Security Technologies
Post By kanra
Blogs Security Technologies
January 03, 2021
Category
Reference
Tag
Security

Encoding & Decoding

ASCII

An ASCII table for conversion with Character, Hex, Octal, Decimal.

Forms: \x2e .

.  \x2e \056  46
/  \x2f \057  47
0  \x30 \060  48
1  \x31 \061  49
H  \x48 \110  72

ASCII Table: http://defindit.com/ascii.html

URL-encoding & URL-decoding

Change special characters into entity code like %AB. This can do encoding and decoding.

encodeURI('&name="hello world*|^#~12"') 
# "&name=%22hello%20world*%7C%5E#~12%22"
encodeURIComponent('&name="hello world*|^#~12"')
# "%26name%3D%22hello%20world*%7C%5E%23~12%22"

decodeURI('&name=%22hello%20world*%7C%5E#~12%22')
# "&name="hello world*|^#~12""
decodeURIComponent('%26name%3D%22hello%20world*%7C%5E%23~12%22')
# "&name="hello world*|^#~12""

Base64 or Base32

This can do encoding and decoding.

echo base64_encode('P@ssW0rd');      # UEBzc1cwcmQ=
echo base64_decode('UEBzc1cwcmQ=');  # P@ssW0rd

# Linux
echo -n "P@ssW0rd" | base64          # encode
echo -n "UEBzc1cwcmQ=" | base64 -d   # decode

Hashing

This can only do encoding (weak). Can’t be decoded.

But can be brute-forced easily.

16 bytes (128 bits) string.

Algorithm such as:

md5
sha1
sha256
ripemd256
whirlpool
tiger192,3
snefru256
gost
adler32
crc32b
fnv164
joaat
haval1
haval256,5

echo hash('md5', 'passowrd')        # 88e2d8cd1e92fd5544c8621508cd706b
echo hash('sha1', 'passowrd')       # 6c526d10729e6cb117d5fe310b80673ad5e8dd70
echo hash('sha256', 'passowrd')     # 19cb2a070ddbe8157e17c5dda0ea38e8aa16fae1725c1f7ac22747d870368579
echo hash('ripemd160', 'passowrd')  # d93dbea08d4eb36be63b5b9e410e2b8af278e07c
echo hash('tiger192,3', 'passowrd') # cd9d47082d5bc583d93d26b62aa52ffb306547db112f835f

 

 

Encryption Technologies

Symmetric encryption algorithm, use the same key to encrypt & decrypt. e.g. AES (Advanced Encryption Standard). Fast, esay to accelerate, good for large data. Key can’t be distributed.

key = Keygen(n)
e_msg = Encrypt(key, msg)
msg = Decrypt(key, e_msg)

 

Asymmetric encryption (Public key, Private key) algorithm, use different key to encrypt and decrypt). e.g. RSA. Slow, hard to accelerate, good for small data. Key can be distributed.

public_key & private_key = Keygen(n)
 
e_msg = Encrypt(publick_key, msg) # anyone can encrypt
msg = Decrypt(private_key, e_msg) # only owner can decrypt

 

Digital signatures, use private key for digital signing and public key for verification. Used to generate signature to authenticate data. (not refusing)

public_key & private_key = Keygen(n)
 
s_msg = Sign(private_key, msg)       # only owner can sign
is_true? = Verify(public_key, s_msg) # anyone can verify if this msg is from the owner

Hash of message from file is signed

 

Real-World Encryption (combine symmetric and asymmetric): encrypt data with key (using symmetric, fast), encrypt key with public key (public key from owner). Send encrypted key and encrypted data to the owner, then owner use private key to decrypt the encrypted key to get key, then use key to decrypt the encrypted data.

sm_key = Keygen(n)
e_msg = Encrypt(sm_key, msg)  
e_key = Encrypt(public_key, sm_key)  # anyone can encrypt

# Send owner the e_msg, e_key
sm_key = Decrypt(private_key, e_key) # only owner can decrypt
msg = Decrypt(sm_key, e_msg) # get the original msg

 

 

Secure Sockets Layer (SSL/TLS)

Between Application and Transport layer to add security.

