User Account

All Pages

RSA Public-Key Encryption and Signature Lab

Assignment Help Other Subject
Reference no: EM132564203

RSA Public-Key Encryption and Signature Lab

Task 1: Deriving the Private Key

Let p, q, and e be three prime numbers. Let n = p*q. We will use (e, n) as the public key. Please calculate the private key d. The hexadecimal values of p, q, and e are listed in the following. It should be noted that although p and q used in this task are quite large numbers, they are not large enough to be secure. We intentionally make them small for the sake of simplicity. In practice, these numbers should be at least 512 bits long (the one used here are only 128 bits).

Task 2: Encrypting a Message
Let (e, n) be the public key. Please encrypt the message "A top secret!" (the quotations are not included). We need to convert this ASCII string to a hex string, and then convert the hex string to a BIGNUM using the hex-to-bn API BN hex2bn(). The following python command can be used to convert a plain ASCII string to a hex string.

The public keys are listed in the followings (hexadecimal). We also provide the private key d to help you verify your encryption result.

Task 3: Decrypting a Message

The public/private keys used in this task are the same as the ones used in Task 2. Please decrypt the following ciphertext C, and convert it back to a plain ASCII string.

You can use the following python command to convert a hex string back to to a plain ASCII string.

Task 4: Signing a Message

The public/private keys used in this task are the same as the ones used in Task 2. Please generate a signature for the following message (please directly sign this message, instead of signing its hash value):

Please make a slight change to the message M, such as changing $2000 to $3000, and sign the modified message. Compare both signatures and describe what you observe.

Task 5: Verifying a Signature

Bob receives a message M = "Launch a missile." from Alice, with her signature S. We know that Alice's public key is (e, n). Please verify whether the signature is indeed Alice's or not. The public key and signature (hexadecimal) are listed in the following:

Suppose that the signature in is corrupted, such that the last byte of the signature changes from 2F to 3F, i.e, there is only one bit of change. Please repeat this task, and describe what will happen to the verification process.

Task 6: Manually Verifying an X.509 Certificate

In this task, we will manually verify an X.509 certificate using our program. An X.509 contains data about a public key and an issuer's signature on the data. We will download a real X.509 certificate from a web server, get its issuer's public key, and then use this public key to verify the signature on the certificate.

Step 1: Download a certificate from a real web server. We use the www.example.org server in this document. Students should choose a different web server that has a different certificate than the one used in this document (it should be noted that www.example.com share the same certificate with www.example.org). We can download certificates using browsers or use the following command:

The result of the command contains two certificates. The subject field (the entry starting with s:) of the certificate is www.example.org, i.e., this is www.example.org's certificate. The issuer field (the entry starting with i:) provides the issuer's information. The subject field of the second certificate is the same as the issuer field of the first certificate. Basically, the second certificate belongs to an intermediate CA. In this task, we will use CA's certificate to verify a server certificate.
If you only get one certificate back using the above command, that means the certificate you get is signed by a root CA. Root CAs' certificates can be obtained from the Firefox browser installed in our pre-built VM. Go to the Edit ‹ Preferences ‹ Privacy and then Security ‹ View Certificates. Search for the name of the issuer and download its certificate.
Copy and paste each of the certificate (the text between the line containing "Begin CERTIFICATE" and the line containing "END CERTIFICATE", including these two lines) to a file. Let us call the first one c0.pem and the second one c1.pem.

Step 2: Extract the public key (e, n) from the issuer's certificate. Openssl provides commands to extract certain attributes from the x509 certificates. We can extract the value of n using -modulus. There is no specific command to extract e, but we can print out all the fields and can easily find the value of e.

Step 3: Extract the signature from the server's certificate. There is no specific openssl command to extract the signature field. However, we can print out all the fields and then copy and paste the signature block into a file (note: if the signature algorithm used in the certificate is not based on RSA, you can find another certificate).

We need to remove the spaces and colons from the data, so we can get a hex-string that we can feed into our program. The following command commands can achieve this goal. The tr command is a Linux utility tool for string operations. In this case, the -d option is used to delete ":" and "space" from the data.

Step 4: Extract the body of the server's certificate. A Certificate Authority (CA) generates the signature for a server certificate by first computing the hash of the certificate, and then sign the hash. To verify the signature, we also need to generate the hash from a certificate. Since the hash is generated before the signature is computed, we need to exclude the signature block of a certificate when computing the hash. Finding out what part of the certificate is used to generate the hash is quite challenging without a good understanding of the format of the certificate.

