Add to collection(s) Add to saved
  1. Social Science
  2. Political Science
  3. Media

AttCheck 9

advertisement

INF 370 Information Security

Week 8 - 1 - Practice

Execute the following commands and copy/paste the output in this file after each of the commands. If the command does not output anything on the screen, use cat command to display the generated file. For example: cat privkey.pem

Keys

1. Generate a RSA key: openssl genrsa -des3 -out privkey.pem 2048

2. Output the public part of a private key: openssl rsa -in privkey.pem -pubout -out pubkey.pem

3. To remove the pass phrase on an RSA private key: openssl rsa -in privkey.pem -out keyout.pem

4. To convert a private key from PEM to DER format: openssl rsa -in privkey.pem -outform DER -out keyout.der

5. To print out the components of a private key to standard output: openssl rsa -in key.pem -text -noout

6. Generate a DSA key openssl dsaparam -out dsaparam.pem 2048 openssl gendsa -des3 -out dsa-privkey.pem dsaparam.pem

Digests

1. Create an MD5 or SHA1 digest of a file:

# MD5 digest

# SHA1 digest openssl dgst -md5 filename openssl dgst -sha1 filename

2. Sign a digest:

# signed digest will be filename.sha1

openssl dgst -sha1 -sign privkey.pem -out filename.sha1 filename

3. Verify a signed digest

To verify a signed digest you’ll need the file from which the digest was derived, the signed digest, and the signer’s public key. openssl dgst -sha1 -verify pubkey.pem -signature filename.sha1 filename

4. What other kinds of digests are available? openssl list-message-digest-commands o

Certificates

1. Create a self-signed test certificate: openssl req -x509 -nodes -days 365 -newkey rsa:1024 \

-keyout mycert.pem -out mycert.pem

2. Extract information from the certificate: openssl x509 -text -in mycert.pem

# who issued the cert? openssl x509 -noout -in mycert.pem -issuer

# to whom was it issued? openssl x509 -noout -in mycert.pem -subject

# for what dates is it valid? openssl x509 -noout -in mycert.pem -dates

# the above, all at once openssl x509 -noout -in mycert.pem -issuer -subject -dates

# what is its hash value? openssl x509 -noout -in mycert.pem -hash

# what is its MD5 fingerprint? openssl x509 -noout -in mycert.pem -fingerprint

3. Verify the certificate openssl verify mycert.pem

If anything is amiss, you’ll see some error messages with short descriptions of the problem, e.g.

,

 error 10 at 0 depth lookup:certificate has expired. Certificates are typically issued for a limited period of time—usually just one year—and openssl will complain if a certificate has expired.

 error 18 at 0 depth lookup:self signed certificate. Unless you make an exception , OpenSSL won’t verify a self-signed certificate.

Encryption/Decryption/Signing

1. Get a list of encryption commands openssl list-cipher-commands

2. Sign some data using a private key: openssl rsautl -sign -in file -inkey privkey.pem -out sig

3. Recover the signed data openssl rsautl -verify -in sig -inkey key.pem

4. Examine the raw signed data: openssl rsautl -verify -in file -inkey key.pem -raw -hexdump

5. Encrypt a file test.txt with the public key: openssl rsautl -encrypt -in test.txt -out test.enc -inkey pubkey.pem – pubin

6. Decrypt a file test.enc with the private key: openssl rsautl -decrypt -in test.enc -inkey privkey.pem

Related documents
Advisory-Note_Open-SSL
Advisory-Note_Open-SSL
CS 465 Introduction to Computer Security
CS 465 Introduction to Computer Security
Ms Word
Ms Word
CS-465-Homework-1-Fall
CS-465-Homework-1-Fall
Slide 1
Slide 1
OpenSSL Cheat Sheet - v1.7 - Practical Networking .net
OpenSSL Cheat Sheet - v1.7 - Practical Networking .net
PEM and S/MIME
PEM and S/MIME
8d20e5056a8d24d0462ce74e4904c1b5
8d20e5056a8d24d0462ce74e4904c1b5
lab1
lab1
Section Meeting Report 14 September 2011
Section Meeting Report 14 September 2011
docx
docx
Download
advertisement