The latest version of SSL is called Transport Layer Security (TLS).

CA (Certificate Authority), is a server maintains a bunch of certificates, sign/encrypt owner public key and domain information, then generate and issue certificates back to owner.

A certificate (with owner public key) verifies that an entity (person, organization or device) is the owner of a particular public key. A certificate is digitally signed by a CA as a proof. It has information:

  • The Distinguished Name of the entity (Owner) that owns the public key
  • The Distinguished Name of the entity (CA) that issued the certificate
  • The period of time during which the certificate is valid
  • The public key itself

Useful certificate can be obtained from a Certificate Authority (CA) such as VeriSign.

A certificate chain consists of the client certificate and one or more CA certificates.

A process that using SSL/TLS on HTTP to initial Handshake (Site address become https://)

 

 

Private and Public key

To create private key (key length 4096 bits) and CSR (contain public key) in PEM format (can be used in https server).

When to order a SSL certificate from CA, a Certificate Signing Request (CSR) file (public key) as “server_https_public.key” will be used.

/CN means Issuer Common Name, is the public domain name such as abc.com, or wildcard domain such as *.abc.com.

# generate private key
openssl genrsa -out private.key 4096

# extract public key from private key
openssl rsa -in private.key -pubout -out public.key

# generate certificate signing request (PEM format) from private key that contains the public key portion of the private key as well as subject info
openssl req -new -key private.key -out certificat-request.csr -subj "/C=US/ST=Utah/L=Lehi/O=Company/OU=IT/CN=domain.com"

# generate X.509 standard certificate with the private key
openssl req -new -x509 -days 9999 -key private.key -out x509-certificate.crt -subj "/CN=MyName"

# view certificate content
openssl x509 -text -in x509-certificate.crt -noout

To convert the .pub file generated from ssh-keygen into the pem format from openssl

ssh-keygen -f pixamed-public.pub -e -m pem > public.pem

To Generate both Private key and certificate request (contain public key and other info)

openssl req -new -newkey rsa:2048 -nodes -out server_https_request.csr -keyout server_https_private.key -subj "/C=US/ST=state/L=city/O=company/OU=department/CN=karanokara.com"

 

 

KeyStore & TrustStore Mechanism

A Keystore is a type of database container consists of keystore entries. Common file format: .jks in Java.

Two types of Keystore entry, each has an unique alias:

  • Key entry consist of:
    1. Private Key
    2. certificates chain or public key certificate
  • Trusted certificate entry consist of:
    1. public key certificate

Usage: encryption, authentication, and serving over HTTPS. Used to authenticate yourself to a remote party (when required).

A keystore is protected by a keystore password, and each entry is protected by a key password.

A TrustStore is a KeyStore, which contain only a number of CA certificates that you’re willing to trust (a “trust” store).

Usage: to verify remote certificates that you don’t know but to trust.

 

Keytool Program

Create a KeyStore file keystore.jks, with 1 key entry naming “test” using algorithm of 2048-bit RSA key pair.

keytool -genkey -alias test -keyalg RSA -keystore "C:\keys\keystore.jks"

List the content of a KeyStore file.

keytool -list [-v:verbose] -keystore "keystore.jks"

Export a certificate by alias from a KeyStore file to a file in .cer or .der.

keytool -export -alias test -file "C:\keys\cert.cer" -keystore "C:\keys\keystore.jks"

 

 

 

 

AUTHOR : kanra
EMAIL : karawakara@gmail.com
Working on Networking, Web Development, Software Development, Server-side deployment. Having fun on doing experiments on new technologies.
Related Posts
VIEW
Reference
Authentication And Authorization
VIEW
Reference
Cisco Certified Network Associate (CCNA) Reference
VIEW
Reference
Authentication And Authorization
VIEW
Reference
Cisco Certified Network Associate (CCNA) Reference