Homework Assignment 03  Problems 1.1, 1.2, 1.4  ComputerSecurity/assignments/assignment03/a ssignment03.doc.

Slides:



Advertisements
Similar presentations
Chapter 3 Public Key Cryptography and Message authentication.
Advertisements

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Digital Signatures and Hash Functions. Digital Signatures.
Public Key Cryptography & Message Authentication By Tahaei Fall 2012.
Information Security Principles & Applications Topic 4: Message Authentication 虞慧群
First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.
CC3.12 Erdal KOSE Privacy & Digital Security Encryption.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
Lecture 3: Cryptographic Tools
Network Security Sorina Persa Group 3250 Group 3250.
1 Message Authentication and Hash Functions Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of.
CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS
Network Security Essentials Fifth Edition by William Stallings Fifth Edition by William Stallings.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Introduction to Public Key Cryptography
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Lecture 3: Cryptographic Tools modified from slides of Lawrie Brown.
Public Key Cryptography July Topics  Symmetric and Asymmetric Cryptography  Public Key Cryptography  Digital Signatures  Digital Certificates.
1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden
Bob can sign a message using a digital signature generation algorithm
Behzad Akbari Spring In the Name of the Most High.
© Neeraj Suri EU-NSF ICT March 2006 DEWSNet Dependable Embedded Wired/Wireless Networks MUET Jamshoro Computer Security: Principles and Practice Slides.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.
Acknowledgements: William Stallings.William Stallings All rights Reserved Session 4 Public Key Cryptography (Part 2) Network Security Essentials Application.
©Copyrights 2011 Eom, Hyeonsang All Rights Reserved Distributed Information Processing 20 th Lecture Eom, Hyeonsang ( 엄현상 ) Department of Computer Science.
Message Authentication  message authentication is concerned with: protecting the integrity of a message protecting the integrity of a message validating.
Information Security Principles Assistant Professor Dr. Sana’a Wafa Al-Sayegh 1 st Semester ITGD 2202 University of Palestine.
1 Chapter 11: Message Authentication and Hash Functions Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
Hash Functions A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M) Principal object is.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Key Management Workshop November 1-2, Cryptographic Algorithms, Keys, and other Keying Material  Approved cryptographic algorithms  Security.
Cryptography, Authentication and Digital Signatures
CSCE 201 Introduction to Information Security Fall 2010 Data Protection.
Network Security Lecture 11 Presented by: Dr. Munam Ali Shah.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Basic Cryptography 1. What is cryptography? Cryptography is a mathematical method of protecting information –Cryptography is part of, but not equal to,
BASIC CRYPTOGRAPHIC CONCEPTS. Public Key Cryptography  Uses two keys for every simplex logical communication link.  Public key  Private key  The use.
Chapter 21 Public-Key Cryptography and Message Authentication.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 2 “Cryptographic Tools”.
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.
11.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 11 Message Integrity and Message Authentication.
1 Number Theory and Advanced Cryptography 6. Digital Signature Chih-Hung Wang Sept Part I: Introduction to Number Theory Part II: Advanced Cryptography.
Cryptographic Hash Functions and Protocol Analysis
Chapter 11 Message Authentication and Hash Functions.
Cryptography and Network Security Chapter 12 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptographic Hash Functions Prepared by Dr. Lamiaa Elshenawy
Cryptography and Network Security (CS435) Part Nine (Message Authentication)
Intro to Cryptography Lesson Introduction
Electronic Mail Security Prepared by Dr. Lamiaa Elshenawy
IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.
1 Public Key Cryptography. 2 Public Key Cryptography Agenda: Message authentication – authentication codes and hash functions Public key encryption –
Security. Security Needs Computers and data are used by the authorized persons Computers and their accessories, data, and information are available to.
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
CS457 Introduction to Information Security Systems
Cryptographic Hash Function
Presentation transcript:

Homework Assignment 03  Problems 1.1, 1.2, 1.4  ComputerSecurity/assignments/assignment03/a ssignment03.doc 9/7/2011-9/9/2011CSCI 451 Computer Security – Fall 20111

