CONTENTS

• Access Control & OS
  1. Tutorial Overview
  2. Windows Lab Procedures
  3. Unix 's File System
  5. SOLARIS
  6. SOLARIS Lab Procedures
• Apache SSL
  1. Tutorial Overview
  2. Installing Components
  3. Creating a Certificate
  4. Configuring Apache SSL
• Authenticode
  1. Tutorial Overview
  2. Installing .NET Framework SDK
  3. Signing a File
  4. Verifying a Signature
• Common Criteria Methodology
  1. Tutorial Overview
  2. General Evaluation Guidelines
  3. Evaluation of Functional Requirements TOE
  4. Questions
  5. References
• Cryptography with C#
  1. Tutorial Overview
  2. C# .NET Framework Examples
  3. Message Authentication
  4. Digital Signatures
  5. Exercises
  6. Resources
• Cryptographic Libraries
  1. Tutorial Overview
  2. OpnelSSL's Toolkit
  3. Java Cryptography Extension
  4. Exercises
  5. Resources
• Firewall Access Control Lists
  1. Tutorial Overview
  2. Technical Details
  3. Telnet and FTP
  4. Lab Report
• Firewall Configurations & Attacks
  1. Tutorial Overview
  2. Attacking Without a Firewall
  3. Filter an IP Address
  4. Filter TCP Traffic
  5. Misconfigured Firewall Examples
  6. Exercises
• Forensics
  1. Tutorial Overview
  2. Exercises
  3. Hidden Data
  4. Steganography
  5. Viewing IE Cache
  6. Installation Instructions
• IIS & Server 2003
  1. Tutorial Overview
  2. Installing Components
  3. Create a Certificate Request
  4. Submit a Certificate Request
  5. Installing a Certificate
  6. Secure Certificate Services
  7. Secure the Server
  8. Secure IIS
• IPSec and VPN Tunnel
  1. Tutorial Overview
  2. Technical Details
  3. VPN Tunnel Parameters
  4. Lab Report
• Java Code Signing
  1. Tutorial Overview
  2. Installing Java & Signing a File
  3. Verifying a Signature
• Network Protocol Analyzers
  1. Tutorial Overview
  2. TCPDump
  3. Ethereal
  4. Sniffer Distributed System
  5. Telnet Session
• PKI
  1. Tutorial Overview
  2. Installing Thunderbird
  3. Installing GPG and Enigmail
  4. Create and Use Key Pairs
• Secure Cookies
  1. Tutorial Overview
  2. Installing Components
  3. Creating a Secure Cookie
• Three Tier

1. Creating Public/Private Keys. To create both the public and private keys you will use the MakeCert tool, which can be accessed via the SDK command prompt through your start. Open the command prompt by going to Microsoft .NET Framework SDK v2.0 and selecting the SDK Command Prompt under the Start Menu. This will open a command window in the SDK directory.

After you have opened the command prompt type makecert –sv private_key_name.pvk –ss storename –r –n “CN=your name” public_key_name.cer to create both a public and private key.

The command is explain in detail for better understanding.

This command is one of the basic commands that use the default values when creating keys. There are numerous flags that can be used to change or add data to the keys, which you can read about on your own.

You will be prompted to create a private key password and confirm it.

After creating the private key password you will be prompted for it again.

You should get a “Succeeded” message from MakeCert if the keys were created successfully.



If you receive an error message the problem is probably due to an incorrect private key password. Reenter the MakeCert command and you will be prompted for the private key password again. Reenter the password to complete the key creation process.

2. Creating a SPC File. This will wrap multiple x.509 certificates into a public key certificate standard (pkcs) #7. This program is for test purposes only. A valid SPC must be obtained from a CA. To create a SPC file using your certificate enter cert2spc public.cer spc.spc. The SPC file will be used to sign a file.

3. Signing a File. To sign a file you will use the SignTool, which can be accomplished by the command prompt and Digital Signature Wizard GUI. This tutorial will use the GUI, which will allow you to see the steps required to sign a file. To run the SignTool GUI use signtool signwizard.

You will be presented with the Digital Signature Wizard’s welcome screen. To continue with the wizard click Next. You will then be presented with the File Selection screen, which will allow you to select the file you wish to sign. You can only sign .exe, .dll, or .ocx files with Authenticode.

You can download the good.dll to sign. However, all you have to do is choose an executable off your machine to sign.

Click the Browse button and navigate to the location of the file you wish to sign and select it. After choosing a file to sign click the Next button to continue with the wizard.

After selecting the file to sign you must chose the certificate to attach to the signature. This file will be the .spc file that was created using your public key. To select the .spc file click Select from File then navigate to the location of the .spc file and select it.

After selecting the certificate to be attached to the signature click Next.

Now you must select the private key you want to use to sign the file. To do this select Browse and navigate to the location of your private key and select it.

After selecting the private key select Next where you will be prompted for the private key’s password. Without this you will not be able to complete the signing process.

The next step is to select the hash algorithm you want to use to create the file signature. SHA1 is the default option and is acceptable to keep. The SHA1 hash algorithm produces a 160-bit (20 byte) message digest, which will slow implementation but is stronger against a brute force attack. The MD5 produces a small message digest at 128-bit (16 byte) that makes for a fast implementation but is weaker again brute force attacks.

You have the option to include additional certificates in the signature, which is common practice when you obtain a certificate from a CA. However, in this tutorial you created a self signed certificate so there are no other certificates that need to be included with the signature, which is why the default settings were kept. Modifications to the additional certificate settings depend on your specific requirements when signing a file. Click Next to continue.

It is a best practice to include information about the data you are signing and a Web site where a person can find additional information pertaining to the signature. You can enter this information or just continue to the next step by clicking Next.

A time stamp should always be included with every signed file, which indicates to the public when the file was signed and its existence. To sign a file you need to provide the URL of a timestamping service. You can use Verisign’s service at http://timestamp.verisign.com/scripts/timstamp.dll. After you have entered the timestamp URL click Next to continue.

You now can verify the options you will use to create the signature. If there is anything that you missed or want to double you have the opportunity to do it here. When you are satisfied click Next to complete the signing process.

You will be prompted for your private key’s password as the final step in completing the signing wizard. After you provide the password click Next to generate the signature for the selected file.

The final step is to make your public key available to the public along with the file you signed.

Browse Pages << | < | 1 2 3 4 | > | >>