From 59f26eb1a8d8ae80587a77486a32ed8f8c07af69 Mon Sep 17 00:00:00 2001 From: Bill Buchanan Date: Thu, 3 Mar 2022 13:26:42 +0000 Subject: [PATCH 01/15] Update README.md --- unit06_trust_dig_cert/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/unit06_trust_dig_cert/README.md b/unit06_trust_dig_cert/README.md index 8538f86..a313847 100644 --- a/unit06_trust_dig_cert/README.md +++ b/unit06_trust_dig_cert/README.md @@ -14,13 +14,13 @@ The key concepts are: ## Presentations -* Unit 6 Presentation (PDF) - Digital Certs: [here](https://github.com/billbuchanan/esecurity/blob/master/unit06_trust_dig_cert/lab/new_lab06.pdf). -* Unit 6 Presentation (lecture) - Digital Certs: [here](https://youtu.be/2ptgq8u0I5g). +* Unit 6 Presentation (PDF) - Digital Certs: [here](https://github.com/billbuchanan/appliedcrypto/blob/master/unit06_trust_dig_cert/lab/new_lab06.pdf). + * Unit 6 Presentation (video) - Digital Certs: [here](https://youtu.be/ZJ2G8KC1zDs). ## Lab -* Unit 6 Lab (PDF): [here](https://github.com/billbuchanan/esecurity/tree/master/unit06_trust_dig_cert/lab). +* Unit 6 Lab (PDF): [here](https://github.com/billbuchanan/appliedcrypto/tree/master/unit06_trust_dig_cert/lab). * Unit 6 Lab (video) - Digital Certs: [here](https://www.youtube.com/watch?v=-uNQFv0GTZc). ## Sample Exam Questions From 574bd6b758609392ed3a341babb0c48d65afee53 Mon Sep 17 00:00:00 2001 From: Bill Buchanan Date: Thu, 3 Mar 2022 13:31:10 +0000 Subject: [PATCH 02/15] Update README.MD --- unit06_trust_dig_cert/lab/README.MD | 58 +++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/unit06_trust_dig_cert/lab/README.MD b/unit06_trust_dig_cert/lab/README.MD index 20ca995..93d8d31 100644 --- a/unit06_trust_dig_cert/lab/README.MD +++ b/unit06_trust_dig_cert/lab/README.MD @@ -435,6 +435,64 @@ sudo /etc/init.d/apache2 restart HTTPs should now be enabled with a self-signed certificate. If you try https://localhost, you will have to add an exception to view the page, as we are using a self-signed certificate: +## Additional lab question +The ECDSA signature is used in Bitcoin and Ethereum. Using the code [here](https://asecuritysite.com/ecdsa/ecdsa3): + +```python +import sys +import random +import hashlib +import libnum + +from secp256k1 import curve,scalar_mult,point_add + +msg="Hello" + +if (len(sys.argv)>1): + msg=(sys.argv[1]) + +# Alice's key pair (dA,QA) +dA = random.randint(0, curve.n-1) +QA = scalar_mult(dA,curve.g) + +h=int(hashlib.sha256(msg.encode()).hexdigest(),16) + +k = random.randint(0, curve.n-1) + +rpoint = scalar_mult(k,curve.g) + +r = rpoint[0] % curve.n + +# Bob takes m and (r,s) and checks +inv_k = libnum.invmod(k,curve.n) + +s = (inv_k*(h+r*dA)) % curve.n + +print (f"Msg: {msg}\n\nAlice's private key={dA}\nAlice's public key={QA}\nk= {k}\n\nr={r}\ns={s}") + +# To check signature + +inv_s = libnum.invmod(s,curve.n) +c = inv_s +u1=(h*c) % curve.n +u2=(r*c) % curve.n +P = point_add(scalar_mult(u1,curve.g), scalar_mult(u2,QA)) + +res = P[0] % curve.n +print (f"\nResult r={res}") + +if (res==r): + print("Signature matches!") +``` + +Run the code and answer the following questions: + +* How is the private key created? +* How is the public key created? +* Can you identify the nonce value used in the signature? +* What are the two output values of the signature? +* Which key (public or private key) is used to verify the signature? +* Which key (public or private key) is used to verify the signature? ## What I