 Digital Certification with OpenSSL
Step 3: Generate Intermediate CA2 certificate key CA2, which will be used for actual signing .then first generate the key: openssl> genrsa –out IntermediateCA1.key Key size openssl> genrsa –out CA2.key 4096 35 Digital Certification with OpenSSL
Step 4: request a certificate for this intermediate CA2. openssl >req –new –key CA2.key –out CA2.csr 36 Digital Certification with OpenSSL
Step 5: Sign intermediate certificate by root CA1 certificate means that CA2 certified by CA1. 37 Digital Certification with OpenSSL
❖ Digital signature is a mathematical scheme for presenting the authenticity of digital messages or documents. ❖ Message/ file to be sent is signed with private key. ❖ Message received by the recipient is authenticated using public key. 38 Lab 8: Digital Signature
39 Digital Signature
RSA Sign and Verifyusing OpenSSL ❖ Create sample file, private key and public key: Step 1: E.g Create a file containing all small letters. debe@debe-VirtualBox:~$ echo abcdefghijklmnopqrstuvwxyz > myfil.txt Step 2: Generate private key( e.g 512 bit key size) openssl genrsa –out myprivate.pem 512 Step 3: Separate the public part from the private key file Openssl rsa –in myprivate.pem –pubout> mypublic,pem 40 Digital Signature
RSA Sign and Verifyusing OpenSSL Step 4: Visualize the contents of private key debe@debe-VirtualBox:~$ cat myprivate.pem MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEA77hINBRC/pZI4SW9 qxTuljAWa3lAwFafNb5r3KzouvL6cNf5rlwLcpQEIWcWByXAFs7hy5Uu/PtgdCqv BQQ8bwIDAQABAkA43hOq3x+he49gce6Ttkx/LnszFbmppyLvwfOejxpKtsHtdQ9A SWmaOMvYPMDC8yxMa+cscHSXb4yMmySXkmjBAiEA+q3m8fZMf28UVFAnHp6kAD7I l5Tfa7YHh2vGb+rGuk8CIQD0ztSQnP7vMhM5C89vu0zKPZ4hoqbtHpunso7wqYdz 4QIhAOVzVge1jRG7x9zgvN3vEWhUD2GH1/UMWdnfkXQRbrNLAiEAwLmbqoWORaz8 aSqdEe84UvcTaJNuKrqv++OcmGY+VsECIDl3KuzjCGaIgB/Mq1Vo/dkg91UPy5C5 AaRFb3Mk5ZKX 41 Digital Signature
RSA Sign and Verifyusing OpenSSL Step 5: Sign the file using hash algorithm (e.g sha1) openssl dgst –sha1 –sign myprivate.pem –out sha1.sign myfile.txt Step 6: Verify sign Note: Here OpenSSL decrypts the signature to generate hash and compares it to the hash of the input file. openssl dgst –sha1 –verify mypublic.pem – signature sha1.sign myfile.txt Verified OK 42 Digital Signature
1) Yuan Yangtao, Liu Quan, Li Fen (2010). A Design of Certificate Authority Based on Elliptic Curve Cryptography Retrived on Jun 24 2021 from https://ieeexplore.ieee.org/document/5571603 2) Adam Bertram (2020). How to Use OpenSSL to Generate Certificates Retrieved on Jun 24 2021 from https://blog.ipswitch.com/how-to-use-openssl- to-generate-certificates 3) Remy van Elst (2015). Sign and verify text/files to public keys via the OpenSSL Command Line Retrieved on Jun 24 2021 from https://raymii.org/s/tutorials/Sign_and_verify_text_files_to_public_keys_via_th e_OpenSSL_Command_ Line.html 4) Openssl Documentation 43 References
1. Create three messages. Sign all of them. Slightly modify one or two of them, and send them to your partner, together with the signatures. Ask him/her to determine which messages were modified. 2. 1. Create a text file 2. Compute message digest functions with MD5 3. Change the text 4. Compute message digest functions again with MD5 5. Compute message digest functions with SHA-1 3. Design and implement a Certificate Authority for any company you prefer (working on the same institution is forbidden)! 44 Mini-Project(20%)
T h a n k Y o u ! 45

