COMPUTING SUBJECT:
Secure Socket layer
TYPE:
Assignment
IDENTIFICATION:
Secure Sockets SSL
COPYRIGHT:
Michael Claudius
LEVEL:
Medium
TIME CONSUMPTION:
2-20 hours
EXTENT:
50 lines
OBJECTIVE:
SSL sockets in practice
PRECONDITIONS:
Computer Networking Ch. 8.5
COMMANDS:
IDENTIFICATION: SSL/MC
The Mission
You are to make a secure connection by setting up a server and a client using the secure socket
layer and sharing the certificate provided by the server.
VisualStudio is recommended, but can also use your favorite editor
Useful links for this assignment
http://msdn.microsoft.com/en-us/library/system.net.security.sslstream(v=vs.110).aspx
http://msdn.microsoft.com/en-us/library/ms145056(v=vs.110).aspx
http://www.dib0.nl/code/367-using-a-client-certificate-with-an-ssl-stream-in-c
http://msdn.microsoft.com/en-us/library/aa529278.aspx
http://www.codeproject.com/Questions/456527/SSL-Client-Certificates
http://stackoverflow.com/questions/9982865/sslstream-example-how-do-i-get-certificates-that-work
http://stackoverflow.com/questions/14214396/how-to-create-a-certificate-to-use-with-sslstreamauthenticateasserver-without-i
http://www.codeproject.com/Articles/25677/Simple-WCF-X-Certificate
Keytool - Key and Certificate Management Tool Solaris Programmers tool to create keys
Keytool – Key and Certificate Management Tool Windows Programmers tool to create keys in
Java
1. Local server and client on one computer
First download the project TCPEchoServer with the normal EchoServer & EchoClient from your
teacher’s homepage or you can use your own project.
Run the EchoServer and EchoClient.
Type something in the client Window.
Test the communication.
2. Use of Secure Sockets
You are now to change the echo-application to use Secure Socket Layer (SSL).
Modify the EchoServer to use a secure Socket instead of the ServerSocket by substituting/changing
some of the lines.
3. Executing server and client
Compile and run the server program.
Now you get an error?! Why? What is missing ?
Think! Don’t turn page.
4. Generating a certificate fast
We need to generate a certificate file X509 it can be done by a special command makeCert or you
could first create a use keystore file and then transform it to a 509-file. The generated certificate
will hold the chosen key pair, the chosen cryptography method (RSA & MD5, DSA&SHA1) and
other standard information.
More general information and information on DSA can be found on:
http://java.sun.com/j2se/1.5.0/docs/tooldocs/windows/keytool.html)
http://en.wikipedia.org/wiki/Digital_Signature_Algorithm (DSA)
5. Changing server and client
To execute the server and client program we now need to specify the use of the certificate file.
Configue the project to use the file.
6. Server and client on two different computers
This assignment is best performed by pairs of students and on the fast-net, as there are restrictions
on the wireless net (Alternatively you can use the Uber unsecure network….)
Lookup the IP address of the server computer. ( eg. Click: start -> run -> cmd -> 'type ipconfig').
Start the EchoServer on one computer.
Modify the EchoClient to create a socket to the server (your partner) ie. change “localhost” to the
IP-address of the server.
Start the WireShark (i.e. start -> capture -> interface -> open)
Run the client and start to communicate.
Stop WireShark and view the captured packets.
You should now be able to read the package content given as plain text.
Then try to do exactly the same for the SSL based EchoServer and SSL based Echoclient.
Hopefully you now can not see the plain text but only cipher text!