should have learnt from this lab? The key things learnt: From 0af40e5b662374e48d887a19423076ffe1ca6d75 Mon Sep 17 00:00:00 2001 From: Bill Buchanan Date: Fri, 4 Mar 2022 06:54:06 +0000 Subject: [PATCH 03/15] Update README.MD --- unit06_trust_dig_cert/lab/README.MD | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/unit06_trust_dig_cert/lab/README.MD b/unit06_trust_dig_cert/lab/README.MD index 93d8d31..bc86eb0 100644 --- a/unit06_trust_dig_cert/lab/README.MD +++ b/unit06_trust_dig_cert/lab/README.MD @@ -11,7 +11,7 @@ Objective: Digital certificates are used to define a trust infrastructure within From this web link (Digital Certificate): ``` -http://asecuritysite.com/encryption/digitalcert +http://asecuritysite.com/digitalcert/digitalcert ``` Open up Certificate 1 and identify the following: @@ -89,7 +89,7 @@ Now we will create our own self-signed certificates. ### B.1 Create your own certificate from: -Web link (Create Certificate): http://asecuritysite.com/encryption/createcert +Web link (Create Certificate): [here](http://asecuritysite.com/digitalcert/createcert) Add in your own details. @@ -222,7 +222,7 @@ print ("State/province:", components['ST']) print ("Country:", components['C']) ``` -Web link (CSR): [here](https://asecuritysite.com/encryption/csr) +Web link (CSR): [here](https://asecuritysite.com/digitalcert/csr) ### D.8 Now check the signing on these certificate requests: @@ -352,7 +352,7 @@ We have a root certificate authority of My Global Corp, which is based in Washin ### E.1 We will now view some PFX certificate files, and which are protected with a password: -Web link (Digital Certificates): [here](http://asecuritysite.com/encryption/digitalcert2) +Web link (Digital Certificates): [here](http://asecuritysite.com/digitalcert/digitalcert2) * For Certificate 1, can you open it in the Web browser with an incorrect password: * Now enter “apples” as a password, and record some of the key details of the certificate: From 0098ec195fe2a3e25941fb1e9ac4536129748381 Mon Sep 17 00:00:00 2001 From: Bill Buchanan Date: Fri, 4 Mar 2022 06:56:27 +0000 Subject: [PATCH 04/15] Update README.md --- unit06_trust_dig_cert/lecture/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/unit06_trust_dig_cert/lecture/README.md b/unit06_trust_dig_cert/lecture/README.md index 2ee0ca5..ccedd49 100644 --- a/unit06_trust_dig_cert/lecture/README.md +++ b/unit06_trust_dig_cert/lecture/README.md @@ -15,8 +15,10 @@ The key concepts are: ## Presentations * Week 7 Presentation (PDF) - Digital Certs: [here](https://asecuritysite.com/public/chapter06_digital_cert.pdf). -* Week 7 Presentation (lecture) - Digital Certs: [here](https://youtu.be/2ptgq8u0I5g). * Week 7 Presentation (video) - Digital Certs: [here](https://youtu.be/ZJ2G8KC1zDs). +* Doodle: [here](https://youtu.be/k1sCVNg3mho) + + From 2a86929f4f9fe9a95a69eb5cbc3ced1ccfadda20 Mon Sep 17 00:00:00 2001 From: Bill Buchanan Date: Fri, 4 Mar 2022 06:56:52 +0000 Subject: [PATCH 05/15] Update README.md --- unit06_trust_dig_cert/README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/unit06_trust_dig_cert/README.md b/unit06_trust_dig_cert/README.md index a313847..d3d7e2b 100644 --- a/unit06_trust_dig_cert/README.md +++ b/unit06_trust_dig_cert/README.md @@ -14,9 +14,10 @@ The key concepts are: ## Presentations -* Unit 6 Presentation (PDF) - Digital Certs: [here](https://github.com/billbuchanan/appliedcrypto/blob/master/unit06_trust_dig_cert/lab/new_lab06.pdf). - -* Unit 