Recommended

(Crypto) DES And RSA Algorithms Overview
(Crypto) DES And RSA Algorithms Overview(Crypto) DES And RSA Algorithms Overview
(Crypto) DES And RSA Algorithms OverviewEL Bachir Nouni
 
comp security lab.ppsx
comp security lab.ppsxcomp security lab.ppsx
comp security lab.ppsxDesuWajana
 
Unix Security
Unix SecurityUnix Security
Unix Securityreplay21
 
Perl for System Automation - 01 Advanced File Processing
Perl for System Automation - 01 Advanced File ProcessingPerl for System Automation - 01 Advanced File Processing
Perl for System Automation - 01 Advanced File ProcessingDanairat Thanabodithammachari
 
55 best linux tips, tricks and command lines
55 best linux tips, tricks and command lines55 best linux tips, tricks and command lines
55 best linux tips, tricks and command linesArif Wahyudi
 
Dumping and Cracking SAM Hashes to Extract Plaintext Passwords
Dumping and Cracking SAM Hashes to Extract Plaintext PasswordsDumping and Cracking SAM Hashes to Extract Plaintext Passwords
Dumping and Cracking SAM Hashes to Extract Plaintext PasswordsVishal Kumar
 
12 symmetric key cryptography
12 symmetric key cryptography12 symmetric key cryptography
12 symmetric key cryptographydrewz lin
 
Symfony finally swiped right on envvars
Symfony finally swiped right on envvarsSymfony finally swiped right on envvars
Symfony finally swiped right on envvarsSam Marley-Jarrett
 

Recommended

(Crypto) DES And RSA Algorithms Overview
(Crypto) DES And RSA Algorithms Overview(Crypto) DES And RSA Algorithms Overview
(Crypto) DES And RSA Algorithms OverviewEL Bachir Nouni
 
comp security lab.ppsx
comp security lab.ppsxcomp security lab.ppsx
comp security lab.ppsxDesuWajana
 
Unix Security
Unix SecurityUnix Security
Unix Securityreplay21
 
Perl for System Automation - 01 Advanced File Processing
Perl for System Automation - 01 Advanced File ProcessingPerl for System Automation - 01 Advanced File Processing
Perl for System Automation - 01 Advanced File ProcessingDanairat Thanabodithammachari
 
55 best linux tips, tricks and command lines
55 best linux tips, tricks and command lines55 best linux tips, tricks and command lines
55 best linux tips, tricks and command linesArif Wahyudi
 
Dumping and Cracking SAM Hashes to Extract Plaintext Passwords
Dumping and Cracking SAM Hashes to Extract Plaintext PasswordsDumping and Cracking SAM Hashes to Extract Plaintext Passwords
Dumping and Cracking SAM Hashes to Extract Plaintext PasswordsVishal Kumar
 
12 symmetric key cryptography
12 symmetric key cryptography12 symmetric key cryptography
12 symmetric key cryptographydrewz lin
 
Symfony finally swiped right on envvars
Symfony finally swiped right on envvarsSymfony finally swiped right on envvars
Symfony finally swiped right on envvarsSam Marley-Jarrett
 
VisualWorks Security Reloaded - STIC 2012
VisualWorks Security Reloaded - STIC 2012VisualWorks Security Reloaded - STIC 2012
VisualWorks Security Reloaded - STIC 2012Martin Kobetic
 
Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu
Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and TonuCryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu
Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and TonuHasin Hayder
 
Open SSL and MS Crypto API EKON21
Open SSL and MS Crypto API EKON21Open SSL and MS Crypto API EKON21
Open SSL and MS Crypto API EKON21Max Kleiner
 
Webinar: Automate IBM Connections Installations and more
Webinar: Automate IBM Connections Installations and moreWebinar: Automate IBM Connections Installations and more
Webinar: Automate IBM Connections Installations and morepanagenda
 
Basic 50 linus command
Basic 50 linus commandBasic 50 linus command
Basic 50 linus commandMAGNA COLLEGE OF ENGINEERING
 
Laporan Praktikum Keamanan Siber - Tugas 5 -Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 5 -Kelas C - Kelompok 3.pdfLaporan Praktikum Keamanan Siber - Tugas 5 -Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 5 -Kelas C - Kelompok 3.pdfIGedeArieYogantaraSu
 
Task 4 The key is hardcoded in the provided source DES enc.pdf
Task 4 The key is hardcoded in the provided source DES enc.pdfTask 4 The key is hardcoded in the provided source DES enc.pdf
Task 4 The key is hardcoded in the provided source DES enc.pdfabcfootcare
 
13.pptx
13.pptx13.pptx
13.pptxalaakaraja1
 
Encrypt and decrypt in solaris system
Encrypt and decrypt in solaris systemEncrypt and decrypt in solaris system
Encrypt and decrypt in solaris systemuzzal basak
 
Pulsar Summit Asia - Running a secure pulsar cluster
Pulsar Summit Asia - Running a secure pulsar clusterPulsar Summit Asia - Running a secure pulsar cluster
Pulsar Summit Asia - Running a secure pulsar clusterShivji Kumar Jha
 
Bleeding secrets
Bleeding secretsBleeding secrets
Bleeding secretsOfer Rivlin, CISSP
 
Linux And perl
Linux And perlLinux And perl
Linux And perlSagar Kumar
 
Copying files between linux machines using scp and ssh without linux user pas...
Copying files between linux machines using scp and ssh without linux user pas...Copying files between linux machines using scp and ssh without linux user pas...
Copying files between linux machines using scp and ssh without linux user pas...Ravi Kumar Lanke
 
Applying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto libraryApplying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto libraryPriyank Kapadia
 
Shared Coursework in Cyber Security Instructions Manual .docx
Shared Coursework in Cyber Security Instructions Manual .docxShared Coursework in Cyber Security Instructions Manual .docx
Shared Coursework in Cyber Security Instructions Manual .docxedgar6wallace88877
 
14 key management & exchange
14 key management & exchange14 key management & exchange
14 key management & exchangedrewz lin
 
Cryptography for the mere mortals
Cryptography for the mere mortalsCryptography for the mere mortals
Cryptography for the mere mortalsM A Hossain Tonu
 
Linux basic for CADD biologist
Linux basic for CADD biologistLinux basic for CADD biologist
Linux basic for CADD biologistAjay Murali
 
Server hardening
Server hardeningServer hardening
Server hardeningTeja Babu
 
Unix
UnixUnix
UnixThesis Scientist Private Limited
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 

More Related Content

Similar to Computer Security Laboratory Manual .pdf

VisualWorks Security Reloaded - STIC 2012
VisualWorks Security Reloaded - STIC 2012VisualWorks Security Reloaded - STIC 2012
VisualWorks Security Reloaded - STIC 2012Martin Kobetic
 
Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu
Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and TonuCryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu
Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and TonuHasin Hayder
 
Open SSL and MS Crypto API EKON21
Open SSL and MS Crypto API EKON21Open SSL and MS Crypto API EKON21
Open SSL and MS Crypto API EKON21Max Kleiner
 
Webinar: Automate IBM Connections Installations and more
Webinar: Automate IBM Connections Installations and moreWebinar: Automate IBM Connections Installations and more
Webinar: Automate IBM Connections Installations and morepanagenda
 
Laporan Praktikum Keamanan Siber - Tugas 5 -Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 5 -Kelas C - Kelompok 3.pdfLaporan Praktikum Keamanan Siber - Tugas 5 -Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 5 -Kelas C - Kelompok 3.pdfIGedeArieYogantaraSu
 
Task 4 The key is hardcoded in the provided source DES enc.pdf
Task 4 The key is hardcoded in the provided source DES enc.pdfTask 4 The key is hardcoded in the provided source DES enc.pdf
Task 4 The key is hardcoded in the provided source DES enc.pdfabcfootcare
 
Encrypt and decrypt in solaris system
Encrypt and decrypt in solaris systemEncrypt and decrypt in solaris system
Encrypt and decrypt in solaris systemuzzal basak
 
Pulsar Summit Asia - Running a secure pulsar cluster
Pulsar Summit Asia - Running a secure pulsar clusterPulsar Summit Asia - Running a secure pulsar cluster
Pulsar Summit Asia - Running a secure pulsar clusterShivji Kumar Jha
 
Copying files between linux machines using scp and ssh without linux user pas...
Copying files between linux machines using scp and ssh without linux user pas...Copying files between linux machines using scp and ssh without linux user pas...
Copying files between linux machines using scp and ssh without linux user pas...Ravi Kumar Lanke
 
