Applied cryptography assignment 2, X.

509 certificates
April 11, 2013 1 Instructions
Solve the problem described below using tools of your choice. The assignment should be solved individually. A complete solution will be rewarded with 20 points. A partial solution will be awarded with less. 1.1 Language and environment The programming language and environment is your choice. The only requirement is that you must be able to give a demonstration of your program. Basically this means that it is unlikely that you will have any problems, if you submit an executable (or Java) program for DOS/Windows and that probably you will need to make your own arrangements otherwise. 1.2 Cryptographic library For this task you will need to use an external cryptographic library. These cryptographic libraries have functions for the most common cryptographic tasks, for example using a block cipher. Examples of such libraries are: Java (http://java.sun.com/javase/technologies/security/). Starting from version 1.4 cryptography libraries have been integrated in Java and you dont have to install them separately (note however, that this default support has some limitations regarding e.g. supported key lengths for a particular cipher etc). This will provide most of cryptographic functions that you will need for the assignment, but probably not all. One of Java external libraries you might be interested to check out: http://www.bouncycastle.org/java.html. OpenSSL (http://www.openssl.org). A library developed primarily for C under UNIX, but which can be used also with Windows C compilers (Microsoft Visual C++ and Borland compilers). This library contains all the functionality necessary for solving the tasks for this course. Precompiled packages for Windows (provided either as .dll or .exe files) sometimes are available from the 3rd party developers. There are probably other libraries out there, and if you find one that suits your needs, feel free to use it! 1.3 Requirements The solution will be a program, and you will need to give a demonstration of how it works. You will need to hand in the source code and an executable (or interpretable) code, either in an email, on a diskette, or as a pointer to a place where I can download it. You must also provide a short instruction how to run the program. The time when you will give a demonstration can be arranged individually (by email); depending from circumstances there might be several official times, which will be announced later. Please also indicate the amount of time you spent on the task. I will use this information not for grading, but to tune the difficulty of the tasks.

2 The task
Your task consists of the following 3 steps: 1. Write a program that creates a valid X.509 standard compliant root (i.e. self-signed) certificate on your name and issued by yourself (you can freely choose the values for other meaningful fields). You should use RSA algorithm for your public key and your digital signature and freely chose a message digest algorithm supported by X.509 standard (e.g. SHA-1). 2. Write a program that verifies your certificate (since it is a root certificate, it is sufficient to check whether certificate issuer and subject are the same and whether a digital signature of the issuer matches the subjects public key). 3. Write a program that encrypts and decrypts a message of suitable length using the public RSA key from the certificate/private key file that you have created and one of RSA encryption/padding schemes specified in PKCS #1 standard. Some technical requirements: You can either implement creating of certificate compliant to X.509 format by yourself (by referring to RFC 3280 standard), or you can use libraries (including script-based), however each of the steps above should be performed by a single non-interactive run of the program (i.e. you cant just call a program from some library that opens its own dialog and just asks you to fill in the required certificate fields). In particular, the information about the issuer and the subject (and other parameters you chose to provide) of the certificate should be read from a text file (but it is up to you what syntax you use for this file). Encryption/decryption in step 3 of course can be done by two separate runs of the program (or even by two different programs). You program should store both the created certificate and the corresponding private key in files (and e.g. not try to install it on my computer!) The certificate file must correspond to one of machine-readable formats (CER, PEM etc.), for the private key file you may use either a standard or a format of your own. The verification program should be able read both the certificate and private key from the files you had created in previous step. The same applies to encryption/decryption program for step 3, which in addition has to be able to read and store encrypted/non-encrypted messages in files.

A complete solution for Step 1 will be awarded 10 points. Complete solutions for Steps 2 and 3 will be awarded 5 points each. Good luck!