Practical: 9

AIM: Write a program to generate SHA-1 hash.

Description:

The Secure Hash Algorithm 1 (SHA-1) is a cryptographic computer security algorithm. It

was created by the US National Security Agency in 1995, after the SHA-0 algorithm in 1993,
and it is part of the Digital Signature Algorithm or the Digital Signature Standard (DSS).

SHA-1 produces a 160-bit hash value or message digests from the inputted data (data that
requires encryption), which resembles the hash value of the MD5 algorithm. It uses 80 rounds
of cryptographic operations to encrypt and secure a data object

SHA-1 is commonly used in cryptographic applications and environments where the need for
data integrity is high. It is also used to index hash functions and identify data corruption and
checksum errors.

Properties SHA1

Message Digest Size 160

Message Size <2

64

Block Size 512

Word Size 32

Number Of Steps 80

BIT/CE/INS/DIV-2/160050107089 Page 28
Output :

BIT/CE/INS/DIV-2/160050107089 Page 29
 Practical: 10
AIM: Implement a digital signature algorithm.

Description:

A digital signature is a mathematical technique used to validate the authenticity and integrity
of a message, software or digital document.The operation of the digital signature is similar to
that of the MAC.In the case of the digital signature, the hash value of a message is encrypted
with a user’s private key.Anyone who knows the user’s public key can verify the integrity of
the message that is associated with the digital signature..

If confidentiality as well as a digital signature is desired, then the message plus the private-
key-encrypted hash code can be encrypted using a symmetric secret key.

BIT/CE/INS/DIV-2/160050107089 Page 30
Output :

BIT/CE/INS/DIV-2/160050107089 Page 31
BIT/CE/INS/DIV-2/160050107089 Page 32
BIT/CE/INS/DIV-2/160050107089 Page 33
 Practical: 11
AIM: Perform various encryption-decryption techniques with cryptool.

Output :

Ceaser

Playfair

BIT/CE/INS/DIV-2/160050107089 Page 34
Rail fence

BIT/CE/INS/DIV-2/160050107089 Page 35
BIT/CE/INS/DIV-2/160050107089 Page 36
 EXTRA PRACTICALS

Digital Signature:

BIT/CE/INS/DIV-2/160050107089 Page 37
BIT/CE/INS/DIV-2/160050107089 Page 38
 One-time pad:

BIT/CE/INS/DIV-2/160050107089 Page 39
BIT/CE/INS/DIV-2/160050107089 Page 40
BIT/CE/INS/DIV-2/160050107089 Page 41
 Practical: 12
AIM: Study and use the Wireshark for the various network protocols.

Description :

Wireshark is a network packet analyzer. A network packet analyzer will try to capture network
packets and tries to display that packet data as detailed as possible.You could think of a
network packet analyzer as a measuring device for examining what’s happening inside a
network cable, just like an electrician uses a voltmeter for examining what’s happening inside
an electric cable (but at a higher level, of course).

In the past, such tools were either very expensive, proprietary, or both. However, with the
advent of Wireshark, that has changed. Wireshark is available for free, is open source, and is
one of the best packet analyzers available today.

Here are some reasons people use Wireshark:

 Network administrators use it to troubleshoot network problems

 Network security engineers use it to examine security problems
 QA engineers use it to verify network applications
 Developers use it to debug protocol implementations
 People use it to learn network protocol internals

Output :

Investigating HTTP Protocol in Wireshark .

BIT/CE/INS/DIV-2/160050107089 Page 42
Investigating TCP Protocol in Wireshark.

BIT/CE/INS/DIV-2/160050107089 Page 43
Investigating IP Protocol in Wireshark.

BIT/CE/INS/DIV-2/160050107089 Page 44
BIT/CE/INS/DIV-2/160050107089 Page 45
 Practical: 13
AIM: Study how the browsers manage the digital certificates for various
secured websites for making secured communication.
Description :

A digital certificate, also known as a public key certificate, is used to cryptographically link
ownership of a public key with the entity that owns it. Digital certificates are for sharing
public keys to be used for encryption and authentication. Digital certificates include the
public key being certified, identifying information about the entity that owns the public key,
metadata relating to the digital certificate and a digital signature of the public key created by
the issuer of the certificate.

The distribution, authentication and revocation of digital certificates are the primary purposes
of the public key infrastructure (PKI), the system by which public keys are distributed and
authenticated.

Public key cryptography depends on key pairs: one a private key to be held by the owner and
used for signing and decrypting, and one a public key that can be used for encryption of data
sent to the public key owner or authentication of the certificate holder's signed data. The
digital certificate enables entities to share their public key in a way that can be authenticated.

Digital certificates are used in public key cryptography functions; they are most commonly
used for initializing secure SSL connections between web browsers and web servers. Digital
certificates are also used for sharing keys to be used for public key encryption and
authentication of digital signatures.

Digital certificates are used by all major web browsers and web servers to provide assurance
that published content has not been modified by any unauthorized actors, and to share keys
for encrypting and decrypting web content. Digital certificates are also used in other contexts,
both online and offline, for providing cryptographic assurance and privacy of data.

