User Account

All Pages

Extract the signature from the servers certificate

Assignment Help Other Subject
Reference no: EM132564211

RSA Public-Key Encryption and Signature Lab

Task 1: Deriving the Private Key

Let p, q, and e be three prime numbers. Let n = p*q. We will use (e, n) as the public key. Please calculate the private key d. The hexadecimal values of p, q, and e are listed in the following. It should be noted that although p and q used in this task are quite large numbers, they are not large enough to be secure. We intentionally make them small for the sake of simplicity. In practice, these numbers should be at least 512 bits long (the one used here are only 128 bits).

Task 2: Encrypting a Message
Let (e, n) be the public key. Please encrypt the message "A top secret!" (the quotations are not included). We need to convert this ASCII string to a hex string, and then convert the hex string to a BIGNUM using the hex-to-bn API BN hex2bn(). The following python command can be used to convert a plain ASCII string to a hex string.

The public keys are listed in the followings (hexadecimal). We also provide the private key d to help you verify your encryption result.

Task 3: Decrypting a Message

The public/private keys used in this task are the same as the ones used in Task 2. Please decrypt the following ciphertext C, and convert it back to a plain ASCII string.

You can use the following python command to convert a hex string back to to a plain ASCII string.

Task 4: Signing a Message

The public/private keys used in this task are the same as the ones used in Task 2. Please generate a signature for the following message (please directly sign this message, instead of signing its hash value):

Please make a slight change to the message M, such as changing $2000 to $3000, and sign the modified message. Compare both signatures and describe what you observe.

Task 5: Verifying a Signature

Bob receives a message M = "Launch a missile." from Alice, with her signature S. We know that Alice's public key is (e, n). Please verify whether the signature is indeed Alice's or not. The public key and signature (hexadecimal) are listed in the following:

Suppose that the signature in is corrupted, such that the last byte of the signature changes from 2F to 3F, i.e, there is only one bit of change. Please repeat this task, and describe what will happen to the verification process.

Task 6: Manually Verifying an X.509 Certificate

In this task, we will manually verify an X.509 certificate using our program. An X.509 contains data about a public key and an issuer's signature on the data. We will download a real X.509 certificate from a web server, get its issuer's public key, and then use this public key to verify the signature on the certificate.

Step 1: Download a certificate from a real web server. We use the example.org server in this document. Students should choose a different web server that has a different certificate than the one used in this document (it should be noted that www.example.com share the same certificate with www.example.org). We can download certificates using browsers or use the following command:

The result of the command contains two certificates. The subject field (the entry starting with s:) of the certificate is www.example.org, i.e., this is www.example.org's certificate. The issuer field (the entry starting with i:) provides the issuer's information. The subject field of the second certificate is the same as the issuer field of the first certificate. Basically, the second certificate belongs to an intermediate CA. In this task, we will use CA's certificate to verify a server certificate.

If you only get one certificate back using the above command, that means the certificate you get is signed by a root CA. Root CAs' certificates can be obtained from the Firefox browser installed in our pre-built VM. Go to the Edit ‹ Preferences ‹ Privacy and then Security ‹ View Certificates. Search for the name of the issuer and download its certificate.

Copy and paste each of the certificate (the text between the line containing "Begin CERTIFICATE" and the line containing "END CERTIFICATE", including these two lines) to a file. Let us call the first one c0.pem and the second one c1.pem.

Step 2: Extract the public key (e, n) from the issuer's certificate. Openssl provides commands to extract certain attributes from the x509 certificates. We can extract the value of n using -modulus. There is no specific command to extract e, but we can print out all the fields and can easily find the value of e.

Step 3: Extract the signature from the server's certificate. There is no specific openssl command to extract the signature field. However, we can print out all the fields and then copy and paste the signature block into a file (note: if the signature algorithm used in the certificate is not based on RSA, you can find another certificate).

We need to remove the spaces and colons from the data, so we can get a hex-string that we can feed into our program. The following command commands can achieve this goal. The tr command is a Linux utility tool for string operations. In this case, the -d option is used to delete ":" and "space" from the data.

Step 4: Extract the body of the server's certificate. A Certificate Authority (CA) generates the signature for a server certificate by first computing the hash of the certificate, and then sign the hash. To verify the signature, we also need to generate the hash from a certificate. Since the hash is generated before the signature is computed, we need to exclude the signature block of a certificate when computing the hash. Finding out what part of the certificate is used to generate the hash is quite challenging without a good understanding of the format of the certificate.

