CS 231: Computer Security

Fun with certificates

Alone, partners, as you wish.

Certificates are used to establish trust that your online interactions are between you and the entity you think you're interacting with.

Stuff you might find useful:

• I wrote a Python function called modExponentiate that computes "a**b mod n" for large integers.modExponentiate(a, b, n)
• RFC 5280, RFC 3447, RFC 3447, RFC 2437, Wikipedia on X.690 (BER, CER, DER).
• The OpenSSL rsautl documentation.
• A binary/hex file editor, like 0xED or Hex Fiend on Mac. I've also used the one built into Visual Studio on Windows, but I don't know the Windows landscape very well anymore.
• Online PEM and DER decoders like this one and this other one, (though the vast feature set of openssl command can do this stuff, too).

Part 1: dissecting a certificate

1. Get a certificate from an https site. (Go to the site, click on the lock icon at the left edge of your browser's address bar, navigate to the certificate info, and drag the certificate icon to your desktop. I went to my amazon.com shopping cart page and renamed the certificate amazon.cer.)
2. View the certificate as text, and read through to get an idea of what it contains. ("openssl x509 -inform der -in cert.cer -text") The X.509 RFC has (or links to) all the details.
3. View the certificate's ASN.1 structure. ("openssl asn1parse -in cert.cer -inform der"). See how the ASN.1 and the text version from #2 above line up with the formal description of certificates at the X.509 RFC, Section 4.1. Make note of where you see the boundaries of the ASN.1 objects referred to in the RFC.
4. Use a hex/binary editor to look at the certificate in binary. Demonstrate how the binary structure of the certificate matches up to the expected DER encoding of the ASN.1 description of the certificate. (You don't have to analyze every byte, but show that you understand the length/type/contents structure of DER files.)
5. Convert your certificate to PEM. (openssl x509 -inform der -outform pem -in cert.cer -out cert.pem)
6. Convert your certificate from its original DER form to base64. (There's an openssl way, and also a "base64" command on Macs.) Compare the result to the PEM from the previous item.
7. Extract the DER form of the tbsCertificate in your certificate, and save it as a separate file. There's an openssl way to do this, but you could also use a hex editor, which is what I did.
8. Compute and save the tbsCertificate's hash. You'll need to look at the signature method in the text version of your certificate to figure out which hash to use (SHA-1, SHA-256, MD5, etc.). The openssl command can handle all of these, though there are also separate commands on Mac to compute these.
9. Immediately after the second "Signature Algorithm" in your certificate is a long hexadecimal number. This is the signature. That is, it's the hash of your tbsCertificate, encrypted using the Certificate Authority's *private* key. At least that's what all the general descriptions of certificates say it is. Note that if, by chance, you wanted to put this integer into a Python program, you could do so by jamming all its lines together, removing spaces and colons, and putting an 0x in front of all of it. Like "sig = 0xab37d6...".
10. Get the certificate chain that validates your certificate. (openssl s_client -showcerts -connect whatever_site_you_visited.com:443). In particular, grab the PEM version of the first CA certificate in the chain, and store that in a file named something like cacert.pem.
11. Get the CA's public key out of cacert.pem, somehow.
12. Use the CA's public key to decrypt the signature from a couple items ago. That Python code might be handy here. Hint: you'll know you're on the right track if you see lots of f's.
13. What do all the bytes in the resulting string mean? (This is a scavenger hunt in the RFC's linked above. Encrypted hint: "7342 CFR") Is your hash of tbsCertificate in there?

Part 2: some questions

This part of the assignment is delayed until a later due date, and will include more detailed instructions. Just do Part 1 for the current assignment.

Suppose you have figured out how to break SHA-1.

1. Describe what that means.
2. Assuming you can acquire Man-in-the-Middle control of a TLS session between Alice and the web site Bob.com, describe the ways in which you could use your SHA-1 knowledge to disrupt their interaction.

Suppose you have figured out how to break RSA.

3. Describe what that means.
4. Assuming you can acquire Man-in-the-Middle control of a TLS session between Alice and the web site Bob.com, describe the ways in which you could use your RSA knowledge to disrupt their interaction.

Handing it in

Produce a report showing the results of your dissection and your answers to the various questions. Use your judgement about how much info to show. Submit your PDF via Moodle.

Have fun!