Team size: 1
Start and deadline for this lab: see tuwel
Exercise interview: No exercise interviews. If submissions are unclear students can be invited for exercise interviews.
This lab should enable you to work with encrypted emails and also with X.509 certificates and certificate authorities. Furthermore, it is needed to login to the exercise environment for the following labs.
This part of the exercise deals with simple cryptography which you are obliged to solve for receiving credentials for the lab environment. It is compulsory that you use your student email-address (eMATRICULATION_NUMBER(at)student.tuwien.ac.at, MATRICULATION_NUMBER stands for your own matriculation number and (at) for @). Use a mail client of your choosing and configure your email address.
Install PGP or GnuPG. Create a key-pair and assign it to your e-mail address. Then use our Account Mailer.
IMPORTANT: You will receive the login credentials for further exercises via an encrypted e-mail. Therefore, it is mandatory that you manage to receive encrypted e-mails and decrypt them. Of course, you can use the account mailer service more than once for testing purposes. Please also remember your changed password for the further labs ;-)
With the credentials of Lab0a you have to log in at the exercise environment using ssh (tese.esse-teaching.at
, Port 20000. (On Windows you can use, e.g., putty
.) After login on tese
, you will find a file containing some text that you must include in the submission document (refer to Specification Lab0d).
The following fingerprints can be used for verification of the host key: SHA256:z5nliIMs3Iy5jInoqLzyBvKVrY3BE1p6ZIy4eeypahE (ECDSA)
, SHA256:EeLR4QpXUs1D7qKHKGQkKJw7HYZUHW3kB/8uwWl1Ris (RSA)
. You might need to configure your client in order to obtain the desired key type.
You are required to change the initial password of your account obtained via the Lab0a web service on the first login.
Please make sure that SSH multiplexing is not enabled. Otherwise, the password change request happens again on successive logins through the established SSH connection.
In this exercise you will use/learn the basics of how to deal with X.509 certificates. A common library used for handling X.509 is openssl
and its command-line tool. In case you have not yet heard about it, you should look up some documentation. For example, HOWTOs at https://www.openssl.org/docs/).
You first need to generate your own intermediate certificate authority (CA) and have it signed by our root certificate authority for this lab.
Create a certificate authority with the following details:
Create a certificate signing request (CSR) for this intermediate CA and upload it via tuwel at the submission page of Lab0c tuwel
If you successfully submitted the CSR and all details are correct the submission system will sign it with our root certificate authority (ESSE-Lab0-Root-CA-WS2022) for this lab. Your signed certificate and the certificate of our root certificate authority (ESSE-Lab0-Root-CA-WS2022) can be downloaded at the submission page of Lab0c in tuwel.
The submission of Lab0c is worth 5 points (of total 20 points for Lab0).
Create a key pair for the purpose of signing documents with the following details:
Then sign this key (MATRICULATION_NUMBER-Signee-Entity-WS2022) with your intermediate CA (MATRICULATION_NUMBER-Intermediate-CA-WS2022) with the following details:
Combine the certificates for the following CAs respectively key into the file cert-chain_MATRICULATION_NUMBER.pem:
Create a file cookie_MATRICULATION_NUMBER.txt with the following content:
Sign your file cookie_MATRICULATION_NUMBER.txt with the following details and save the signature in cookie_MATRICULATION_NUMBER.txt.sha512
Pack the following files into the file lab0d_MATRICULATION_NUMBER.tar.bz2
Upload the file lab0d_MATRICULATION_NUMBER.tar.bz2 via tuwel at the submission page of Lab0d tuwel
The submission of Lab0d is worth 15 points (of total 20 points for Lab0).
Please keep in mind that this lab is relatively short. Do not deduce the effort of later labs from lab0.