6 Presentation (video) - Digital Certs: [here](https://youtu.be/ZJ2G8KC1zDs). +* Week 7 Presentation (PDF) - Digital Certs: [here](https://asecuritysite.com/public/chapter06_digital_cert.pdf). +* Week 7 Presentation (video) - Digital Certs: [here](https://youtu.be/ZJ2G8KC1zDs). +* Doodle: [here](https://youtu.be/k1sCVNg3mho) + ## Lab From f473639cc4eb54d9a648f6a6c3cae0b9e2718e27 Mon Sep 17 00:00:00 2001 From: Bill Buchanan Date: Fri, 4 Mar 2022 07:04:22 +0000 Subject: [PATCH 06/15] Update README.md --- unit06_trust_dig_cert/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/unit06_trust_dig_cert/README.md b/unit06_trust_dig_cert/README.md index d3d7e2b..8877b74 100644 --- a/unit06_trust_dig_cert/README.md +++ b/unit06_trust_dig_cert/README.md @@ -7,6 +7,8 @@ The key concepts are: * Digital Certificate: Usage, formats, and PKI. * Creation of the trust infrastructure. +You can find examples of digital certificates [here](https://asecuritysite.com/digitalcert/). + ## What you should know at the end of unit? * Understand the trust infrastructures of PKI. From 5550045a63480877e0dcd39c00e9699a4d1d1261 Mon Sep 17 00:00:00 2001 From: Bill Buchanan Date: Fri, 4 Mar 2022 07:05:26 +0000 Subject: [PATCH 07/15] Update README.MD --- unit06_trust_dig_cert/lab/README.MD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/unit06_trust_dig_cert/lab/README.MD b/unit06_trust_dig_cert/lab/README.MD index bc86eb0..d23f3b6 100644 --- a/unit06_trust_dig_cert/lab/README.MD +++ b/unit06_trust_dig_cert/lab/README.MD @@ -1,4 +1,4 @@ -![esecurity](https://raw.githubusercontent.com/billbuchanan/esecurity/master/z_associated/esecurity_graphics.jpg) +![esecurity](https://raw.githubusercontent.com/billbuchanan/appliedcrypto/master/z_associated/esecurity_graphics.jpg) # Lab 6: Trust and Digital Certificates From 48121d667eb930ff2d35b7de7332a0ad8a27484e Mon Sep 17 00:00:00 2001 From: Bill Buchanan Date: Fri, 4 Mar 2022 07:09:38 +0000 Subject: [PATCH 08/15] Update README.md --- z_assessments/test01/README.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/z_assessments/test01/README.md b/z_assessments/test01/README.md index d749dff..41fe70f 100644 --- a/z_assessments/test01/README.md +++ b/z_assessments/test01/README.md @@ -1,9 +1,9 @@ ![esecurity](https://raw.githubusercontent.com/billbuchanan/esecurity/master/z_associated/esecurity_graphics.jpg) # Test 1 -There will be four main questions in the exam: Symmetric Key (Unit 2), Hashing (Unit 3), Public Key (Unit 4), and Key Exchange (Unit 5). An outline is [here](https://www.youtube.com/watch?v=Oj3T2UO1WDw&feature=emb_title), and some learning outcomes are [here](https://github.com/billbuchanan/appliedcrypto/blob/master/z_assessments/test01/learning_outcomes.md). A PDF version of the questions is [here](https://github.com/billbuchanan/appliedcrypto/blob/master/z_assessments/test01/2021_fake_exam_questions.pdf) and a fake example paper is [here](https://github.com/billbuchanan/appliedcrypto/blob/master/z_assessments/test01/fake_exam_paper.md). +There will be four main questions in the exam: Symmetric Key (Unit 2), Hashing (Unit 3), Public Key (Unit 4), Key Exchange (Unit 5) an Digital Certicates (Unit 6). An outline is [here](https://www.youtube.com/watch?v=Oj3T2UO1WDw&feature=emb_title), and some learning outcomes are [here](https://github.com/billbuchanan/appliedcrypto/blob/master/z_assessments/test01/learning_outcomes.md). A PDF version of the questions is [here](https://github.com/billbuchanan/appliedcrypto/blob/master/z_assessments/test01/2021_fake_exam_questions.pdf) and a fake example paper is [here](https://github.com/billbuchanan/appliedcrypto/blob/master/z_assessments/test01/fake_exam_paper.md). -**Test date:** 18 March 2022 (open book test, taken over Moodle). +**Test date:** 5pm, 18 March 2022 (open book test, taken over Moodle). ** Test time: ** TBC @@ -85,3 +85,7 @@ Key topics: Diffie-Hellman, Simple DH calculations, ECDH operation, Passing with * With Diffie-Hellman, G is 1579, and N is 7561. Bob selects 13 and Alice selects 14. Prove that the shared key is 868. [Ref: Key Exchange] * Eve says that she sees the values passed within ECDH by Bob and Alice, and that she can crack the key. By explaining the ECDH key exchange method, outline how it would likely to be difficult for Eve to determine the shared key. +### 5. Digital Ceritifcates +* For PKI, briefly outline how Alice knows that she is using the correct version of Bob's public key. + + From a10ea76a32af59c076915fe58c5b3a51f06563e1 Mon Sep 17 00:00:00 2001 From: Bill Buchanan Date: Fri, 4 Mar 2022 07:10:07 +0000 Subject: [PATCH 09/15] Update README.md --- z_assessments/test01/README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/z_assessments/test01/README.md b/z_assessments/test01/README.md index 41fe70f..ab02ba6 100644 --- a/z_assessments/test01/README.md +++ b/z_assessments/test01/README.md @@ -5,8 +5,6 @@ There will be four main questions in the exam: Symmetric Key (Unit 2), Hashing ( **Test date:** 5pm, 18 March 2022 (open book test, taken over Moodle). -** Test time: ** TBC - Some test details are: * It is an open book test. From 4e391d70f9eea2d50781aec19ce7ac71c99a347e Mon Sep 17 00:00:00 2001 From: Bill Buchanan Date: Fri, 4 Mar 2022 07:11:24 +0000 Subject: [PATCH 10/15] Update learning_outcomes.md --- z_assessments/test01/learning_outcomes.md | 1 + 1 file changed, 1 insertion(+) diff --git a/z_assessments/test01/learning_outcomes.md b/z_assessments/test01/learning_outcomes.md index 610ab9f..272e231 100644 --- a/z_assessments/test01/learning_outcomes.md +++ b/z_assessments/test01/learning_outcomes.md @@ -22,6 +22,7 @@ Students should: 1. Explain how the e and d values are determined within the RSA method. Where would I find this info? There are some examples [here](https://asecuritysite.com/log/rsa_examples.pdf). 1. Understand how the Diffie-Hellman process works, with a simple example. 1. Understand how the Elliptic Curve Diffie Hellman works, with a simple example. +1. Understand the operation of PKI, and how Alice can get a trusted version of Bob's public key. Remember to review sample paper [here](https://github.com/billbuchanan/appliedcrypto/blob/master/z_assessments/test01/fake_exam_paper.md) for some sample questions. From 55f81260091844a017f2a866576ae6985449ec03 Mon Sep 17 00:00:00 2001 From: Bill Buchanan Date: Fri, 4 Mar 2022 07:12:01 +0000 Subject: [PATCH 11/15] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 27ae529..c3e3eae 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,7 @@ The following is the draft timetable: | 6 | 25 Feb 2022 | Key Exchange | Lab | | 7 | 4 Mar 2022 | Digital Signatures and Certificates | Lab | | 8 | 11 Mar 2022 | Revision lecture and Test 1/Coursework | Mini-project/Coursework | -| 9 | 18 Mar 2022 | Test (Units 1-5) 40% of overall mark | | +| 9 | 18 Mar 2022 | Test (Units 1-5) 40% of