Advanced Security for Systems Engineering VU - WS2018 (183.645) Lab0

Team size: 1
Start and deadline for this lab: see (external link)tuwel

Exercise interview: No exercise interviews. If submissions are unclear students can be invited for exercise interviews.


This lab should enable you to write and read encrypted e-mails. Furthermore, it is needed to login to the exercise environment for the following labs.

Please keep in mind that some of our systems for this and future labs are restarted at 04:00 AM every day and may not be reachable for about 30 minutes. You are responsible to finish your work before this time and save your data at your local computer. We do not backup any data for your exercise account and everything you stored on our systems may be lost!

Specification Lab0a

This part of the exercise deals with S/MIME encryption of e-mails. In order to encrypt any data for this lab, it is necessary that you can receive messages sent to your student mail address (eMATRICULATION-NUMBER(at), MATRICULATION-NUMBER has to be replaced by your matriculation number and (at) by @). Use your preferred e-mail client and configure your mail address (see: (external link)

In this exercise you will use/learn the basics of how to deal with X.509 certificates. A common library used for handling X.509 is openssl and its command-line tool. In case you have not yet heard about it, you should look up some documentation. For example, HOWTOs at (external link)

Create a certificate signing request (CSR) and upload it to, providing your matriculation number. If the entered data is valid, you will receive a certificate which is signed by our certificate authority. Next, import the signed certificate and the certificate of our certificate authority, which can be downloaded from the response page as well, into your mail client. Meanwhile, you should have received an encrypted and signed S/MIME message. In the case you properly imported the certificates, you are able to decrypt the message and proceed to the second part of lab0a.

Now the signed certificate is used for SSL client certificate authentication. In the last step, the e-mail message you received contained SSH hostname, SSH port and your account name for our lab environment, as well as a password reset link, which is valid for few minutes. Your task is to authenticate yourself against the test service with your SSL client certificate. Import the certificates and keys you created/received into your browser. Follow the password reset link in the e-mail to retrieve a new password for your account. Be aware that a password reset token is valid only once. If you forget your password or the token expires, you must repeat lab0a to receive a new one.


Specification Lab0b

With the credentials of Lab0a you have to log in at the exercise environment using ssh (, Port 20000, and change your password immediately. (On Windows you can use, e.g., putty.) After login on tese, you will find a file containing some text that you must include exactly in the submission document.

The following fingerprints can be used for verification of the host key: SHA256:z5nliIMs3Iy5jInoqLzyBvKVrY3BE1p6ZIy4eeypahE (ECDSA), SHA256:EeLR4QpXUs1D7qKHKGQkKJw7HYZUHW3kB/8uwWl1Ris (RSA). You might need to configure your client in order to obtain the desired key type.

You are required to change the initial password of your account obtained via the Lab0a web service on the first login.

Please make sure that SSH multiplexing is not enabled. Otherwise, the password change request happens again on successive logins through the established SSH connection.

Submission Lab0

Create your submission document as described below and upload the text document, with the name *.txt via tuwel.
You can name your submission document like you want.


Please keep in mind that this lab is relatively short. Do not deduce the effort of later labs from lab0.

Additional Notes

Back to Top