X.509 certificates are encoded using the ASN.1 (Abstract Syntax Notation.One) standard, so if we can parse the ASN.1 structure, we can easily extract any field from a certificate. Openssl has a command called asn1parse, which can be used to parse a X.509 certificate.

The field starting from 0 is the body of the certificate that is used to generate the hash; the field starting from A is the signature block. Their offsets are the numbers at the beginning of the lines. In our case, the certificate body is from offset 4 to 1249, while the signature block is from 1250 to the end of the file. For
X.509 certificates, the starting offset is always the same (i.e., 4), but the end depends on the content length of a certificate. We can use the -strparse option to get the field from the offset 4, which will give us the body of the certificate, excluding the signature block.
$ openssl asn1parse -i -in c0.pem -strparse 4 -out c0_body.bin -noout
Once we get the body of the certificate, we can calculate its hash using the following command:
$ sha256sum c0_body.bin

Step 5: Verify the signature. Now we have all the information, including the CA's public key, the CA's signature, and the body of the server's certificate. We can run our own program to verify whether the signature is valid or not. Openssl does provide a command to verify the certificate for us, but students are required to use their own programs to do so, otherwise, they get zero credit for this task.

Attachment:- RSA Public-Key Encryption and Signature Lab.rar

Reference no: EM132564211

Questions Cloud

What rate of interest are credit customers actually paying : LoanShark LLC charges .85 percent interest per quarter. What rate of interest are its credit customers actually paying? Provide the suitable example.
What could be the difficulties in comparing the performance : Company performance of 2 or more companies situated in different locations. What could be the difficulties in comparing the performance of these companies
What was apple inventory turnover : What was Apple's inventory turnover (rounded to two decimal places) in 2015 and 2016? (Inventories were $2,111,000,000 at the end of 2014.)
What is the impact on Company Gamma income statement : What is the impact on Company Gamma's income statement and inventory if the stock costing changes from absorption costing to variable costing
Extract the signature from the servers certificate : Extract the signature from the server's certificate. There is no specific openssl command to extract the signature field. However, we can print out
Identify and discuss events leading into the cold war : Identify and discuss the events leading into the Cold War. What was the Cold War (1945-1991) and why was it given that title?
Evolution of knowledge management : Describe the major milestones in the evolution of knowledge management. Provide some examples of activities that, while not specifically denoted as "KM
Prepare the journal entry required at december : Assuming Clearing's fiscal year end is December 31, prepare the journal entry required at December 31, 2019
Druid community that planned the attack : Explain how you would help the community understand that it was a small radical group in the druid community that planned the attack.

Reviews

Write a Review

Other Subject Questions & Answers

  Compare and contrast marx and durkheim

Compare and contrast Marx and Durkheim's theories of social change. How are they related?

  Explain what personal factors you might possess

Write a brief description of the three personal factors you think are the most important in contributing to the development of vicarious trauma and explain why.

  How can the strategies affect employee morale

Briefly describe two collective bargaining strategies companies use when dealing with unions. How can these strategies affect employee morale?

  Prepare your own state homeland security strategic plan

Does the SHSSP effectively incorporate the national priorities? More specifically, do the SHSSP's goals and objectives align with the National Priorities?

  Educating employees is a primary goal of a manager

Educating employees is a primary goal of a manager, so they are informed and are aware of what to expect when the changes happen.

  Compare four strategies for merging organizational cultures

Compare and contrast four strategies for merging organizational cultures. Your response should be at least 200 words in length.

  Treating juveniles like adults when they commit adult crimes

There is a lot of discussion about treating juveniles like adults when they commit adult crimes. Many states have passed laws that allow states to do this if the youth is 16 years or older...are such waivers an indication that we are returning to an ..

  Remodel space including replacement of all doors with new

You are awarded a contract to remodel a space including the replacement of all the doors with new. The existing doors are all painted wood doors.

  The effective classroom practices discussed in this module

1. name and describe the components of high-quality mathematics instruction. why is high quality math instruction

  How innovation has affected organisations management

Discuss the major sub-types of your innovation or the area of this innovation you are going to focus on (eg mobile commerce within technological innovation

  Explain the concepts of central tendency

Explain the concepts of central tendency, variance, standard deviation, correlation, and the difference between the means of two groups.

  Summarize the logistics of the research study

Logistics can include research problem and purpose of the study, research question or hypothesis, research design, method, procedures.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd