CONTENTS

Programming with Cryptographic Libraries

Lab Overview.  Data security has become important as more information is in a digital form. We need security services such as Confidentiality to protect data from unauthorized access. Data authentication is also another important security service, as it provides a method to prove the authenticity of data. In the world of digital communications, in addition to the first two services, data integrity is also essential. The data integrity service is not to protect the data from being tampered with, but it provides a way to prove whether it has been modified.  These three services are important; however, other security services are becoming more attractive for the digital world such as anonymity and service availability.  This tutorial is used in Cryptography TELECOM 2820/INFSCI 2170

In this exercise, you will learn how to protect your data using confidentiality, which is commonly called encryption. You will use two different programming languages, C and Java, for encryption. You will also learn how difficult it is to crack an encrypted piece of code.  Finally, you will learn how to create your own encryption mode and justify what you did.  This tutorial is divided into five sections.  The first section describes OpenSSL and the lab requirements.  The second section covers using OpenSSL.  The third section covers the use of Java Cryptography Extensions.  The fourth and fifth sections are user exercises and resources. 

OpenSSL: Cryptography Library and SSL/TLS Toolkit.  Due to popular web transactions and a need to transmit confidential information, a secure transfer mode was created by Netscape Communications Corporation.  They introduced the Secure Socket Layer (SSL) framework for Hypertext Transfer Protocol (HTTP) for securing web transactions on their web browser.  As SSL become popular, it was immediately deployed for other web browsers. As the number of web services and users continue to grow the demand for secure transactions dramatically increased.  This increase in secure transactions is not only for HTTP, but also for security services that us other protocols on the top of Transmission Control Protocol (TCP). Internet Engineering Task Force (IETF) has established a working group called Transport Layer Security (TLS) in 1996, with the goal to standardize the security protocol for the Transport Layer.

The OpenSSL Project was established to create a software library or toolkit for SSL/TLS.  It is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the SSL v2/v3 and TLS v1 protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation. OpenSSL is based on the excellent SSLeay library developed from Eric A. Young and Tim J. Hudson around 1996. The OpenSSL toolkit is licensed under a dual-license (the OpenSSL license plus the SSLeay license) , which basically means that you are free to get and use it for commercial and non-commercial purposes as long as you fulfill the conditions of both licenses.

In this lab, you will be introduced to some concepts of OpenSSL's application programming interface (API), which will allow you to create your own program to solve a particular crypto problem such as encryption or decryption.  To accomplish this you will also learn how to use the crypto library in OpenSSL.

Overview of OpenSSL.  OpenSSL includes APIs for SSL/TLS protocol, in addition to several cryptographic algorithms for confidential services based on both secret key and public key cryptography. It also includes hash/MAC mechanisms  for message integrity services and digital signature for non-repudiation services. Along with SSL/TLS, a digital certificate is an important part, which you will be able to create using OpenSSL.  OpenSSL supports the creation of digital or public key certificates based on thee X.509 standard, the conversion between X.509 and ASN.1 encoding standards, and PEM certificates.  The OpenSSL toolkit includes the following components:

  • Libssl.a: Implementation of SSLv2, SSLv3, TLSv1 and the required code to support both SSLv2, SSLv3 and TLSv1 in the one server and client.
  • libcrypto.a: General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not actually logically part of it. It includes routines for the following:
    • Ciphers: DES, RC2, RC4, RC5, Blowfish, IDEA, AES
    • Digests: MD2, MD5, SHA-0, SHA-1, SHA-128, SHA-256, SHA-512, MDC2
    • MAC: HMAC
    • Public Key: RSA, DSA Diffie-Hellman key-exchange/key generation.
    • X.509v3 certificates: X509 encoding/decoding into/from binary ASN.1 and a PEM based ASCII-binary encoding, base64 encoding
    • RSA and DSA certificate generation
  • openssl: A command line tool that can be used for: creation of RSA, DH and DSA key parameters, creation of X.509 certificates, CSRs and CRLs, calculation of Message Digests Encryption and Decryption with Ciphers SSL/TLS Client and Server Tests, Handling of S/MIME signed or encrypted mail

Lab Requirements.  To complete the C portion of this lab you will need a workstation in SIS Lab or a Windows-based machine that already has OpenSSL installed.   The SIS workstations already have OpenSSL installed on them, so using them will require less work on your part.  If you wish to install OpenSSL on  your computer, please read the instructions at http://www.openssl.org.

To complete the Java portion you will need a workstation in SIS Lab or a Windows-based machine that already has the latest Java 2 Standard Edition (J2SE) installed.  Again J2SE is already installed on the computers in the SIS lab.   If you insist to install java on your computer, please read the instructions at  http://java.sun.com/products/jce/downloads/index.html.  If you require an overview of Java or C  you should visit http://java.sun.com.