Applying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto libraryApplying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto libraryPriyank Kapadia
 
Shared Coursework in Cyber Security Instructions Manual .docx
Shared Coursework in Cyber Security Instructions Manual .docxShared Coursework in Cyber Security Instructions Manual .docx
Shared Coursework in Cyber Security Instructions Manual .docxedgar6wallace88877
 
14 key management & exchange
14 key management & exchange14 key management & exchange
14 key management & exchangedrewz lin
 
Cryptography for the mere mortals
Cryptography for the mere mortalsCryptography for the mere mortals
Cryptography for the mere mortalsM A Hossain Tonu
 
Linux basic for CADD biologist
Linux basic for CADD biologistLinux basic for CADD biologist
Linux basic for CADD biologistAjay Murali
 
Server hardening
Server hardeningServer hardening
Server hardeningTeja Babu
 

Similar to Computer Security Laboratory Manual .pdf (20)

VisualWorks Security Reloaded - STIC 2012
VisualWorks Security Reloaded - STIC 2012VisualWorks Security Reloaded - STIC 2012
VisualWorks Security Reloaded - STIC 2012
 
Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu
Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and TonuCryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu
Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu
 
Open SSL and MS Crypto API EKON21
Open SSL and MS Crypto API EKON21Open SSL and MS Crypto API EKON21
Open SSL and MS Crypto API EKON21
 
Webinar: Automate IBM Connections Installations and more
Webinar: Automate IBM Connections Installations and moreWebinar: Automate IBM Connections Installations and more
Webinar: Automate IBM Connections Installations and more
 
Basic 50 linus command
Basic 50 linus commandBasic 50 linus command
Basic 50 linus command
 
Laporan Praktikum Keamanan Siber - Tugas 5 -Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 5 -Kelas C - Kelompok 3.pdfLaporan Praktikum Keamanan Siber - Tugas 5 -Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 5 -Kelas C - Kelompok 3.pdf
 
Task 4 The key is hardcoded in the provided source DES enc.pdf
Task 4 The key is hardcoded in the provided source DES enc.pdfTask 4 The key is hardcoded in the provided source DES enc.pdf
Task 4 The key is hardcoded in the provided source DES enc.pdf
 
13.pptx
13.pptx13.pptx
13.pptx
 
Encrypt and decrypt in solaris system
Encrypt and decrypt in solaris systemEncrypt and decrypt in solaris system
Encrypt and decrypt in solaris system
 
Pulsar Summit Asia - Running a secure pulsar cluster
Pulsar Summit Asia - Running a secure pulsar clusterPulsar Summit Asia - Running a secure pulsar cluster
Pulsar Summit Asia - Running a secure pulsar cluster
 
Bleeding secrets
Bleeding secretsBleeding secrets
Bleeding secrets
 
Linux And perl
Linux And perlLinux And perl
Linux And perl
 
Copying files between linux machines using scp and ssh without linux user pas...
Copying files between linux machines using scp and ssh without linux user pas...Copying files between linux machines using scp and ssh without linux user pas...
Copying files between linux machines using scp and ssh without linux user pas...
 
Applying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto libraryApplying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto library
 
Shared Coursework in Cyber Security Instructions Manual .docx
Shared Coursework in Cyber Security Instructions Manual .docxShared Coursework in Cyber Security Instructions Manual .docx
Shared Coursework in Cyber Security Instructions Manual .docx
 
14 key management & exchange
14 key management & exchange14 key management & exchange
14 key management & exchange
 
Cryptography for the mere mortals
Cryptography for the mere mortalsCryptography for the mere mortals
Cryptography for the mere mortals
 
Linux basic for CADD biologist
Linux basic for CADD biologistLinux basic for CADD biologist
Linux basic for CADD biologist
 
Server hardening
Server hardeningServer hardening
Server hardening
 
Unix
UnixUnix
Unix
 

Recently uploaded

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 

Recently uploaded (20)