Cryptographic Tools Sung Hee Park Computer Science Dept. of Math & Computer Science Virginia State University Petersburg, VA /27/2012-8/31/20122CSCI 451 Computer Security – Fall 2012

Lecture Objective  Understand the concept of cryptographic algorithms  Understand the concept of symmetric (secrete key) encryption  Understand the concept of public-key (asymmetric) encryption  Understand the concept of digital signatures and key management  Understand the concept of secure hash functions 38/27/2012-8/31/2012CSCI 451 Computer Security – Fall 2012

Outline  Cryptographic algorithms Important element in security services Help achieve  Confidentiality  Integrity  Authenticity  Review various types of elements symmetric encryption secure hash functions  Message authentication public-key (asymmetric) encryption digital signatures and key management  Examples 48/27/2012-8/31/2012CSCI 451 Computer Security – Fall 2012

Symmetric Encryption 5  Major elements Encryption algorithm Decryption algorithm Secret\ key (shared by sender and recipient) Plaintext input Plaintext output (ciphertext) 8/27/2012-8/31/2012CSCI 451 Computer Security – Fall 2012

Example – A classical but trial symmetric encryption algorithm  Shift Cipher  Secret key An integer: k  Encryption algorithm c = (m + k) % n  Decryption algorithm m = (c – k) % n  Example n = 26 for English alphabet k = 3 Encrypt  Plaintext input  the quick brown fox jumps over the lazy dog  Ciphertext output  wkh txlfn eurzq …… 68/27/2012-8/31/2012CSCI 451 Computer Security – Fall 2012

In-Class Exercise  k = 8  Encrypt Hurricane Irene shut down the university! 78/27/2012-8/31/2012CSCI 451 Computer Security – Fall 2012

 Hurricane Irene shut down the university! 9/7/2011-9/9/2011CSCI 451 Computer Security – Fall  P}zzqkivm(Qzmvm({p}|(lwDELv(|pm(}vq~mz{q|st art of heading)

Attacking Symmetric Encryption  Cryptanalysis Rely on nature of the algorithm Plus some knowledge of plaintext characteristics Even some sample plaintext-ciphertext pairs Exploits characteristics of algorithm to deduce specific plaintext or key  Brute-force attack Try all possible keys on some ciphertext until get an intelligible translation into plaintext 98/27/2012-8/31/2012CSCI 451 Computer Security – Fall 2012

Cryptanalysis – Simple Example (1)  English letter frequency 108/27/2012-8/31/2012CSCI 451 Computer Security – Fall 2012

Cryptanalysis – Simple Example (2)  Alphabet: ASCII table  Encrypt a large chunk of text using the shift cipher Novel “Mobby Dick”  Based on letter frequency Much of the plaintext input can be recovered from the cipher text 118/27/2012-8/31/2012CSCI 451 Computer Security – Fall 2012

Brute-force attack – Simple Example  Alphabet: ASCII table  Encrypt a large chunk of text using the shift cipher Novel “Mobby Dick”  Try key 1, 2, …, alphabet size – 1, until the result makes sense 128/27/2012-8/31/2012CSCI 451 Computer Security – Fall 2012

Exhaustive Key Search 138/27/2012-8/31/2012CSCI 451 Computer Security – Fall 2012

Symmetric Encryption Algorithms 148/27/2012-8/31/2012CSCI 451 Computer Security – Fall 2012

DES and Triple-DES  Data Encryption Standard (DES) is the most widely used encryption scheme Uses 64 bit plaintext block and 56 bit key to produce a 64 bit ciphertext block Concerns about algorithm & use of 56-bit key  Triple-DES Repeats basic DES algorithm three times Using either two or three unique keys Much more secure but also much slower 158/27/2012-8/31/2012CSCI 451 Computer Security – Fall 2012

Advanced Encryption Standard (AES)  Needed a better replacement for DES  NIST called for proposals in 1997  Selected Rijndael in Nov 2001  Published as FIPS 197  Symmetric block cipher  Uses 128 bit data & 128/192/256 bit keys  Now widely available commercially 168/27/2012-8/31/2012CSCI 451 Computer Security – Fall 2012

