Crypto4 Nik
Crypto4 Nik
openssl req -newkey rsa:2048 -nodes -keyout client-key.pem -x509 -days 365 -out client
certificate.pem
openssl req -newkey rsa:2048 -nodes -keyout server-key.pem -x509 -days 365 -out server-
certificate.pem
• Step 2. Combine the private key and public certificate into PCKS12(P12) format for client
and server respectively.
package client;
import javax.net.ssl.*;
import java.io.*;
import java.security.*;
import java.security.cert.CertificateException;
/**
* @author garden
* @create 8/11/18
*/
try {
System.setProperty("javax.net.debug", "all");
InputStream inputStream =
ClassLoader.getSystemClassLoader().getResourceAsStream("client/certificate-client.p12");
keyStore.load(inputStream, password.toCharArray());
// TrustManagerFactory ()
InputStream inputStream1 =
ClassLoader.getSystemClassLoader().getResourceAsStream("server/certificate-server.p12");
trustStore.load(inputStream1, password2.toCharArray());
trustManagerFactory.init(trustStore);
break;
// KeyManagerFactory ()
keyManagerFactory.init(keyStore, password.toCharArray());
X509KeyManager x509KeyManager = null;
break;
kkSocket.setEnabledProtocols(new String[]{"TLSv1.2"});
new InputStreamReader(kkSocket.getInputStream()));
BufferedReader stdIn =
String fromServer;
String fromUser;
break;
fromUser = stdIn.readLine();
if (fromUser != null) {
out.println(fromUser);
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (UnrecoverableKeyException e) {
e.printStackTrace();
} catch (NoSuchProviderException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
import protocol.KnockKnockProtocol;
import javax.net.ssl.*;
import java.io.*;
import java.security.*;
import java.security.cert.CertificateException;
/**
* @author garden
* @create 8/11/18
*/
try {
System.setProperty("javax.net.debug", "all");
InputStream inputStream =
ClassLoader.getSystemClassLoader().getResourceAsStream("server/certificate-server.p12");
keyStore.load(inputStream, password.toCharArray());
// TrustManagerFactory
InputStream inputStream1 =
ClassLoader.getSystemClassLoader().getResourceAsStream("client/certificate-client.p12");
trustStore.load(inputStream1, password2.toCharArray());
trustManagerFactory.init(trustStore);
break;
// KeyManagerFactory ()
keyManagerFactory.init(keyStore, password.toCharArray());
break;
serverSocket.setNeedClientAuth(true);
serverSocket.setEnabledProtocols(new String[]{"TLSv1.2"});
PrintWriter out =
new InputStreamReader(socket.getInputStream()));
outputLine = kkp.processInput(null);
out.println(outputLine);
outputLine = kkp.processInput(inputLine);
out.println(outputLine);
if (outputLine.equals("Bye."))
break;
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (UnrecoverableKeyException e) {
e.printStackTrace();
} catch (NoSuchProviderException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
}
Output:
1. In Total MacOS has 149 System root Certificates ( Search Keychain Access on spotlight)
2. 2. Root Certificate Authorities (CAs) play a critical role in the secure transmission of data
over the internet, particularly in the context of SSL/TLS connections. SSL (Secure Sockets
Layer) and its successor, TLS (Transport Layer Security), are cryptographic protocols that
provide secure communication over a computer network. These protocols encrypt the data
transmitted between a client (such as a web browser) and a server, ensuring confidentiality,
integrity, and authenticity of the exchanged information. The trust model in SSL/TLS relies
heavily on Certificate Authorities. A Certificate Authority is a trusted entity that issues digital
certificates, which serve as electronic documents verifying the identities of parties involved
in a communication and facilitating the encryption process. Root CAs are the highest level
in the hierarchical structure of CAs. Here's how it works: 1. Root CA Certificates: Root CAs
are entities that are implicitly trusted by devices and software applications. They are
typically pre installed on operating systems, web browsers, and other network devices.
These root CA certificates act as anchors of trust. They are used to verify the authenticity of
other certificates in the chain. 2. Certificate Chain: When a client (e.g., a web browser)
connects to a server over HTTPS (HTTP Secure), the server presents its digital certificate,
which includes information such as the server's identity, its public key, the CA that issued
the certificate (known as the intermediate CA), and a digital signature from the issuing CA.
The client then verifies the server's certificate by checking its signature against the public
key of the issuing CA. If the signature is valid and the certificate is issued by a trusted CA
(i.e., the CA's root certificate is present in the client's trust store), the client trusts the
server's identity. 3. Trust Hierarchy: The trust in the SSL/TLS ecosystem is based on the
principle of delegation. Root CAs delegate authority to intermediate CAs, which in turn
issue certificates to end entities (such as websites). The trust is established by the inclusion
of the root CA certificates in the trust store of devices and software applications. This trust
hierarchy ensures that certificates issued by trusted CAs are accepted as authentic,
thereby enabling secure communication between clients and servers. 4. Security and
Assurance: The use of root CA certificates provides assurance that the entities involved in
the communication are who they claim to be. It also helps prevent various security threats,
such as man in-the-middle attacks, where an attacker intercepts and alters communication
between the client and server. By verifying the authenticity of certificates, root CAs help
maintain the integrity and confidentiality of data transmitted over the internet. In summary,
root CA certificates are foundational elements in the SSL/ TLS infrastructure, establishing
trust and enabling secure communication by verifying the authenticity of digital certificates
presented by servers. They form the basis of the trust model that underpins the security of
the internet.
3. . To view the certificates for a website in your browser: - Navigate to the website (e.g.,
google.com). - Click on the padlock icon next to the URL in the address bar. - Select
"Certificate" or "View Certificate" option (may vary depending on the browser). -This will
open a window displaying the certificate details.
4. Possible risks of trusting a CA include: * Misissuance: CAs could mistakenly issue
certificates to malicious entities, compromising security. * Compromise: If a CA's private
key is compromised, attackers could issue fraudulent certificates, leading to man-in-the-
middle attacks. * Lack of transparency: Some CAs may not adhere to strict security
practices or may have opaque policies, leading to potential security vulnerabilities.