Who can issue a digital certificate

While it is possible for an entity to create its own PKI and issue its own digital certificates --
and in some cases this approach might be reasonable, for example when an organization
maintains its own PKI to issue certificates for its own internal use -- the vast majority of
digital certificates are issued by a certificate authority (CA). CAs are considered trusted third
parties in the context of a PKI; using a trusted third party to issue digital certificates enables

BIT/CE/INS/DIV-2/160050107089 Page 46
individuals to extend their trust in the CA to the trustworthiness of the digital certificates that
it issues.

Difference between digital certificate and digital signature

Public key cryptography enables a number of different functions, including both encryption
and authentication. A digital signature is another one of those functions enabled by public
key cryptography; digital signatures are generated using algorithms for signing of data, with
the result that a recipient can irrefutably confirm that the data was signed by the holder of a
particular public key.

Digital signatures are generated by hashing the data to be signed with a one-way
cryptographic hash; the result is then encrypted with the signer's private key. The digital
signature incorporates this encrypted hash, which can only be authenticated (verified) by
using the sender's public key to decrypt the digital signature, and then running the same one-
way hashing algorithm on the content that was signed. The two hashes can then be compared,
and if they match it proves that the data was unchanged from when it was signed -- and that
the sender is the owner of the public key pair used to sign it.

In general, a digital signature can depend on the distribution of a public key in the form of a
digital certificate -- but it is not mandatory that the public key be transmitted in that form.
However, digital certificates themselves are signed digitally, and they should not be trusted
unless the signature can be verified.

Types of digital certificates

There are three different types of digital certificates used by web servers and web browsers to
authenticate over the internet. These digital certificates are used to link a web server for a
domain to the individual or organization that owns the domain.

These certificates are usually referred to as SSL certificates even though the SSL protocol has
been superseded by the Transport Layer Security (TLS) protocol.

 Domain Validated (DV SSL) certificates offer the least amount of assurance about the
holder of the certificate. Applicants for DV SSL certificates need only demonstrate that
they have the right to use the domain name. While these certificates can give assurance
that data is being sent and received by the holder of the certificate, they give no
guarantees about who that entity is.

 Organization Validated (OV SSL) certificates provide additional assurances about the
holder of the certificate; in addition to confirming that the applicant has the right to use

BIT/CE/INS/DIV-2/160050107089 Page 47
 the domain, OV SSL certificate applicants undergo additional confirmation of their
ownership of the domain.

 Extended Validation (EV SSL) certificates are issued only after the applicant is able
to prove their identity to the satisfaction of the CA. The vetting process includes
verification of the existence of the entity applying for the certificate, verifying that
identity matches official records, verifying that the entity is authorized to use the domain
and confirming that the owner of the domain has authorized the issuance of the certificate.

These types of SSL certificates are available from CAs for web domains, though the exact
methods and criteria for these certificates are evolving as the CA industry adapts to new
conditions and applications.

In addition to SSL certificates, there are other types of digital certificates used for other
purposes. They are as follows:

 Code signing certificates may be issued to organizations or individuals who publish

software. These certificates are used to share public keys that sign software code,
including patches and software updates. Code signing certificates certify the authenticity
of the signed code.

Client certificates, also called a digital ID, are issued to individuals in order to bind their
identity to the public key in the certificate. Individuals can use these certificates to digitally
sign messages or other data; individuals can also use their private keys to encrypt data which
recipients can decrypt using the public key in the client certificate.

BIT/CE/INS/DIV-2/160050107089 Page 48
How to View SSL Certificate Details

Since browsers are updated fairly regularly and SSL presentation in particular is currently
undergoing quite a lot of change, I will be updating the sections below as new versions are
released. I've noted the versions I used for testing, but for the most part, the same
steps should apply for older versions as well.

Chrome - Desktop (v.63)

I'm very excited that Chrome has brought back the ability to access certificate details right
from the main browser interface. This functionality disappeared for a little while (~v55 - v60)
and you had to go through a few mouse clicks to find this info, but now it's very easy. Hooray!

1. Click the padlock in the URL bar. This will trigger a dropdown; click the "Valid" link in
the Certificate section.

EV Certificate in Chrome 63

2. This will bring up the Certificate window where you can click through to your heart’s
content. Certificate contents (e.g. subject, validity period, algorithms) are on the “Details” tab.

BIT/CE/INS/DIV-2/160050107089 Page 49
How SSL Certificates Work

A browser or server attempts to connect to a website (i.e. a web server) secured with SSL. The
browser/server requests that the web server identify itself.The web server sends the
browser/server a copy of its SSL certificate.The browser/server checks to see whether or not it
trusts the SSL certificate. If so, it sends a message to the web server.The web server sends back a
digitally signed acknowledgement to start an SSL encrypted sessionEncrypted data is shared
between the browser/server and the web server.

BIT/CE/INS/DIV-2/160050107089 Page 50
BIT/CE/INS/DIV-2/160050107089 Page 51