overall mark [here](https://github.com/billbuchanan/appliedcrypto/tree/main/z_assessments/test01) | | | 10 | 25 Mar 2022 | Tunnelling | Lab | | 11 | 1 Apr 2022 | Blockchain | Lab | | 12 | 8 Apr 2022 | Future Cryptography | Lab | From 3c7ca80764a65ff2b9d3b328d1a4b78c122be311 Mon Sep 17 00:00:00 2001 From: Bill Buchanan Date: Fri, 4 Mar 2022 08:43:11 +0000 Subject: [PATCH 12/15] Update README.MD --- unit06_trust_dig_cert/lab/README.MD | 3 +++ 1 file changed, 3 insertions(+) diff --git a/unit06_trust_dig_cert/lab/README.MD b/unit06_trust_dig_cert/lab/README.MD index d23f3b6..a238872 100644 --- a/unit06_trust_dig_cert/lab/README.MD +++ b/unit06_trust_dig_cert/lab/README.MD @@ -494,6 +494,9 @@ Run the code and answer the following questions: * Which key (public or private key) is used to verify the signature? * Which key (public or private key) is used to verify the signature? + + + ## What I should have learnt from this lab? The key things learnt: From 616a14d7041fe1424b93eb7b125fa5aab196be28 Mon Sep 17 00:00:00 2001 From: Bill Buchanan Date: Fri, 4 Mar 2022 12:28:33 +0000 Subject: [PATCH 13/15] Update README.MD --- unit06_trust_dig_cert/lab/README.MD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/unit06_trust_dig_cert/lab/README.MD b/unit06_trust_dig_cert/lab/README.MD index a238872..5bdaf1e 100644 --- a/unit06_trust_dig_cert/lab/README.MD +++ b/unit06_trust_dig_cert/lab/README.MD @@ -21,7 +21,7 @@ Open up Certificate 1 and identify the following: * Name: * Issuer: * What is CN used for: -* What is ON used for: +* What is OU used for: * What is O used for: * What is L used for: From 3dd3c536986fe6b05c508fb64fa3c14f2d21ff28 Mon Sep 17 00:00:00 2001 From: Bill Buchanan Date: Sat, 5 Mar 2022 06:57:37 +0000 Subject: [PATCH 14/15] Update README.MD --- unit05_key_exchange/lab/README.MD | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/unit05_key_exchange/lab/README.MD b/unit05_key_exchange/lab/README.MD index 4013c1a..23614f2 100644 --- a/unit05_key_exchange/lab/README.MD +++ b/unit05_key_exchange/lab/README.MD @@ -63,7 +63,7 @@ Do they match: [Yes] [No] ### B.1 Generate 768-bit Diffie-Hellman parameters: ``` -openssl dhparam -out dhparams.pem 768 -text +openssl dhparam -out dhparams.pem -text 768 ``` View your key with: @@ -92,27 +92,27 @@ How would we change the g value? ### B.2 Let’s look at the Elliptic curves we can create: -
+```
 openssl ecparam -list_curves
-
+``` We can create our elliptic parameter file with: -
+```
 openssl ecparam -name secp256k1 -out secp256k1.pem
-
+``` Now view the details with: -
+```
 openssl ecparam -in secp256k1.pem -text -param_enc explicit -noout
-
+``` What are the details of the key? Now we can create our key pair: -
+```
 openssl ecparam -in secp256k1.pem -genkey -noout -out mykey.pem
-
+``` Name three 160-bit curves: From d989c1e268296b357d4bb6e4f60ea2070f1432e0 Mon Sep 17 00:00:00 2001 From: Bill Buchanan Date: Sat, 5 Mar 2022 06:59:40 +0000 Subject: [PATCH 15/15] Update README.MD --- unit05_key_exchange/lab/README.MD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/unit05_key_exchange/lab/README.MD b/unit05_key_exchange/lab/README.MD index 23614f2..7fc7518 100644 --- a/unit05_key_exchange/lab/README.MD +++ b/unit05_key_exchange/lab/README.MD @@ -66,7 +66,7 @@ Generate 768-bit Diffie-Hellman parameters: openssl dhparam -out dhparams.pem -text 768 ``` -View your key with: +View your key exchange parameters with: ``` cat dhparams.pem