Differences
This shows you the differences between two versions of the page.
|
ac:laboratoare:05 [2019/10/30 06:29] tiberiu.iorgulescu [Public Key Infrastructure] |
ac:laboratoare:05 [2022/11/03 17:05] (current) marios.choudary |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ===== Lab 05 - PKI and TLS ===== | ===== Lab 05 - PKI and TLS ===== | ||
| - | ==== Task 1: Implement DH + AES-GCM encryption === | + | <hidden> |
| + | ==== Task 0: Implement DH + AES-GCM encryption === | ||
| Implement DH + AES-GCM encryption starting from the code from previous lab (see bonus 2). | Implement DH + AES-GCM encryption starting from the code from previous lab (see bonus 2). | ||
| Line 7: | Line 8: | ||
| Use the secret key to encrypt some data and check that the other party can decrypt it. You can use | Use the secret key to encrypt some data and check that the other party can decrypt it. You can use | ||
| the code available [[https://paste.ubuntu.com/p/4XZpMtt9ZZ/ | here]] for AES-GCM. | the code available [[https://paste.ubuntu.com/p/4XZpMtt9ZZ/ | here]] for AES-GCM. | ||
| + | </hidden> | ||
| Line 17: | Line 19: | ||
| {{ :ac:laboratoare:chain-of-trust.png?500 |Chain of trust}} | {{ :ac:laboratoare:chain-of-trust.png?500 |Chain of trust}} | ||
| - | === Task 2: Investigate certficates for ocw.cs.pub.ro === | + | === Task 1: Investigate certficates for ocw.cs.pub.ro === |
| Using your browser's 'View Certificate' functionality, try to find information about the certificate presented by https://ocw.cs.pub.ro. We are interested in: | Using your browser's 'View Certificate' functionality, try to find information about the certificate presented by https://ocw.cs.pub.ro. We are interested in: | ||
| Line 51: | Line 53: | ||
| $ openssl x509 -in ocwcspubro.crt -noout -subject | $ openssl x509 -in ocwcspubro.crt -noout -subject | ||
| $ openssl x509 -in ocwcspubro.crt -noout -pubkey | $ openssl x509 -in ocwcspubro.crt -noout -pubkey | ||
| + | </code> | ||
| + | |||
| + | In order to download the lasters version of TERENASSLCA3.crt, you need to check CA Issuers - URI field of ocw's certificate. | ||
| + | If you download it, it might be in DER format (binary). You can convert it with the following command: | ||
| + | <code> | ||
| + | openssl x509 -inform der -in TERENASSLCA3.crt -out TERENASSLCA3pem.crt | ||
| </code> | </code> | ||
| Line 71: | Line 79: | ||
| - | === Task 3: Investigate the TLS cryptographic parameters === | + | === Task 2: Investigate the TLS cryptographic parameters === |
| Use your browser to inspect the TLS version and cryptoparameters of popular websites: google.com, amazon.com, microsoft.com. Report any differences. | Use your browser to inspect the TLS version and cryptoparameters of popular websites: google.com, amazon.com, microsoft.com. Report any differences. | ||
| - | === Task 4: Investigate the TLS handshake protocol === | + | * Can you tell what is the root certificate, the intermediate certificate and the target/server certificate ? |
| + | * How do you differentiate a root certificate from an intermediate certificate ? | ||
| + | |||
| + | === Task 3: Investigate the TLS handshake protocol === | ||
| Using Wireshark, investigate the two traffic captures ({{:ac:laboratoare:traffic-captures.tar}}). In both cases try to find: | Using Wireshark, investigate the two traffic captures ({{:ac:laboratoare:traffic-captures.tar}}). In both cases try to find: | ||
