Page |1

CSE 644 INTERNET SECURITY

Contents:

Task 1:………………………………………………………….. 2

Task 2:………………………………………………………….. 3

Task 3:………………………………………………………….. 4

Task 4:………………………………………………………….. 9

Task 6:………………………………………………………….. 9
 Page |2

Task 1: become a Certificate Authority (CA)

Observation:
Public key certificate (ca.crt) and CA’s private key (ca.key) is generated using the openssl and RSA
command.

Observation:
The public key certificate generated using openssl and RSA.

Observation:
The CA’s private key generated using openssl and RSA.
 Page |3

Task 2: create a certificate for PKILabServer.com

Observation:
A public/private RSA key pair is generated using openssl and it is stored in server.key

Observation:
The Certificate Signing Request (CSR) is generated using server.key which is used to generate
certificate for the key.

Observation:
Changing the policy from policy_match to policy_anything.
 Page |4

Observation:
The CSR file is sent to the CA and it is signed using cs.crt and ca.key to generate server.crt
certificate for PKILabServer.com

Task 3: use PKI for Web Sites

Observation:
The PKILabServer.com is mapped to the localhost so that it can be used as domain name.

Observation:
After the server is mapped to local host it can be launched using server.pem which is formed by
joining server.key and server.crt
 Page |5

Observation:
The access to the server using the url is not trusted by the web browser since the certificate is not
assigned by any trusted company.

Observation:
The ca.crt is manually added into the web browser.
 Page |6

Observation:
The url is agreed as trusted since it is certified by ca.crt

Observation:
The single byte belonging to server.key is modified in server.pem (from 75 to 76).

Observation:
As the single byte in server.key part of the server.pem is modified the terminal cannot load the server
certificate key file.
 Page |7

Observation:
The connection cannot be established to PKILabServer.com since the server certificate private key is
corrupted.

Observation:
The single byte belonging to server.crt is modified in server.pem (from 62 to 63).

Observation:
The server is launched since there is no corruption in the server’s private key part.
 Page |8

Observation:
The server.crt part of the server.pem is corrupted so the web brower cannot authenticate the server’s
certificate.

Observation:
The PKILabServer.com is replaced with localhost in the eurl and the server is accessed again.
Eventhough the both locahost and PKILabServer.com are same (127.0.0.1) the certificate is
associated with the name PKILabServer.com so it fails to trust the name localhost.

Observation:
After the exception is added to the name localhost the web browser trusts its certificate.
 Page |9

Task 4: using PLI to establish secure TCP connection with PKILabServer.com

Observation:
The client connects with the server and authenticates the server certificate using the ca.crt certificate
which is shared by both client and server. The client checks whether the common name of the server
is PKILabServer.com

Observation:
The TCP server program listens to incoming TCp client send sends its server.crt to the client to be
authenticated.

Task 6: create Digital Signature

Observation:
The plain text which is to be hashed using SHA256 and signed using digital signature.

Observation:
The private key is generated using the RSA algorithm. By default 1024 bits private key is generated
by this command. This command by default generates private key.
 P a g e | 10

Ob
servation:
The text and hex value of the generated private key along with other values to perform encryption and
decryption.
Encryption : C = Me mod n
e = public exponent
n = modulus.
Decryption: M = Cd mod n
d = private exponent
n = modulus.

Observation:
The public key is generated using the RSA algorithm. By default 1024 bits private key is generated by this
command. The public key is generated by specifying –pubout.
 P a g e | 11

Observation:
The text and hex value of the generated public key along with other values to perform encryption and
decryption.

Observation:
The hash value of the plain text is generated using SHA256 and it is signed using the generated private key
and the output is placed in signature.bin

Observation:
The signature.bin in hex form.

Observation:
The digital signature of the plain text is verified using example.txt, signature.bin and publickey.pem. since
the signature is valid it is verified ok.

Observation:
The example.txt file is modified.

Observation:
The digital signature verification fails since the example.txt is modified which doesnot match with the public
key and signature.