X.509 certificates are encoded using the ASN.1 (Abstract Syntax Notation.One) standard, so if we can parse the ASN.1 structure, we can easily extract any field from a certificate. Openssl has a command called asn1parse, which can be used to parse a X.509 certificate.

The field starting from 0 is the body of the certificate that is used to generate the hash; the field starting from A is the signature block. Their offsets are the numbers at the beginning of the lines. In our case, the certificate body is from offset 4 to 1249, while the signature block is from 1250 to the end of the file. For
X.509 certificates, the starting offset is always the same (i.e., 4), but the end depends on the content length of a certificate. We can use the -strparse option to get the field from the offset 4, which will give us the body of the certificate, excluding the signature block.
$ openssl asn1parse -i -in c0.pem -strparse 4 -out c0_body.bin -noout
Once we get the body of the certificate, we can calculate its hash using the following command:
$ sha256sum c0_body.bin

Step 5: Verify the signature. Now we have all the information, including the CA's public key, the CA's signature, and the body of the server's certificate. We can run our own program to verify whether the signature is valid or not. Openssl does provide a command to verify the certificate for us, but students are required to use their own programs to do so, otherwise, they get zero credit for this task.

Attachment:- RSA Public-Key Encryption and Signature Lab.rar

Reference no: EM132564203

Questions Cloud

Druid community that planned the attack : Explain how you would help the community understand that it was a small radical group in the druid community that planned the attack.
Discuss three ways you can consult : Discuss three ways you can consult with the work team on WHS matters. Where would you record it ?
How much will be included as her assessable income : How much will be included as her assessable income in respect of the share options for the year of assessment 2019/20
How much underallocation or overallocation of indirect costs : Identify whether there was an underallocation or an overallocation of indirect costs for 2019, how much underallocation or overallocation of indirect costs
RSA Public-Key Encryption and Signature Lab : RSA Public-Key Encryption and Signature Lab - Describe what will happen to the verification process - python command to convert a hex string back
Compare the current texas constitution : Compare the current texas constitution to any other current U.S. state constitution. Explain which state constitution you believe is fairer to its citizens
Committed domestically has changed policing : Do you believe that labeling terrorism as a crime that can be committed domestically has changed policing? How? Why? Provide examples.
Caucasian youths at several stages : Although some studies reveal that African-American, Hispanic, and Native-American youths are treated more harshly than Caucasian youths at several stages
Identify a cardiac or respiratory issue for health promotion : Identify a cardiac or respiratory issue and outline the key steps necessary to include for prevention and health promotion. The response must be typed.

Reviews

len2564203

7/6/2020 1:18:28 AM

Demonstrate that you have gone through the tasks by showing screenshots of running results. Demonstrate your understanding of screenshot results by articulating your explanations of these results. Is the report well-structured and easy to follow?, Including an introduction and conclusion sections? (These are the requirements for the task)

Write a Review

Other Subject Questions & Answers

  Why are they becoming more socially responsible

When you go shopping, in which product categories do you prefer private labels or national brands? Explain your preference.

  How the evolution has gradually impacted the united states

Discuss the evolution of terrorism both prior to and following the attacks of September 11, 2001. Specifically, focus on how terrorism has evolved from.

  Statistical analysis - describe your experience and methods

Statistical Analysis: Assume you had previous role as an HR Associate and used statistical methods in your early study or project

  Enlightened organizational culture

Find an organization that has an enlightened organizational culture, as described on p. 82 in our Manning-Curtis book.

  How the attachment might impact on the personality of child

Discuss how the attachment, secure or insecure, might impact on the personality and behavior of the child. How might this affect future relationships?

  Describe the objectives for the practicum experience

Practicum Journal Entry: You will select one nursing theory and one counseling theory to best guide your practice in psychotherapy. You will explain why you.

  Departure of this minority

The departure of this minority from France after Louis XIV revoked the edict of Nantes led to economic difficulties

  Evaluate a nursing practice environment

Conduct a literature search to locate six research articles - identify a clinical problem or issue that arises from the patient population. In 200-250 words

  What is the population per square mile

How does the demographics of a community affect the environment? What is the population per square mile?

  Discuss type of marketing segmentation strategies

Discuss type of marketing segmentation strategies you are to use are listed in blue of the Segmentation Lecture . narrative naming the type of segment

  What serves human purposes more effectively survives

What serves human purposes more effectively survives, while what does not, tends to decline or disappear.  How can you use such an idea to further the consciousness of others about diversity in the US

  Define a nurse practitioner reporting daily headaches

a nurse practitioner reporting daily headaches and feelings of irritability and sadness

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd