Scribd
Upload
16 views

CSS Mproject Certificate in Cryptography Implementation

Digital certificate implementation in CSS

Uploaded by

sanjanabhosle27
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
16 views

CSS Mproject Certificate in Cryptography Implementation

Digital certificate implementation in CSS

Uploaded by

sanjanabhosle27
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

Cryptography and System Security

Activity Topic:
Implement a certificate-based authentication mechanisms in Python or Java
By Sanjana Bhosle (A-09)

Embarking on our journey through system security, we embrace the implementation of


certificate-based authentication mechanisms—a pivotal stride in safeguarding our digital
infrastructure against potential threats and unauthorized access. This activity holds significant
importance as it empowers us to fortify our systems against potential threats and
unauthorized access attempts. By adopting certificate-based authentication, we ensure that
only trusted entities can gain access to our network resources, thereby enhancing the overall
security posture of our system. We have chosen this method due to its robustness and
reliability in establishing trust between communicating parties. Through the utilization of
certificates and private keys, we create a secure environment where mutual authentication
guarantees the identity of both the server and the client. This method not only bolsters the
security of our communication channels but also fosters trust and confidence in the integrity
of our systems.

Implementation steps:
Install OpenSSL and open its command prompt to run the following command to create a
setup for certificate-based authentication using SSL.
Command to create private key:
Openssl genrsa -aes256 -out private.key 2048

This private key is used for securely encrypting and decrypting data during SSL/TLS
communication.
Command to update the private key:
Openssl rsa -in private.key -out private.key

Command to create the certificate:


Openssl req -new -x509 -nodes -sha1 -key private.key -out certificate.crt -days 36500
This certificate contains information about the server/client (such as its name and public
key) and is signed by the private key to verify its authenticity.

Command to create a pem file


Openssl req -x509 -new -nodes -key private.key -sha1 -days 36500 -out ssl.pem
This file contains the private key and the certificate in a single file.
Private key, Certificate and a PEM file are created successfully

We only have one certificate and one private key that will be used by both the server and
client for certificate-based authentication.

Program Implementation:
Server Implementation (Server.py):
 The server sets up a TCP socket and binds it to a specific host and port
(localhost:1227 in this case).
 It configures an SSL context using the ssl.create_default_context method for client
authentication (ssl.Purpose.CLIENT_AUTH) and loads the certificate and private key
using context.load_cert_chain.
 When a client connects, the server accepts the connection and wraps the socket with
SSL/TLS using the SSL context (context.wrap_socket). This establishes a secure
connection between the server and the client.
 During the SSL/TLS handshake, the server verifies the client's certificate using
conn.getpeercert(). If the client provides a valid certificate, the server proceeds with
the connection.
Client Implementation (Client.py):
 The client sets up a TCP connection to the server (localhost:1227).
 It configures an SSL context using the ssl.create_default_context method for server
authentication (ssl.Purpose.SERVER_AUTH) and loads the certificate and private key
using context.load_cert_chain.
 The client wraps the socket with SSL/TLS using the SSL context, establishing a
secure connection with the server.
 During the SSL/TLS handshake, the client verifies the server's certificate. If the server
provides a valid certificate, the client proceeds with the connection.
Authentication:
 During the SSL/TLS handshake, both the server and client authenticate each other
using their certificates. This mutual authentication ensures that both parties are who
they claim to be.
 If the server verifies the client's certificate and the client verifies the server's
certificate successfully, the connection is established, and data can be securely
exchanged between the server and the client.
Server.py
import socket
import ssl

HOST = 'localhost'
PORT = 1227

# Path to certificate file (.crt) and private key file (.key)


CERT_FILE = 'certificate.crt'
KEY_FILE = 'private.key'

# Configure SSL context


context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
context.load_cert_chain(certfile=CERT_FILE, keyfile=KEY_FILE)

# Set up server socket


with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock:
sock.bind((HOST, PORT))
sock.listen(5)

print("Server is ready")

# Accept incoming connections


with context.wrap_socket(sock, server_side=True) as ssock:
conn, addr = ssock.accept()
print(f"Server is connected to {addr}")

# Verify client certificate


cert = conn.getpeercert()
if not cert:
print("Client did not provide a certificate")
conn.close()
else:
print("Client certificate verified")

# Perform additional certificate validation here if required

# Send data to the client


conn.send("Welcome to the Server!")

# Close the connection


conn.close()
Client.py
import socket
import ssl

HOST = 'localhost'
PORT = 1227

# Path to certificate file (.crt) and private key file (.key)


CERT_FILE = 'certificate.crt'
KEY_FILE = 'private.key'

# Configure SSL context


context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
context.load_cert_chain(certfile=CERT_FILE, keyfile=KEY_FILE)

# Set up client socket


with socket.create_connection((HOST, PORT)) as sock:
with context.wrap_socket(sock, server_hostname=HOST) as ssock:
print("Connected to server")

# Receive data from server


data = ssock.recv(1024)
print("Received:", data.decode())

print("Connection closed.")
Client.py Output:

Server.py Output:

Conclusion:
By adopting this method, we ensure that only trusted entities can access our network
resources, thus enhancing our overall security posture. Through the utilization of certificates
and private keys, we establish a secure environment where mutual authentication guarantees
the identities of both the server and the client. This approach not only strengthens the security
of our communication channels but also instills trust and confidence in the integrity of our
systems, paving the way for a safer digital future.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy