Alone, partners, as you wish.
Certificates are used to establish trust that your online interactions
are between you and the entity you think you're interacting with.
Stuff you might find useful:
- I wrote a
Python function called modExponentiate
that computes "a**b mod n"
for large integers.modExponentiate(a, b, n)
- RFC 5280,
RFC 3447,
RFC 3447,
RFC 2437,
Wikipedia on X.690 (BER, CER, DER).
- The OpenSSL rsautl
documentation.
- A binary/hex file editor, like
0xED
or Hex Fiend
on Mac. I've also used the one built into Visual Studio on Windows,
but I don't know the Windows landscape very well anymore.
- Online PEM and DER decoders like
this one
and this other one,
(though the vast feature set of openssl command can do this stuff, too).
Part 1: dissecting a certificate
- Get a certificate from an https site. (Go to the site,
click on the lock icon at the left edge of your browser's
address bar, navigate to the certificate info, and drag the
certificate icon to your desktop. I went to my amazon.com shopping
cart page and renamed the certificate amazon.cer.)
- View the certificate as text, and read through to get an
idea of what it contains. ("openssl x509 -inform der -in cert.cer -text")
The X.509 RFC has
(or links to) all the details.
- View the certificate's ASN.1 structure.
("openssl asn1parse -in cert.cer -inform der"). See
how the ASN.1 and the text version from #2 above line up
with the formal description of certificates at
the X.509 RFC, Section 4.1.
Make note of where you see the boundaries of the ASN.1 objects
referred to in the RFC.
- Use a hex/binary editor to look at the certificate in
binary. Demonstrate how the binary structure of the certificate
matches up to the expected DER encoding of the ASN.1 description
of the certificate. (You don't have to analyze every byte, but
show that you understand the length/type/contents structure of
DER files.)
- Convert your certificate to PEM. (openssl x509 -inform der -outform pem -in cert.cer -out cert.pem)
- Convert your certificate from its original DER form
to base64. (There's an openssl way, and also a "base64"
command on Macs.) Compare the result to the PEM from the previous item.
- Extract the DER form of the tbsCertificate in your
certificate, and save it as a separate file. There's
an openssl way to do this, but you could also use a hex editor,
which is what I did.
- Compute and save the tbsCertificate's hash. You'll need to look at
the signature method in the text version of your certificate
to figure out which hash to use (SHA-1, SHA-256, MD5, etc.). The
openssl command can handle all of these, though there are also
separate commands on Mac to compute these.
- Immediately after the second "Signature Algorithm" in your
certificate is a long hexadecimal number. This is the signature.
That is, it's the hash of your tbsCertificate, encrypted using
the Certificate Authority's *private* key. At least that's what
all the general descriptions of certificates say it is. Note
that if, by chance, you wanted to put this integer into a Python program,
you could do so by jamming all its lines together, removing spaces and
colons, and putting an 0x in front of all of it. Like "sig = 0xab37d6...".
- Get the certificate chain that validates your certificate.
(openssl s_client -showcerts -connect whatever_site_you_visited.com:443).
In particular, grab the PEM version of the first CA certificate
in the chain, and store that in a file named something like cacert.pem.
- Get the CA's public key out of cacert.pem, somehow.
- Use the CA's public key to decrypt the signature
from a couple items ago. That Python code might be handy here.
Hint: you'll know you're on the right track if you see lots
of f's.
- What do all the bytes in the resulting string mean? (This is
a scavenger hunt in the RFC's linked above.
Encrypted hint: "7342 CFR")
Is your hash of tbsCertificate in there?
Part 2: some questions
This part of the assignment is delayed until
a later due date, and will include more detailed instructions. Just do Part 1
for the current assignment.
Suppose you have figured out how to break SHA-1.
- Describe what that means.
- Assuming you can acquire Man-in-the-Middle control of a TLS session between Alice
and the web site Bob.com, describe the ways in which you could use your SHA-1 knowledge
to disrupt their interaction.
Suppose you have figured out how to break RSA.
- Describe what that means.
- Assuming you can acquire Man-in-the-Middle control of a TLS session between Alice
and the web site Bob.com, describe the ways in which you could use your RSA knowledge
to disrupt their interaction.
Handing it in
Produce a report showing the results of your dissection and
your answers to the various questions. Use your judgement about how
much info to show. Submit your PDF via Moodle.
Have fun!