KEMBAR78
PKI & DSA Lab Report | PDF | Public Key Cryptography | Key (Cryptography)
Scribd
Upload
32 views4 pages

PKI & DSA Lab Report

report

Uploaded by

vlad pislaru
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
32 views4 pages

PKI & DSA Lab Report

report

Uploaded by

vlad pislaru
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Ministry of Education, Culture and Research of the

Republic of Moldova
Technical University of Moldova
Department of Software and Automation Engineering

REPORT
Laboratory work No. 5
Discipline: Cryptography and Security

Elaborated: Pîslaru Vladislav FAF-223

Checked: Nirca Dumitru asist. univ.,

Chișinău 2024

Public Key Infrastructure (PKI) and Digital Signature Algorithm


(DSA)
Table of Contents

1. Introduction
2. Objectives
3. Algorithm Overview
- RSA (Rivest-Shamir-Adleman)
- Digital Signature Algorithm (DSA)
4. Implementation Details
- Tools Used
- Workflow
- Key Components of the Python Script
5. Challenges and Solutions
6. Testing and Results
7. Conclusion

1. Introduction
Public Key Infrastructure (PKI) provides a framework for securing communications and data using
public key cryptography. It ensures confidentiality, integrity, authentication, and non-repudiation of
data by managing keys and certificates.

This task focuses on implementing a PKI system using OpenSSL to handle:


1. Certificate Authority (CA) setup.
2. User key and certificate generation.
3. File signing and signature verification.
4. Certificate revocation.

2. Objectives
- Set up an internal PKI system using OpenSSL.
- Generate a root CA private key and a self-signed certificate.
- Issue and revoke user certificates.
- Enable file signing and signature verification.
- Automate the process using Python.

3. Algorithm Overview
RSA (Rivest-Shamir-Adleman)
RSA is an asymmetric cryptographic algorithm widely used in PKI. It involves two keys:
- Private Key: Used for signing or decrypting data.
- Public Key: Used for verifying signatures or encrypting data.

Key Steps:
1. Key generation using large prime numbers.
2. Public and private key pair creation.
3. Secure data exchange or verification using these keys.

Advantages:
- Strong security with sufficient key length (e.g., 2048 or 4096 bits).
- Asymmetric, requiring no shared secret.

Digital Signature Algorithm (DSA)


DSA is a Federal Information Processing Standard (FIPS) for digital signatures. While RSA can sign
and encrypt, DSA focuses exclusively on signing and verifying.

Steps in DSA:
1. Signing: Hash the data, encrypt it with the private key to generate the signature.
2. Verification: Decrypt the signature with the public key and compare it to the data's hash.

4. Implementation Details
Tools Used
- Python: To automate PKI operations.
- OpenSSL: For cryptographic operations (key generation, signing, etc.).
- File System: Directory structure for managing certificates and CRLs.

Workflow
1. CA Setup:
- Create directories and files for the CA.
- Generate a root private key (4096 bits) and a self-signed certificate valid for 10 years.
2. User Certificate Generation:
- Create a private key (2048 bits) and a Certificate Signing Request (CSR).
- Use the root CA to issue the user certificate.
3. File Signing and Verification:
- Sign a file using the user's private key.
- Verify the signature with the user's certificate.
4. Certificate Revocation:
- Revoke the user certificate.
- Generate a Certificate Revocation List (CRL).

5. Challenges and Solutions


1. Platform Compatibility:
- The script was designed to work on Windows, avoiding Bash-specific syntax like process
substitution `<(...)`.
2. CRL Generation Issue:
- Missing `default_crl_days` in the OpenSSL configuration was fixed to specify CRL validity.
3. Public Key Extraction:
- Explicitly extracted the public key into a file for signature verification.

6. Testing and Results


Test Cases:
1. Successfully created a root CA.
2. Generated and signed user certificates.
3. Verified digital signatures for test files.
4. Revoked certificates and updated the CRL.

Output Example:
```
Setting up CA directory...
Generating Root CA...
Creating OpenSSL Configuration...
Generating User Certificate...
Certificate is to be certified until Dec 10 2025 GMT.
Signing file...
Verifying signature...
Verified OK
Revoking user certificate...
PKI operations completed successfully.
```

7. Conclusion
This task demonstrated how to implement a secure PKI system with automation. Using RSA and
OpenSSL ensured strong cryptographic operations, while Python streamlined the process. The
system can be expanded for real-world applications, including secure file exchange and
authentication.

You might also like