Block verses Stream Ciphers 178/27/2012-8/31/2012CSCI 451 Computer Security – Fall 2012

Summary  Introduced cryptographic algorithms  Symmetric encryption algorithms for confidentiality 188/27/2012-8/31/2012CSCI 451 Computer Security – Fall 2012

In-Class Activity  Find a standard publication regarding Data Encryption Standard (DES) on the Internet.  Answer the questions below. 1. Standard recommendation number? 2. Which institution proposed DES? 3. What does FIPS stands for? 4. In this document, what else algorithm has been proposed other than DES? 9/7/2011-9/9/2011CSCI 451 Computer Security – Fall

Message Authentication  Protects against active attacks whereas Encryption against passive attacks (Eavesdropping)  Verifies received message is authentic contents unaltered from authentic source timely and in correct sequence  Can use conventional encryption only sender & receiver have shared key needed  Or separate authentication mechanisms append authentication tag to cleartext message 208/27/2012-8/31/2012CSCI 451 Computer Security – Fall 2012

Message Authentication Codes(MAC) 218/27/2012-8/31/2012CSCI 451 Computer Security – Fall ,32-bit code ciphertext DES

Homework Assignment 04- Implement Shift Cipher  dt-content-rid _1/xid _ dt-content-rid _1/xid _1 9/7/2011-9/9/2011CSCI 451 Computer Security – Fall

One-way Hash Functions: Alternative to the MAC 238/27/2012-8/31/2012CSCI 451 Computer Security – Fall 2012 K

Message Authen- tification 248/27/2012-8/31/2012CSCI 451 Computer Security – Fall 2012 Message Digest

Hash Function Requirements (Very Important)  Applied to any size data  H produces a fixed-length output.  H(x) is relatively easy to compute for any given x  One-way property computationally infeasible to find x such that H(x) = h  Weak collision resistance computationally infeasible to find y ≠ x such that H(y) = H(x)  Strong collision resistance computationally infeasible to find any pair (x, y) such that H(x) = H(y) 258/27/2012-8/31/2012CSCI 451 Computer Security – Fall 2012

Hash Functions  two attack approaches cryptanalysis  exploit logical weakness in alg brute-force attack  trial many inputs  strength proportional to size of hash code ( 2 n/2 )  SHA most widely used hash algorithm SHA-1 gives 160-bit hash more recent SHA-256, SHA-384, SHA-512 provide improved size and security 268/27/2012-8/31/2012CSCI 451 Computer Security – Fall 2012

Secure Hash Algorithm(SHA-1) 9/7/2011-9/9/2011CSCI 451 Computer Security – Fall Source: FIPS PUB 180-1, Secure Hash Algorithm, Retrieved September 5,

In-Class Exercise  Find a standard recommendation document regarding the latest Secure Hash Algorithm(SHA) on the Internet: NIST, FIPS PUB 180-2: Secure Hash Function, 2.pdf. 2.pdf  Read the first page of the publication and answer the questions below. (10pts) 1. Name of Standard? (20pts) 2. One-way hash functions can process a message to produce a condensed representation. What is the condensed representation called? (30pts) 3. What bit ranges do SHAs’ output have? (40pts) 4. Secure hash algorithms are typically used with several cryptographic algorithms. Give at least two examples among those algorithms? 9/7/2011-9/9/2011CSCI 451 Computer Security – Fall

Public Key Encryption (Asymmetric Encryption) 298/27/2012-8/31/2012CSCI 451 Computer Security – Fall 2012

Public Key Authentication 308/27/2012-8/31/2012CSCI 451 Computer Security – Fall 2012

Public Key Requirements 1. computationally easy to create key pairs 2. computationally easy for sender knowing public key to encrypt messages 3. computationally easy for receiver knowing private key to decrypt ciphertext 4. computationally infeasible for opponent to determine private key from public key 5. computationally infeasible for opponent to otherwise recover original message 6. useful if either key can be used for each role 318/27/2012-8/31/2012CSCI 451 Computer Security – Fall 2012

