In cryptography, a PKI is an arrangement that binds public keys with respective identities of entities (like people and organizations). The binding is established through a process of registration and issuance of certificates at and by a certificate authority (CA).

PKI is a system for the creation, storage, and distribution of digital certificates which are used to verify that a particular public key belongs to a certain entity. The PKI creates digital certificates which map public keys to entities, securely stores these certificates in a central repository and revokes them if needed. The roles of root certificate, intermediate certificate and end-entity certificate as in the chain of trust can be seen in the picture below:

Using your browser's 'View Certificate' functionality, try to find information about the certificate presented by https://ocw.cs.pub.ro. We are interested in:

• issuer
• validity dates
• subject (CN: Common Name)
• public key

Export server and issuer certificates, or download them from here: certificates.tar. We will use openssl command line tool to investigate certificate files.

openssl s_client -showcerts -connect ocw.cs.pub.ro:443

• Display whole certificate

$ openssl x509 -in ocwcspubro.crt -noout -text
$ openssl x509 -in TERENASSLCA3.crt -noout -text

• Display certificate attributes

$ openssl x509 -in ocwcspubro.crt -noout -dates
$ openssl x509 -in ocwcspubro.crt -noout -issuer
$ openssl x509 -in ocwcspubro.crt -noout -subject
$ openssl x509 -in ocwcspubro.crt -noout -pubkey

• Using the certificate of the issuer, we can verify server certificate

$ openssl verify -CAfile TERENASSLCA3.crt ocwcspubro.crt

The Transport Layer Security protocol aims primarily to provide privacy and data integrity between two communicating computer applications. When secured by TLS, connections between a client (e.g., a web browser) and a server (e.g., wikipedia.org) have one or more of the following properties:

• The connection is private because symmetric cryptography is used to encrypt the data transmitted. The keys for this symmetric encryption are based on a shared secret negotiated at the start of the session.
• The identity of the communicating parties can be authenticated using public-key cryptography and digital certificates.
• The connection ensures integrity because each message transmitted includes a message integrity check using a message authentication code.

The TLS protocol comprises two layers: the TLS record protocol and the TLS handshake protocol. TLS handshake protocol (both RSA key exchange and Diffie-Hellman key exchange) can be seen in the pictures below:

Using Wireshark, investigate the two traffic captures (traffic-captures.tar). In both cases try to find:

• How many ciphersuite does the client support?
• What could be the purpose of Extension: server_name?
• What were the negotiated algorithms?
• What information is sent in cleartext? It is critical? How would a downgrade attack be performed?

1. Create directories for CA and for server files

   mkdir ca-files server-files

2. Create CA private key and certificate (cd ca-files/)
   1. create CA configuration file

      $ cat root-ca.conf 
      [ req ]
      distinguished_name = req_distinguished_name
      prompt = no
      
      [ req_distinguished_name ]
      C = RO
      ST = Bucharest
      L = Bucharest
      O = UPB Root
      CN = UPB Root CA
      emailAddress = root@root-ca.org

   2. create CA private key and certificate

      openssl req -config root-ca.conf -new -x509 -sha256 -newkey rsa:2048 -nodes -keyout root-ca.key -days 365 -out root-ca.cert

   3. inspect CA certificate

      openssl x509 -in root-ca.cert -text -noout

3. Create server private key and Certificate Signing Request (cd server-files/)
   1. generate server private key

      openssl genrsa -out server.key 2048

   2. create a Certificate Signing Request config file

      $ cat server-csr.conf 
      [ req ]
      distinguished_name = req_distinguished_name
      prompt = no
      
      [ req_distinguished_name ]
      C = RO
      ST = Bucharest
      L = Bucharest
      O = Applied Cryptography Course
      CN = applied-cryptography.org
      emailAddress = office@applied-cryptography.org

   3. create a Certificate Signing Request

      openssl req -config server-csr.conf -new -sha256 -key server.key -out server.csr

   4. inspect the CSR

      openssl req -in server.csr -noout -text

4. Submit CSR to be signed by the CA and obtain the server certificate
   1. move CSR to CA folder

      mv server.csr && cd ../ca-files/

   2. sign the CSR and obtain the server certificate

      echo "01" > root-ca.srl
      openssl x509 -in server.csr -out server.cert -req -CA root-ca.cert -CAkey root-ca.key -days 365 -CAserial root-ca.srl

   3. inspect and verify server certificate

      openssl x509 -in server.cert -text -noout
      openssl verify -CAfile root-ca.cert server.cert

   4. move certificate to server files folder

      mv server.cert ../server-files/

5. Install Apache and activate SSL module
   1. install Apache server

      sudo apt-get update
      sudo apt-get install apache2

   2. activate Apache SSL module

      sudo a2enmod ssl

   3. enable the default HTTPS site

      sudo a2ensite default-ssl

   4. point applied-cryptography.org to 127.0.0.1

      echo "127.0.0.1 applied-cryptography.org" | sudo tee -a /etc/hosts

   5. restart server and inspect HTTPS website (https://applied-cryptography.org, notice the error occured)

      sudo service apache2 restart

6. Configure Apache to use our certificate
   1. copy certificate and private key

      sudo cp server.key /etc/ssl/private/
      sudo cp server.cert /etc/ssl/certs/

   2. install our certificate and private key on the server

      sudo vim /etc/apache2/sites-available/default-ssl.conf
      # update SSLCertificate paths

   3. restart the server

      sudo service apache2 restart

   4. visit https://applied-cryptography.org, notice the error occured
   5. install CA certificate in Firefox

      navigate to Menu > Preferences > Advanced > Certificates > View Certificates
      click Import and choose root-ca.cert

   6. revisit https://applied-cryptography.org (you probably need to launch an incognito window)