$3\mathrm{.}6$ Task $6$: Manually Verifying an X$\mathrm{.}509$ Certificate

In this task, we will manually verify an X$\mathrm{.}509$ certificate using our program. An X$\mathrm{.}509$ contains data about

a public key and an issuer$$s signature on the data. We will download a real X$\mathrm{.}509$ certific

ate from a web

server, get its issuer$$s public key, and then use this public key to verify the signature on the certificate.

Step $1$: Download a certificate from a real web server. We use the www$.$example.org server in

this document. Students should choose a different web server that has a different certificate than the

one used in this document $($it should be noted that www$.$example.com share the same certificate with

www$.$example.org$).$ We can download certificates using browsers or use the following command:

$ openssl s$\_$client$-$connect www$.$example.org:$443-$showcerts

Certificate chain

$0$ s:$/$C$=$US$/$ST$=$California$/$L$=$Los Angeles$/$O$=$Internet Corporation for Assigned

Names and Numbers$/$OU$=$Technology$/$CN$=$www$.$example.org

i:$/$C$=$US$/$O$=$DigiCert Inc$/$OU$=$www$.$digicert.com$/$CN$=$DigiCert SHA$2$ High Assurance

Server CA$-----$BEGIN CERTIFICATE$----$

MIIF$8$jCCBNqgAwIBAgIQDmTF$+8$I$2$reFLFyrrQceMsDANBgkqhkiG$9$w$0$BAQsFADBw

MQswCQYDVQQGEwJVUzEVMBMGA$1$UEChMMRGlnaUNlcnQgSW$5$jMRkwFwYDVQQLExB$3$

$......$

wDSiIIWIWJiJGbEeIO$0$TIFwEVWTOnbNl$/$faPXpk$5$IRXicapqiII$=-----$END CERTIFICATE$----$

$1$ s:$/$C$=$US$/$O$=$DigiCert Inc$/$OU$=$www$.$digicert.com$/$CN$=$DigiCert SHA$2$ High

Assurance Server CA

i:$/$C$=$US$/$O$=$DigiCert Inc$/$OU$=$www$.$digicert.com$/$CN$=$DigiCert High Assurance

EV Root CA$-----$BEGIN CERTIFICATE$----$

MIIEsTCCA$5$mgAwIBAgIQBOHnpNxc$8$vNtwCtCuF$0$VnzANBgkqhkiG$9$w$0$BAQsFADBs

MQswCQYDVQQGEwJVUzEVMBMGA$1$UEChMMRGlnaUNlcnQgSW$5$jMRkwFwYDVQQLExB$3$

$......$

cPUeybQ$=-----$END CERTIFICATE$----$

The result of the command contains two certificates. The subject field $($the entry starting with s:$)$ of

the certificate is www$.$example.org, i$.$e$.,$ this is www$.$example.org$$s certificate. The issuer field $($the

entry starting with i:$)$ provides the issuer$$s information. The subject field of the second certificate is the

same as the issuer field of the first certificate. Basically, the second certificate belongs to an intermediate

CA$.$ In this task, we will use CA$$s certificate to verify a server certificate.

If you only get one certificate back using the above command, that means the certificate you get is signed

by aroot CA$.$ Root CAs$$ certificates can be obtained from the Firefox browser installed in our pre$-$built VM$.$

Gotothe Edit Preferences PrivacyandthenSecurity View Certificates. Search

for the name of the issuer and download its certificate.

Copy and paste each of the certificate $($the text between the line containing "Begin CERTIFICATE"

and the line containing "END CERTIFICATE", including these two lines$)$ to a file. Let us call the first one

c$0.$pem and the second one c$1.$pem.

Step $2$: Extract the public key $($e$,$ n$)$ from the issuer$$s certificate. Openssl provides commands to

extract certain attributes from the x$509$ certificates. We can extract the value of n using$-$modulus. There

is no specific command to extract e$,$ but we can print out all the fields and can easily find the value of e$.$

SEEDLabs$$RSAPublic$-$KeyEncryptionandSignatureLab $7$

Formodulus$($n$)$:

$opensslx$509-$inc$1.$pem$-$noout$-$modulus

Printoutallthefields,find theexponent$($e$)$:

$opensslx$509-$inc$1.$pem$-$text$-$noout

Step$3$:Extractthesignaturefromtheserver$$scertificate$.$ Thereisnospecificopensslcommandto

extract thesignaturefield. However,wecanprintoutall thefieldsandthencopyandpastethesignature

blockintoafile$($note: ifthesignaturealgorithmusedinthecertificateisnotbasedonRSA,youcanfind

anothercertificate$).$

$opensslx$509-$inc$0.$pem$-$text$-$noout

$...$

SignatureAlgorithm:sha$256$WithRSAEncryption

$84$:a$8$:$9$a:$11$:a$7$:d$8$:bd:$0$b:$26$:$7$e:$52$:$24$:$7$b:b$2$:$55$:$9$d:ea:$30$:

$89$:$51$:$08$:$87$:$6$f:a$9$:ed:$10$:ea:$5$b:$3$e:$0$b:c$7$:$2$d:$47$:$04$:$4$e:dd:

$......$

$5$c:$04$:$55$:$64$:ce:$9$d:b$3$:$65$:fd:f$6$:$8$f:$5$e:$99$:$39$:$21$:$15$:e$2$:$71$:

aa:$6$a:$88$:$82$

Weneedtoremovethespacesandcolonsfromthedata,sowecangetahex$-$stringthatwecanfeedinto

ourprogram.Thefollowingcommandcommandscanachievethisgoal.ThetrcommandisaLinuxutility

toolforstringoperations. Inthiscase,the$-$doptionisusedtodelete":"and"space"fromthedata.

$catsignature$|$tr$-$d$[$:space:$]$:$$

$84$a$89$a$11$a$7$d$8$bd$0$b$267$e$52247$bb$2559$dea$30895108876$fa$9$ed$10$ea$5$b$3$e$0$bc$7$

$......$

$5$c$045564$ce$9$db$365$fdf$68$f$5$e$99392115$e$271$aa$6$a$8882$

Step$4$:Extractthebodyoftheserver$$scertificate$.$ ACertificateAuthority$($CA$)$generatesthesignature

foraservercertificatebyfirstcomputingthehashof thecertificate,andthensignthehash. Toverifythe

signature,wealsoneedtogenerate thehashfromacertificate. Since thehashisgeneratedbefore the

signatureiscomputed,weneedtoexcludethesignatureblockofacertificatewhencomputingthehash.

Findingoutwhatpartof thecertificateisusedtogeneratethehashisquitechallengingwithoutagood

understandingoftheformatofthecertificate.

X$\mathrm{.}509$certificatesareencodedusingtheASN$\mathrm{.}1($AbstractSyntaxNotation$.$One$)$standard$,$soifwecan

parsetheASN$\mathrm{.}1$structure,wecaneasilyextractanyfieldfromacertificate.Opensslhasacommandcalled