Public Key Algorithms  RSA (Rivest, Shamir, Adleman) developed in 1977 only widely accepted public-key encryption alg given tech advances need bit keys  Diffie-Hellman key exchange algorithm only allows exchange of a secret key  Digital Signature Standard (DSS) provides only a digital signature function with SHA-1  Elliptic curve cryptography (ECC) new, security like RSA, but with much smaller keys 328/27/2012-8/31/2012CSCI 451 Computer Security – Fall 2012

Public Key Certificates 338/27/2012-8/31/2012CSCI 451 Computer Security – Fall 2012

Digital Envelopes 348/27/2012-8/31/2012CSCI 451 Computer Security – Fall 2012

Random Numbers  random numbers have a range of uses  requirements:  randomness based on statistical tests for uniform distribution and independence  unpredictability successive values not related to previous clearly true for truly random numbers but more commonly use generator 358/27/2012-8/31/2012CSCI 451 Computer Security – Fall 2012

Pseudorandom verses Random Numbers  often use algorithmic technique to create pseudorandom numbers which satisfy statistical randomness tests but likely to be predictable  true random number generators use a nondeterministic source e.g. radiation, gas discharge, leaky capacitors increasingly provided on modern processors 368/27/2012-8/31/2012CSCI 451 Computer Security – Fall 2012

Practical Application: Encryption of Stored Data  common to encrypt transmitted data  much less common for stored data which can be copied, backed up, recovered  approaches to encrypt stored data: back-end appliance library based tape encryption background laptop/PC data encryption 378/27/2012-8/31/2012CSCI 451 Computer Security – Fall 2012

Summary  introduced cryptographic algorithms  symmetric encryption algorithms for confidentiality  message authentication & hash functions  public-key encryption  digital signatures and key management  random numbers 388/27/2012-8/31/2012CSCI 451 Computer Security – Fall 2012

In-Class Activity  Download putty.exe from the link to tty/download.html tty/download.html  Try to connect blackwell manchine Hostname: blackwell.mathcs.vsu.edu Username: firstnamelastname Password: your VSU #ID 9/7/2011-9/9/2011CSCI 451 Computer Security – Fall

In-Class Activity  Example for creating encrypted private key and self-signed certificate for the CA.  openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days config openssl.cnf  Locate openssl.cnf  Cp.  openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days config openssl.cnf 9/7/2011-9/9/2011CSCI 451 Computer Security – Fall

Example of Certificate Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: md5WithRSAEncryption Issuer: C=FJ, ST=Fiji, L=Suva, O=SOPAC, OU=ICT, CN=SOPAC Root Validity Not Before: Nov 20 05:47: GMT Not After : Nov 20 05:47: GMT Subject: C=FJ, ST=Fiji, L=Suva, O=SOPAC, OU=ICT, Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:ba:54:2c:ab:88:74:aa:6b:35:a5:a9:c1:d0:5a: 9b:fb:6b:b5:71:bc:ef:d3:ab:15:cc:5b:75:73:36: b8:01:d1:59:3f:c1:88:c0:33:91:04:f1:bf:1a:b4: 7a:c8:39:c2:89:1f:87:0f:91:19:81:09:46:0c:86: 08:d8:75:c4:6f:5a:98:4a:f9:f8:f7:38:24:fc:bd: 94:24:37:ab:f1:1c:d8:91:ee:fb:1b:9f:88:ba:25: da:f6:21:7f:04:32:35:17:3d:36:1c:fb:b7:32:9e: 42:af:77:b6:25:1c:59:69:af:be:00:a1:f8:b0:1a: 6c:14:e2:ae:62:e7:6b:30:e9 Exponent: (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: FE:04:46:ED:A0:15:BE:C1:4B:59:03:F8:2D:0D:ED:2A:E0:ED:F9:2F X509v3 Authority Key Identifier: keyid:E6:12:7C:3D:A1:02:E5:BA:1F:DA:9E:37:BE:E3:45:3E:9B:AE:E5:A6 DirName:/C=FJ/ST=Fiji/L=Suva/O=SOPAC/OU=ICT/CN=SOPAC Root serial:00 9/7/2011-9/9/2011CSCI 451 Computer Security – Fall