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 

Computer Security Laboratory Manual .pdf

  • 1. 1 College of Engineering and Technology School of Computing and Informatics Department of Computer Science Laboratory Manual for Computer Security Compiled By: Debebe Kebede (MSc.)
  • 2. Lab 1: Installing and Configuring OpenSSL Lab 2: Introduction and Commands Used in OpenSSL Lab 3: Symmetric encryption with OpenSSL: Lab 4: Encrypting File Using DES Algorithm Lab 5: Asymmetric Encryption With OpenSSL Lab 6: Encrypting File Using RSA Lab 7: Digital Certification With OpenSSL Lab 8: Digital Signature 2 Lab Sessions
  • 3. ❖ Before installing OpenSSL, it’s worth checking if it is already present on our ubuntu system from previous installation. ❖ To check if OpenSSL is installed, use this command: $ openssl version ❖ If OpenSSL is installed, it will print out the version information like: ❖ This indicates OPenSSL is already available and we likely do not need to install it again. ❖ If the OpenSSL command is not found, we will see an error like: Bash: openssl: command not found 3 Lab 1: Installing and Configuring OpenSSL on Ubuntu
  • 4. OpenSSL is a toolbox for cryptographic material implementing SSL and TLS. It gives: 1. A library to program in C allowing to construct client/server applications using SSL/TLS 2. A command line (openssl) allowing ❖ Creation of RSA, DSA keys ❖ Creation of X509 certificates ❖ Digest computation (MD5, SHA, …) ❖ Ciphering and Deciphering (DES, IDEA, RC2, RC4, Blowfish …) ❖ Tests of client/server SSL/TLS ❖ Signature and ciphering of mails (S/MIME) Secure Multi- Purpose Internet Mail Extension 4 Lab 2: Introduction and Commands Used in OpenSSL
  • 5. ❖ To know everything about OpenSSL: man openssl ❖ The general syntax of openssl is: openssl> <command> <options> 5 Cont’d
  • 6. To encrypt a file with openssl using a DES encryption: openssl> enc –des3 –in file –out file2 The result is in the file file2 ❖ To decrypt the same file: openssl> enc –des3 –d –in file2 –out filedecrypted Here, file and filedecrypted should contain the same content. 6 Lab 3: Symmetric encryption with OpenSSL: Basic Commands
  • 7. ❖ By default, you have to type a password, to protect the encryption. ❖ This password is a generator for the symmetric key. Create and Print Keys ❖ To create a symmetric key: openssl> enc –des3 –P ❖ This command asks for the password. ❖ It generates a key, starting from a password and a random “salt”. – This salt is there to scramble the password. ❖ This command prints the used salt, the generated key and an initialization vector (iv) to be used with the key for encryption. 7 Cont’d
  • 8. ❖ This command encrypt with DES3, the file file1 to the file file2, using the key key and the initialization vector vector. Openssl> enc –des3 –in file1 –out file2 –k key –iv vector Remarks: ❖ We can use directly openssl des3 (instead of openssl enc –des3) ❖ We can use base64 instead of des3. ❖ The file is then not ciphered, since base64 is a coding system (clear text) allowing data to be independent of any architecture (useful when data are sent between different computers, OSs, networks,…). 8 Cont’d
  • 9. ❖ Step 1: Create a file name abe using debe@debe-VirtualBox:~$ cat> abe Welcome to Dilla University Then, change the command line into openssl using: debe@debe-VirtualBox:~$ openssl ❖ Step 2: Encrypt the file name abe into kebe using DES: openssl> enc –des3 -in abe -out kebe It will then request you to enter password: enter des-ede3-cbc encryption password: 123456 verifying - enter des-ede3-cbc encryption password: 123456 9 Lab 4: Encrypting a File Using a DES Algorithm
  • 10. ❖ Then it creates the encrypted file named with kebe ❖ Step 3: Now to decrypt the encrypted file named with kebe into some other file name selam, use the following command: openssl>enc –des3 -d -in kebe -out selam enter des-ede3-cbc decryption password:123456 ❖ Now, the decrypted file named with selam has been created. ❖ To see the decrypted file selam, change the command line: debe@debe-VirtualBox:~$ cat selam Welcome to Dilla University 10 Cont’d
