Practical work with PKI Digital recordkeeping and preservation II 2016 Thomas Sødring thomas.sodring@hioa.no P48-R407 67238287

But first .... You must create a password on the bibin machine http://bibin.hioa.no/sftp/ This must not be the password you use on Fronter. Do not use an existing password. Choose a new password!

PKI gives us Confidentiality No one can see the content of the message Integrity The message is not altered Authentication The message comes from whom it is supposed to come from Non-repudiation The sender can not later deny having sent the message This is what you need to learn about theoretical and practical PKI

What we are going to do now We will use some open source tool for Linux to explore PKI Create your own public/private PKI keys Sign an XML file with the private key Verify the signature with the public key Ensure non-repudiation Encrypt/decrypt an XML file with PKI keys Confidentiality and integrity

Find a suitable program At HiOA Install putty via the add more software option on your desktop At home You can download this at home too To upload/download files between home and bibin you can use filezilla https://filezilla-project.org/

When running putty you will see this 1 2 3 1. Host name : 2. Port : 22 3. Connection type : SSH

We type bibin.hioa.no in «Host Name» and click Open

A new window will show up First you get a question whether you trust the server and if you want to accept the SSH key. You should always verify this before clicking Accept

Type your student number. Username Type your student number. For example s123456

Username (2) Press ENTER

Type the password you made earlier and press ENTER

This is a Linux terminal window And now we are inside This is a Linux terminal window

Explorer map network drive This will only work from a HiOA computer

Explorer map network drive This will only work from a HiOA computer

Download resources All files from: http://edu.hioa.no/ark2200/current/aids/krypto/ Should be downloaded to your bibin area

First we are going to make a checksum en_fil.txt This is a file We use a command called md5sum

Checksum generated by md5sum

Two files that are the same will always generate the same checksum Another md5 checksum en_fil.txt This is a file kopi_av_en_fil.txt This is a file Two files that are the same will always generate the same checksum

Another md5 checksum (2) This is a file This is a file This is a file en_fil.txt This is a file kopi_av_en_fil.txt This is a file en_annen_fil.txt This is a file

sha256sum You can also find sha256sum on bibin sha256sum can be used in the same way as md5sum

sha256 checksum

Checksums can be used to hide passwords 'password1' = 7c6a180b36896a0a8c02787eeafb0e4c There are databases that have made a mapping from words to checksums, which gives you the opportunity to search for checksums* Checksum is a one way mechanism '_Password_Z?@Q296' = 74b82ad8fefce0f6c1f79bfad8a47097 This is one of the reasons why you should make good passwords** to find out if two (big) files are the same *http://www.md5-hash.com/ **http://www.theguardian.com/technology/2013/nov/07/adobe-password-leak-can-check

Practical PKI and keys Now we will create public and private keys Signing Private keys are used to sign documents Public keys are used to validate the signature Encryption/decryption Public keys are used to encrypt Private keys are used to decrypt

We will now generate a private key Generate a RSA key The size of the key (in bits) openssl genrsa -out s123456_privat_nokkel.pem 1024 Open source program called openssl used for PKI The key is stored in a file called s123456_privat_nokkel.pem

cat s123456_privat_nokkel.pem Look at the private key cat s123456_privat_nokkel.pem Can also be opened in explorer

We will now generate a public key Generate a RSA public key openssl rsa -in s123456_privat_nokkel.pem -pubout -out s123456_offentlig_nokkel.pem Use private key s123456_privat_nokkel.pem as input to the public key Public key is stored in a file called s123456_offentlig_nokkel.pem

cat s123456_offentlig_nokkel.pem Look at the public key cat s123456_offentlig_nokkel.pem

So far We have created a pair of private/public key We shall use these to Sign/verify an XML file Encrypt an XML file Decrypt an XML file xmlsec1 This is part of a standard used for encryption/decryption of XML files with PKI http://www.w3.org/Signature/ http://www.xml.com/pub/a/2001/08/08/xmld sig.html http://www.ibm.com/developerworks/xml/libr ary/s-xmlsec.html/index.html

Sign an XML file with the private key We will use the file: signerings_mal.xml Observe the data in: signerings_mal.xml Go back to the Linux tool and execute the commands

signerings_mal.xml Data that we want to sign goes here <?xml version="1.0" encoding="UTF-8"?> <Envelope xmlns="urn:envelope"> <min_xmlData> This is my data </min_xmlData> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" /> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <Reference URI=""> <Transforms> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <DigestValue></DigestValue> </Reference> </SignedInfo> <SignatureValue/> <KeyInfo> <KeyName/> </KeyInfo> </Signature> </Envelope> Data that we want to sign goes here The checksum associated with SHA goes here The checksum associated with the private key goes here

Sign an XML file with the private key xmlsec1 --sign --output signert_xml_fil.xml --privkey-pem s123456_privat_nokkel.pem signerings_mal.xml