Example of Certificate Signature Algorithm: md5WithRSAEncryption 34:8d:fb:65:0b:85:5b:e2:44:09:f0:55:31:3b:29:2b:f4:fd: aa:5f:db:b8:11:1a:c6:ab:33:67:59:c1:04:de:34:df:08:57: 2e:c6:60:dc:f7:d4:e2:f1:73:97:57:23:50:02:63:fc:78:96: 34:b3:ca:c4:1b:c5:4c:c8:16:69:bb:9c:4a:7e:00:19:48:62: e2:51:ab:3a:fa:fd:88:cd:e0:9d:ef:67:50:da:fe:4b:13:c5: 0c:8c:fc:ad:6e:b5:ee:40:e3:fd:34:10:9f:ad:34:bd:db:06: ed:09:3d:f2:a6:81:22:63:16:dc:ae:33:0c:70:fd:0a:6c:af: bc:5a -----BEGIN CERTIFICATE----- MIIDoTCCAwqgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBiTELMAkGA1UEBhMCRkox DTALBgNVBAgTBEZpamkxDTALBgNVBAcTBFN1dmExDjAMBgNVBAoTBVNPUEFDMQww CgYDVQQLEwNJQ1QxFjAUBgNVBAMTDVNPUEFDIFJvb3QgQ0ExJjAkBgkqhkiG9w0B CQEWF2FkbWluaXN0cmF0b3JAc29wYWMub3JnMB4XDTAxMTEyMDA1NDc0NFoXDTAy MTEyMDA1NDc0NFowgYkxCzAJBgNVBAYTAkZKMQ0wCwYDVQQIEwRGaWppMQ0wCwYD VQQHEwRTdXZhMQ4wDAYDVQQKEwVTT1BBQzEMMAoGA1UECxMDSUNUMRYwFAYDVQQD Ew13d3cuc29wYWMub3JnMSYwJAYJKoZIhvcNAQkBFhdhZG1pbmlzdHJhdG9yQHNv cGFjLm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAulQsq4h0qms1panB 0Fqb+2u1cbzv06sVzFt1cza4AdFZP8GIwDORBPG/GrR6yDnCiR+HD5EZgQlGDIYI 2HXEb1qYSvn49zgk/L2UJDer8RzYke77G5+IuiXa9iF/BDI1Fz02HPu3Mp5Cr3e2 JRxZaa++AKH4sBpsFOKuYudrMOkCAwEAAaOCARUwggERMAkGA1UdEwQCMAAwLAYJ YIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud DgQWBBT+BEbtoBW+wUtZA/gtDe0q4O35LzCBtgYDVR0jBIGuMIGrgBTmEnw9oQLl uh/anje+40U+m67lpqGBj6SBjDCBiTELMAkGA1UEBhMCRkoxDTALBgNVBAgTBEZp amkxDTALBgNVBAcTBFN1dmExDjAMBgNVBAoTBVNPUEFDMQwwCgYDVQQLEwNJQ1Qx FjAUBgNVBAMTDVNPUEFDIFJvb3QgQ0ExJjAkBgkqhkiG9w0BCQEWF2FkbWluaXN0 cmF0b3JAc29wYWMub3JnggEAMA0GCSqGSIb3DQEBBAUAA4GBADSN+2ULhVviRAnw VTE7KSv0/apf27gRGsarM2dZwQTeNN8IVy7GYNz31OLxc5dXI1ACY/x4ljSzysQb xUzIFmm7nEp+ABlIYuJRqzr6/YjN4J3vZ1Da/ksTxQyM/K1ute5A4/00EJ+tNL3b Bu0JPfKmgSJjFtyuMwxw/Qpsr7xa -----END CERTIFICATE /7/2011-9/9/2011CSCI 451 Computer Security – Fall

In-Class Activity  Example for a user to generating the certificate request to be signed by the CA  openssl req -nodes -new -x509 -keyout csci451privatekey.pem -out csci451req.pem - days 365 -config openssl.cnf 9/7/2011-9/9/2011CSCI 451 Computer Security – Fall

Parameters  -new this option generates a new certificate request. It will prompt the user for the relevant field values. The actual fields prompted for and their maximum and minimum sizes are specified in the configuration file and any requested extensions. If the -key option is not used it will generate a new RSA private key using information specified in the configuration file. 9/7/2011-9/9/2011CSCI 451 Computer Security – Fall

 -x509 this option outputs a self signed certificate instead of a certificate request. This is typically used to generate a test certificate or a self signed root CA. The extensions added to the certificate (if any) are specified in the configuration file.  -keyout filename this gives the filename to write the newly created private key to. If this option is not specified then the filename present in the configuration file is used. 9/7/2011-9/9/2011CSCI 451 Computer Security – Fall

 -out filename This specifies the output filename to write to or standard output by default. In this case, the output file will contain the self-signed certificate.  -days n when the -x509 option is being used this specifies the number of days to certify the certificate for. The default is 30 days.  -config filename this allows an alternative configuration file to be specified, this overrides the compile time filename or any specified in the OPENSSL_CONF environment variable. 9/7/2011-9/9/2011CSCI 451 Computer Security – Fall

In-Class Activity  Generate certificate request  openssl x509 -x509toreq -in csci451req.pem - signkey csci451privatekey.pem -out csci451certrequest.pem 9/7/2011-9/9/2011CSCI 451 Computer Security – Fall

Parameters  -x509toreq  converts a certificate into a certificate request. The -signkey option is used to pass the required private key.  -in filename  This specifies the input filename to read a certificate from or standard input if this option is not specified. Here cs691req.pem is the certificate generated by the previous req command.  -out filename  This specifies the output filename to write to or standard output by default. Here the output file contains the certificate request generated.  -signkey filename 9/7/2011-9/9/2011CSCI 451 Computer Security – Fall

Parameters  this option causes the input file to be self signed using the supplied private key. Here we used the private key of CS691 to sign the certificate request.  If the input file is a certificate it sets the issuer name to the subject name (i.e. makes it self signed) changes the public key to the supplied value and changes the start and end dates. The start date is set to the current time and the end date is set to a value determined by the -days option. Any certificate extensions are retained unless the -clrext option is supplied.  If the input is a certificate request then a self signed certificate is created using the supplied private key using the subject name in the request. 9/7/2011-9/9/2011CSCI 451 Computer Security – Fall

In-Class Activity  CA sign certificate request  openssl ca -config openssl.cnf -policy policy_anything -out csci451signedcert.pem - infiles csci451certrequest.pem 9/7/2011-9/9/2011CSCI 451 Computer Security – Fall

In-Class Activity  to generate the public key from the private key.  openssl rsa -in csci451privatekey.pem - passin pass:cs03se -pubout -out csci451publickey.pem 9/7/2011-9/9/2011CSCI 451 Computer Security – Fall

In-Class Activity  # create, sign, and verify message digest openssl sha1 -out digest.txt plain.txt  Given the plain.txt, the above command generates the SHA-1 based message digest in digest.txt file.  9/7/2011-9/9/2011CSCI 451 Computer Security – Fall

In-Class Activity  openssl sha1 -sign csci451privatekey.pem -out rsasign.bin plain.txt  Given the plain.txt, the above command generates the SHA-1 based hash and then sign it with the private key of CSCI451. The signed hash is save in rsasign.bin (binary data) file. 9/7/2011-9/9/2011CSCI 451 Computer Security – Fall

In-Class Activity  openssl sha1 -verify csci451publickey.pem - signature rsasign.bin plain.txt  Given the plain.txt and the signed hash received, the above command verified if it is indeed signed by CSCI451 using its public key and indeed the hash is correct.  spark]$ openssl sha1 -verify csci451publickey.pem -signature rsasign.bin plain.txt Verified OK 9/7/2011-9/9/2011CSCI 451 Computer Security – Fall

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.