  • 11. Step 1: To create a symmetric key, use: openssl> enc –des3 -P enter des-ede3-cbc encryption password: 123456 Verifying-enter des-ede3-cbc encryption password: 123456 salt=CB832CAA53360439 key=065BD1FC9A761790B53F1410B3372176D99F06FBEC3FB7 F3 iv=5DA7C1A98C9908DB Step 2: create a new file named debe debe@debe-VirtualBox:~$ cat> debe Hello Security World! 11 Creating and printing keys (DES)
  • 12. Then, change the command line into openssl using: debe@debe-VirtualBox:~$ openssl Step 3: Use the key(k) and initialization vector(iv) to encrypt filename debe to the file name kebe with DES3: openssl>enc –des3 –in debe –out kebe –k 065BD1FC9A761790B53F1410B3372176D99F06FBEC3FB7 F3 –iv 5DA7C1A98C9908DB ❖ Now, the encrypted file name kebe has been created. 12 Creating and printing keys (DES)
  • 13. ❖ To decrypt the encrypted file kebe into other file name abe openssl>enc –des3 –d –in kebe –out abe –K 065BD1FC9A761790B53F1410B3372176D99F06FBEC3FB7 F3 –iv 5DA7C1A98C9908DB ❖ To see the content of abe debe@debe-VirtualBox:~$ cat abe Hello Security World! 13 Creating and printing keys (DES)
  • 14. RSA with OpenSSL Generating key pairs: ❖ To create a pair of keys, the genrsa command is used: openssl> genrsa size ❖ Here, size is the size of the key. ❖ To save this key in keyfile.pem, use the option: -out keyfile.pem openssl> genrsa -out keyfile.pem size ❖ The format of the file is PEM (Privacy Enhanced Mail, format in base64) 14 Lab 5: Asymmetric Encryption with OpenSSL
  • 15. Visualizing RSA keys: ❖ The command rsa allows to visualize the content of a file (PEM format) containing a RSA key pairs. openssl> rsa –in keyfile.pem –text –noout ❖ The option –text asks for a decrypted output of the key pair. ❖ The option –noout allows to avoid the normal output of the command rsa. 15 Cont’d
  • 16. Visualizing RSA keys: ❖ The different elements of the key (size, modulus, exponents, primes, …). ❖ By default, we can see that the public exponent is always 65537 (the option -3 is the other option and uses 3 as the public exponent). ❖ The three last numbers (exponent1, exponent2 and coefficient) are only used for optimization purpose. 16 Cont’d
  • 17. Ciphering the key file: ❖ In the file, the private key is in clear text and could be extracted. ❖ It is necessary to encrypt it. – It can be done at the generation of the key (genrsa command), or – at any time with the rsa command. ❖ In both case, the option is –des, -des3 or –idea : 17 Cont’d
  • 18. Ciphering the key file: openssl> rsa –in keyfile.pem –des3 –out keyencrypted.pem ❖ The file keyencrypted.pem contains an encrypted version of the key, encrypted with DES3 algorithm. ❖ Here a password is used to protect the access to the key. 18 cont’d
  • 19. Exporting the public key: ❖ The public key should be extracted from the file (encrypted file or not), since this public key should be transmitted to anyone. ❖ The command rsa with the option –pubout allows to export the public part of the key. openssl> rsa –in keyencrypted.pem –pubout –out publickey.pem 19 Cont’d
  • 20. Ciphering data with RSA: ❖ To cipher data with RSA key, use the command rsautl (RSA utile functions): Openssl> rsautl –encrypt –in inputfile –inkey keyfile.pem –out outputfile ❖ The inputfile is the file to encrypt (-encrypt). ❖ Caution: The file should not be too large for the key (116 bits for a 1024 bits key). ❖ The keyfile.pem contains the RSA key. ❖ If only the public key is in the file, the option –pubin must be used. 20 Cont’d
  • 21. Ciphering data with RSA: ❖ To decrypt, replace the option -encrypt with -decrypt. ❖ Then the keyfile must contain the private key. Openssl> rsautl –decrypt –in inputfile – inkey keyfile.pem –out outputfile 21 Cont’d
  • 22. Step 1: Create a pair of keys: openssl>genrsa 512 Generating RSA private key, 512 bit long modulus ………..++++++++ …………… ++++++++ e is 65537(0x10001) ------BEGIN RSA PRIVATE KEY------ MIIB0QI…. ------END RSA PRIVATE KEY------ Note: 512 is the size of the key. 22 Lab 6: Encrypting Files Using RSA
  • 23. Step 2: Save the key in file name privatekey.pem openssl>genrsa -out privatekey.pem 512 Generating RSA private key, 512 bit long modulus ..+++++++++++++++ ………………….++++++++++ e is 65537 (0x10001) 23 Encrypting Files Using RSA
  • 24. Step 3: To visualize the content of privatekey.pem containing RSA key pairs, openssl>rsa –in privatekey.pem -text –noout Private-Key: (512 bit) Modulus: 00:d9:e0:58: ... publicExponent: 65537 (0x10001) privateExponent: 6b:11:72: … prime1: 00:f5: … prime2: 00:e2: … exponent1: 00:cd: … exponent2: 24 Encrypting Files Using RSA
  • 25. Step 4: Encrypt the private key using the following command: openssl>rsa -in privatekey.pem -des3 -out privatekey_encrypted.pem writing RSA key Enter PEM passphrase: 123456 Verifying – Enter PEM pass phrase: 123456 ❖ Now the private key privatekey.pem is encrypted as privatekey_encrypted.pem ❖The pass word: 123456 is used to protect access to the key. 25 Encrypting Files Using RSA
  • 26. Step 5: Extract the public key from the encrypted file privatekey_encrypted.pem, openssl>rsa -in privatekey_encrypted.pem – pubout –out publickey.pem Enter pass phrase for privatekey_encrypted.pem:123456 writing RSA key 26 Encrypting Files Using RSA
  • 27. Step 6: Visualize the public key openssl>rsa –pubin –in publickey.pem –text – noout or debe@debe-VirtualBox:~$ cat publickey.pem ---------BEGIN PUBLIC KEY------- MFww … ---------END PUBLIC KEY--------- 27 Encrypting Files Using RSA
  • 28. Step 7: Cipher kidus with RSA key into yosef file name, debe@debe-VirtualBox:~$ cat> kidus Ciphering file with RSA demo debe@debe-VirtualBox:~$ openssl>rsautl –encrypt - in kidus –pubin -inkey publickey.pem -out yosef 28 Encrypting Files Using RSA
  • 29. Step 8: decrypt the encrypted file name yosef into hana, openssl> rsautl –decrypt -in yosef -inkey privatekey.pem -out hana debe@debe-VirtualBox:~$ cat hana Ciphering file with RSA demo 29 Encrypting Files Using RSA
  • 30. ❖ Certificate Authority (CA) acts as the trusted third party, which serves to issue digital certificates and validate them in Public Key Infrastructure (PKI). ❖ The most important part of X.509 is its structure for public-key certificates. ❖ Each user has a distinct name. ❖ A trusted Certification Authority (CA) assigns a unique name to each user and issues a signed certificate containing the name and the user’s public key. ❖ If Alice wants to communicate with Bob, she first gets his certificate from a database. 30 Lab 7: Digital Certification with OpenSSL
  • 31. ❖ Then she verifies its authenticity. ❖ If both share the same CA, this is easy. Alice simply verifies the CA’s signature on Bob’s certificate. ❖ If they use different CAs, it’s more complicated. ❖ Think of a tree structure, with different CAs certifying other CAs and users. ❖ On the top is one master CA. ❖ Each CA has a certificate signed by the CA above it, and by the CAs below it. 31 Digital Certification with OpenSSL
  • 32. ❖ Suppose we have two certification authorities CA1 and CA2. ❖ CA1 is the root certification authority, and CA2 is certified by CA1. ❖ Let us create a certificate request and sign it by CA2. Step1: First we have to generate RSA private key having 4096 bit length for the CA1 to be stored in CA1 file: Openssl> genrsa –out CA1.key key size openssl> genrsa -out CEOca.key 4096 32 Digital Certification with OpenSSL
  • 33. Step 2: Create Self-signed certificate for CA RootCA.crt: openssl> req –new –x509 –days no_of_days –key RootCA1.key –out RootCA1.crt openssl> req –new –x509 –days 730 –key CA1.key –out CA1.crt 33 Digital Certification with OpenSSL
  • 34. Where: -req - Command passed to OpenSSL intended for creating and processing certificate requests. -x509 -This multipurpose command allows OpenSSL to sign the certificate somewhat like a certificate authority. -X.509 - refers to a digitally signed document according to RFC 5280. -days - The number of days that the certificate will be valid.( In this case for two years/730 days/). -out - The location to output the certificate file itself. 34 Digital Certification with OpenSSL
  • 35. Step 3: Generate Intermediate CA2 certificate key CA2, which will be used for actual signing .then first generate the key: openssl> genrsa –out IntermediateCA1.key Key size openssl> genrsa –out CA2.key 4096 35 Digital Certification with OpenSSL
  • 36. Step 4: request a certificate for this intermediate CA2. openssl >req –new –key CA2.key –out CA2.csr 36 Digital Certification with OpenSSL
  • 37. Step 5: Sign intermediate certificate by root CA1 certificate means that CA2 certified by CA1. 37 Digital Certification with OpenSSL
  • 38. ❖ Digital signature is a mathematical scheme for presenting the authenticity of digital messages or documents. ❖ Message/ file to be sent is signed with private key. ❖ Message received by the recipient is authenticated using public key. 38 Lab 8: Digital Signature
  • 40. RSA Sign and Verifyusing OpenSSL ❖ Create sample file, private key and public key: Step 1: E.g Create a file containing all small letters. debe@debe-VirtualBox:~$ echo abcdefghijklmnopqrstuvwxyz > myfil.txt Step 2: Generate private key( e.g 512 bit key size) openssl genrsa –out myprivate.pem 512 Step 3: Separate the public part from the private key file Openssl rsa –in myprivate.pem –pubout> mypublic,pem 40 Digital Signature
  • 41. RSA Sign and Verifyusing OpenSSL Step 4: Visualize the contents of private key debe@debe-VirtualBox:~$ cat myprivate.pem MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEA77hINBRC/pZI4SW9 qxTuljAWa3lAwFafNb5r3KzouvL6cNf5rlwLcpQEIWcWByXAFs7hy5Uu/PtgdCqv BQQ8bwIDAQABAkA43hOq3x+he49gce6Ttkx/LnszFbmppyLvwfOejxpKtsHtdQ9A SWmaOMvYPMDC8yxMa+cscHSXb4yMmySXkmjBAiEA+q3m8fZMf28UVFAnHp6kAD7I l5Tfa7YHh2vGb+rGuk8CIQD0ztSQnP7vMhM5C89vu0zKPZ4hoqbtHpunso7wqYdz 4QIhAOVzVge1jRG7x9zgvN3vEWhUD2GH1/UMWdnfkXQRbrNLAiEAwLmbqoWORaz8 aSqdEe84UvcTaJNuKrqv++OcmGY+VsECIDl3KuzjCGaIgB/Mq1Vo/dkg91UPy5C5 AaRFb3Mk5ZKX 41 Digital Signature
  • 42. RSA Sign and Verifyusing OpenSSL Step 5: Sign the file using hash algorithm (e.g sha1) openssl dgst –sha1 –sign myprivate.pem –out sha1.sign myfile.txt Step 6: Verify sign Note: Here OpenSSL decrypts the signature to generate hash and compares it to the hash of the input file. openssl dgst –sha1 –verify mypublic.pem – signature sha1.sign myfile.txt Verified OK 42 Digital Signature
  • 43. 1) Yuan Yangtao, Liu Quan, Li Fen (2010). A Design of Certificate Authority Based on Elliptic Curve Cryptography Retrived on Jun 24 2021 from https://ieeexplore.ieee.org/document/5571603 2) Adam Bertram (2020). How to Use OpenSSL to Generate Certificates Retrieved on Jun 24 2021 from https://blog.ipswitch.com/how-to-use-openssl- to-generate-certificates 3) Remy van Elst (2015). Sign and verify text/files to public keys via the OpenSSL Command Line Retrieved on Jun 24 2021 from https://raymii.org/s/tutorials/Sign_and_verify_text_files_to_public_keys_via_th e_OpenSSL_Command_ Line.html 4) Openssl Documentation 43 References
  • 44. 1. Create three messages. Sign all of them. Slightly modify one or two of them, and send them to your partner, together with the signatures. Ask him/her to determine which messages were modified. 2. 1. Create a text file 2. Compute message digest functions with MD5 3. Change the text 4. Compute message digest functions again with MD5 5. Compute message digest functions with SHA-1 3. Design and implement a Certificate Authority for any company you prefer (working on the same institution is forbidden)! 44 Mini-Project(20%)