The file: signert_xml_fil.xml <?xml version="1.0" encoding="UTF-8"?> <Envelope xmlns="urn:envelope"> <min_xmlData> This is my data </min_xmlData> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <Reference URI=""> <Transforms> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>8B5bU1Yo6M3la8/oACJM/ggwWKo=</DigestValue> </Reference> </SignedInfo> <SignatureValue>oycOl0Ex07n5e2mH6fJ87gRdnsdT3m6NZMMTmSP/Hr9X88WkaD9dbZFG1nQ08Ze9 8L657332njkySJLaY22EKK7cLC5IwTCtyAC8CkRn8yvp5D8lg7RvwvWveKL1sR1U COGzWtUe3Sm67zBMHNbgGXdySf/PLOhzrJOjOWDAwd0=</SignatureValue> <KeyInfo> <KeyName/> </KeyInfo> </Signature> </Envelope> The checksum associated with SHA1 The checksum associated with the private key

We will now verify the public key xmlsec1 verify --pubkey-pem s123456_offentlig_nokkel.pem signert_xml_fil.xml

So far We have seen how we can sign an XML file with our private key and then validate this file with our public key People can now know with certainty that this XML file came from you We have achieved non-repudiation Is this integrity/authenticity in an archive context? Next step is changing the content in the file and then check the validation Open the file and alter it Save the file and then try the verification command again

We will now verify the public key again xmlsec1 verify --pubkey-pem s123456_offentlig_nokkel.pem signert_xml_fil.xml

Verifying the public key We know that the file has been altered, but we don't know anything about what is changed tsodring@bibin:~/krypto$ xmlsec1 verify --pubkey-pem s123456_offentlig_nokkel.pem signert_xml_fil.xml func=xmlSecOpenSSLEvpDigestVerify:file=digests.c:line=229:obj=sha1:subj=unknown:error=12:invalid data:data and digest do not match FAIL SignedInfo References (ok/all): 0/1 Manifests References (ok/all): 0/0 Error: failed to verify file "signert_xml_fil.xml"

Encryption with the public key Ensure confidentiality We should be able to send data over an open communication line without anyone else reading the content Alice wants to send me a message that only I can read so she encrypts it with my public key Now we will try krypterings_mal.xml melding.xml

The file: melding.xml <melding> <fra>Alice</fra> <til>Thomas</til> <innhold> Transfer 100 000,- from account 123456789 to account 987654321 </innhold> </melding>

The file: krypterings_mal.xml <?xml version="1.0" encoding="UTF-8"?> <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element"> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#"> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> <KeyName/> </KeyInfo> <CipherData> <CipherValue/> </CipherData> </EncryptedKey> </EncryptedData>

Encryption with the public key (2) xmlsec1 encrypt --pubkey-pem s123456_offentlig_nokkel.pem --session-key des-192 --xml-data melding.xml --output kryptert_melding.xml krypterings_mal.xml

The file: kryptert_melding.xml <?xml version="1.0"?> <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element"> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#"> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> <KeyName/> </KeyInfo> <CipherData> <CipherValue>kna8o5HkKLodmfDT1mKJFCJuCfNododRI/N8iDeQbLHTUOGCYph9MlHcGeYfkQew 08iCmRUONcIiYW56rcOatOOEL4FGyzgb/yINiAouPlNXG9pralrCcYP4V1L+ozvi GRIGP2vmpAW5M+yAMQzDaRN5uJwK+K/24LY7+wPCnIA=</CipherValue> </CipherData> </EncryptedKey> <CipherValue>hFYmRDArPDm3aZeHoethQsIAVstwGRGdFthtYCd9OtlAxxwLIn6lTwLefgalTNNi p0lblDNUBA6mDIftgMh/+g3cQeUrF21nOGd5bGbgza/pMf3U9QkLhRFKfIXTlTmZ Z+Cm4CjxevkE6/o8Ewl5TTx8vB75r/6CZzo/W2SGDdVKlWLgGBTjjENoN90bYJyH Mu0y+/0FV9qKvxa9LseqPp1Sq9J7OXn2QIUpQqyd3zc=</CipherValue> </EncryptedData> This is the encrypted message

Decryption with the private key Here I have forgotten UTF-8 xmlsec1 decrypt --privkey-pem s123456_privat_nokkel.pem kryptert_melding.xml

Decryption with the private key (2) If you want the content (the encrypted message) in a separate file instead of on the screen you have to use: --output dekryptert_melding.xml xmlsec1 decrypt --privkey-pem s123456_privat_nokkel.pem --output dekryptert_melding.xml kryptert_melding.xml

What have we achieved so far? Integrity and authenticity We can verify who sent the document and that the content has not been altered Signing/verification of signature Confidentiality Although someone saw the message, it can only be decrypted with the private key What happens if we manually edit the content of kryptert_melding.xml?

Conclusion With these tools, how can we know that Alice sends me a message about a transmission that is confidential, and will not have the possibility to deny it later Alice signs the message with her private key Alice encrypts the message with my public key I decrypt the message with my private key I verify the message with Alices public key

Assignment 3 How to ensure integrity and authenticity with PKI Part 1: Generate keys Part 2: Securing Non-repudiation Part 3: Encryption Part 4: Ensuring the confidentiality and non- repudiation