Programming with Cryptographic Libraries
Lab Overview. Data security has become important as more
information is in a digital form. We need security services such as
Confidentiality to protect data from unauthorized access. Data
authentication is also another important security service, as it
provides a method to prove the authenticity of data. In the world of
digital communications, in addition to the first two services, data
integrity is also essential. The data integrity service is not to
protect the data from being tampered with, but it provides a way to
prove whether it has been modified. These three services are
important; however, other security services are becoming more attractive
for the digital world such as anonymity and service availability.
This tutorial is used in
Cryptography TELECOM 2820/INFSCI 2170.
In this exercise, you will learn how to protect your data using
confidentiality, which is commonly called encryption. You will use two
different programming languages, C and Java, for encryption. You will
also learn how difficult it is to crack an encrypted piece of code.
Finally, you will
learn how to create your own encryption mode and justify what you did.
This tutorial is divided into five sections. The first section
describes OpenSSL and the lab requirements. The second section
covers using OpenSSL. The third section covers the use of Java
Cryptography Extensions. The fourth and fifth sections are user
exercises and resources.
OpenSSL: Cryptography Library and SSL/TLS Toolkit. Due to popular web transactions and a need
confidential information, a secure transfer mode was created by Netscape Communications Corporation.
They introduced the Secure Socket Layer
(SSL) framework for Hypertext Transfer Protocol (HTTP) for securing web
transactions on their web browser. As SSL become popular, it was immediately deployed
for other web browsers. As the number of web
services and users continue to grow the demand for secure transactions dramatically increased.
This increase in secure transactions is not only for HTTP, but also for
security services that us other protocols on the top of Transmission
Control Protocol (TCP). Internet Engineering Task Force (IETF)
has established a working group called Transport Layer Security (TLS) in
1996, with the goal to standardize the security protocol for the Transport
The OpenSSL Project was established to create a software library or
toolkit for SSL/TLS. It is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source
toolkit implementing the SSL v2/v3 and TLS v1 protocols as well as a
full-strength general purpose cryptography library. The project is
managed by a worldwide community of volunteers that use the Internet to
communicate, plan, and develop the OpenSSL toolkit and its related
documentation. OpenSSL is based on the excellent SSLeay library
developed from Eric A. Young and Tim J. Hudson around 1996. The OpenSSL toolkit is licensed under a dual-license (the OpenSSL license
plus the SSLeay license) , which basically means that you are
free to get and use it for commercial and non-commercial purposes as
long as you fulfill the conditions of both licenses.
In this lab, you will be introduced to some concepts of OpenSSL's
application programming interface (API), which will allow you to create
your own program to solve a particular crypto problem such as encryption
or decryption. To accomplish this you will also learn how to use
the crypto library in OpenSSL.
Overview of OpenSSL. OpenSSL includes APIs for SSL/TLS
protocol, in addition to several cryptographic algorithms for confidential services
based on both secret key and public key cryptography. It also includes
hash/MAC mechanisms for message integrity services and digital signature for
non-repudiation services. Along with SSL/TLS, a digital certificate is
an important part, which you will be able to create using OpenSSL.
OpenSSL supports the creation of digital or public
key certificates based on thee X.509 standard, the conversion
between X.509 and ASN.1 encoding standards, and PEM certificates. The OpenSSL
toolkit includes the following components:
- Libssl.a: Implementation of SSLv2, SSLv3, TLSv1 and the required code
to support both SSLv2, SSLv3 and TLSv1 in the one server and client.
- libcrypto.a: General encryption and X.509 v1/v3 stuff needed by SSL/TLS
but not actually logically part of it. It includes routines for the
- Ciphers: DES, RC2, RC4, RC5, Blowfish, IDEA, AES
- Digests: MD2, MD5, SHA-0, SHA-1, SHA-128, SHA-256, SHA-512, MDC2
- MAC: HMAC
- Public Key: RSA, DSA Diffie-Hellman key-exchange/key generation.
- X.509v3 certificates: X509 encoding/decoding into/from binary ASN.1 and
a PEM based ASCII-binary encoding, base64 encoding
- RSA and DSA certificate generation
- openssl: A command line tool that can be used for: creation of RSA, DH
and DSA key parameters, creation of X.509 certificates, CSRs and CRLs,
calculation of Message Digests Encryption and Decryption with Ciphers
SSL/TLS Client and Server Tests, Handling of S/MIME signed or encrypted
Lab Requirements. To complete the C portion of this lab
you will need a workstation in SIS Lab or a Windows-based machine that
already has OpenSSL installed. The SIS workstations
already have OpenSSL installed on them, so using them will require less
work on your part. If you wish to install OpenSSL on your computer, please read
the instructions at http://www.openssl.org.
To complete the Java portion you will need a workstation in SIS Lab or a Windows-based
already has the latest Java 2 Standard Edition (J2SE) installed.
Again J2SE is already installed on the computers in the SIS lab. If you insist to install
java on your computer, please read the
http://java.sun.com/products/jce/downloads/index.html. If you require an overview of Java or C you
should visit http://java.sun.com.