Description
Your second project will involve RSA encryption, PKI Certificates, and Diffie-Hellman
key exchanges.
This project must be demonstrated to Dr. Fourney, and the report and all code submitted
prior 5 pm on Tuesday, November 19th. The onus is on you to have a final demo scheduled,
probably the morning of Monday, 11/18, or sometime on Tuesday, 11/19. If you wait until
Tuesday to demo you will have very little time to fix coding errors and update your report,
so I suggest you schedule an early demo during the week of 11/10. Hand in a
hard copy of your report, and submit your complete project (everything I need to run your
project, including a simple “readme” file with instructions by mailing a single compressed
file to:
csc487sdsu@gmail.com
To receive full credit, name the compressed file by prepending one partner’s first name
or initials to “Proj02”. For example, mine might be rsfProj02.tar or bobProj02.zip.
Each file must have a header indicating the partner’s names, normal documentation and
usage information, and a statement that, except for the actual hashing function
the work has been created by the partners for CSc 487 and has not been
copied from other sources. You should cite the source of your hashing code as well
as any other references, both in your code and in your report. You should include an
original copy of your hashing function and your commented copy and fully discuss both
the algorithm and the implementation in your report.
2 Basic Functionality
For this project I am asking you to develop a suite of tools to
1. Perform RSA encryption/decryption
• deal with “large” exponents, using the techniques discussed in class
• you need to determine how large your numbers (bases and exponents) can be
and justify your choices in your report
2. Generate and sign RSA (X.509-ish) certificates
• including all needed information found in a Version 1 X.509 cert
• you do not need to code up an original SHA-256 function, but should cite the
source of the hash algorithm you used to hash the cert and sign with the CA’s
private key
• demonstrate ability to revoke certificate by publishing signed revocation list
3. Determine the validity of an RSA certificate and/or revocation list by
• Parsing and verifying a complete trusted chain of any length,
• considering start and end periods,
• having a correct and properly signed hash,
• which is not on a (properly signed) revocation list.
Note that the requirement than you open connections with the other computers in order to “walk” the tree and find all of the certificates has been removed. You may have all of your certs and all of the revocation lists (one per CA)
in a single directory. Your program must still fine the appropriate certs and do all
of the above, but the networking requirement has been deferred to the next project.
4. Perform an authenticated Diffie-Hellman key exchange (to provide perfect forward
secrecy). Namely:
• See RSA task for exponent requirements
• Separate programs for each step (programs for “Alice” and “Bob”)
• Due to the networking requirement being removed, Alice and Bob may now
reside on the same computer and may now communicate via file I/O. Each can
read or write to a file or files in lieu of connecting to another computer over
the network.
5. Generate RSA keys
• You do not need to find your own primes
• Use a list such as: https://compoasso.free.fr/primelistweb/page/prime/
liste_online_en.php (You may need to copy/paste due to linefeed)
• Given two large primes, you need to find n
• find public and private keys
3 Report
Your report should include the following:
• Introduction: Tell me what you’re going to do and how awesome your implementation is
• Background: Give me some background on public key infrastructure, why certificates are warranted, why they must be “signed”, what is so neat about DiffieHellman, etc. Give a a feel for how large the numbers you are dealing with are and
why “normal” exponentiation won’t work.
• Procedure: Show me what you did and how you did it. The nitty-gritty details of your SHA-256 code and modular exponentiation, how you hashed and then
encrypted and what needs to take place to validate. How you dealt with valid
dates/start times/ etc and what your notion of “system time” entails. Show how
your revocation works, how certs are created and signed, etc.
• Conclusions/Results: How did it work? What were you able to demonstrate?
Could you detect forged certs? Could you successfully revoke certs?
• Future Work: If you had another week to work on this, what would you add to
the project? What shortcomings still remained in your final demo that you could
improve upon?
I would suggest having the report prepared prior to your final demo, then updating it and
submitting after the demo.
