Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Encryption using SSL Topic 5, Chapter 15 Network Programming Kansas State University at Salina.

Published byAubrey Melton Modified over 8 years ago

Similar presentations

Presentation on theme: "Data Encryption using SSL Topic 5, Chapter 15 Network Programming Kansas State University at Salina."— Presentation transcript:

1 Data Encryption using SSL Topic 5, Chapter 15 Network Programming Kansas State University at Salina

2 SSL Secure Sockets Layer (SSL) Transport Layer Security (TLS) Based on public certificates and private keys Certificates may be either self signed or verified by one of a few trusted Certificate Authorities (CA) Often used with HTTP (https://www...) Can be used with SMTP, ssh, scp, any client server communication. Python has basic SSL client capability. OpenSSL module provides more. Re-worked in Python 2.6 to also include server side support.

3 How it works 1. Client and server establish socket connection 2. Server sends public certificate to client 3. To verify authenticity of the server, client may validate the certificate with one a few trusted certificate authorities 4. Client encrypts the message using the public key and sends it to the server 5. Server receives the message and decrypts it using the private key

4 Public / Private Keys The keys are a matched pair  Messages encrypted with the public key can only be decrypted with the private key  Having the public key will not help decrypt a message Keys may be self signed for private activities Public servers usually have purchased certificates In many cases, especially with HTTP, the message is only encrypted from client to server. Thus, the credit card number is usually ‘X’ed out in the receipt.

5 Self Signing a certificate 1010 timber:~/openssl> openssl req -new -out certfile.pem -keyout keyfile.pem Generating a 1024 bit RSA private key........++++++................................................++++++ writing new private key to 'keyfile.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]:US State or Province Name (full name) [Berkshire]:Kansas Locality Name (eg, city) [Newbury]:Salina Organization Name (eg, company) [My Company Ltd]:Kansas State University Organizational Unit Name (eg, section) []:Engineering Technology Common Name (eg, your name or your server's hostname) []:timber.sal.ksu.edu Email Address []:tim@ksu.edu Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:

6 Public Certificate and Private Key 1012 timber:~/openssl> cat keyfile.pem -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,F7FFBD69A863B27B oq2s6YBa+6XVk+sfhFwYQixYQnP1wDDPVFpf+gdFTQUZ7qkG+qeR23z9LqEiTm1H E5ZB8TW3m1PC8Bhz8EansTV9/Q2AqpgWduytuKX9mo1nEwjTQPx7vZpnb+JrcGB2 Ew2qp4NfU1sYVpXV+KO66TunsTdhvNyV1fH8r6Dgk9xruNfvoUB0WRRKDGZ17iaP 1GeGPnQWWDC7WWE2LYugz/LW5BSoZtwdYf2U/48F/SvAgf1MyPUExwBqYRinzjdo PP9MXMGPHJQJ9PLeGnIRqUAAU2p0NJB8tb8ZrwFWpK4Aa1B3I9cNiMa42L0mfcax Y10+0MMq4UcAIHkfdIOBbRN8m9lpM3haeAs9ppAewyG3MKII2DC+FsEsdYIBWRhL Mfi3WcUOwqrVHLL2Qf1d4QZS9MkYZahvKsz3iYGZkw2Le/BXy+0/esLFnCjDhEOA NLLrVRcpo+82bKjjeQf4yTxL6w++HmfWsWSSGgD+BLWx6geVDZsUS65XaNsUsHQ7 PPi2taqaTu+rHKbYBoTdZUi3gUHhzH5NlWBvOe3tyWMVtid+GgmI418ib5uOikYL c//IjhwrVzUL4+9raSVcHqFn+kOX/bGxbDzr5vJSJSDFfff2dwYAFvsPYK2ka5gZ rYdq2tGjrEQycNXksOqsVGv4JEsuEacXeQRpVqh6AOVEWbC0eTUA1bjo9wM6aywi FIqgr0lLIE7lvL9rW8mkPQ9Tl9lwrLZfqB3vcfmstDXfQqH/A9VEgjhbNHnJkZ3n MihuBRizFEbK/kZRbk0yVMiFU6HltIJUgJ5b06bLEpcz6wlHSBBxhA== -----END RSA PRIVATE KEY----- 1011 timber:~/openssl> cat certfile.pem -----BEGIN CERTIFICATE REQUEST----- MIIB7DCCAVUCAQAwgasxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIEwZLYW5zYXMxDzAN BgNVBAcTBlNhbGluYTEgMB4GA1UEChMXS2Fuc2FzIFN0YXRlIFVuaXZlcnNpdHkx HzAdBgNVBAsTFkVuZ2luZWVyaW5nIFRlY2hub2xvZ3kxGzAZBgNVBAMTEnRpbWJl ci5zYWwua3N1LmVkdTEaMBgGCSqGSIb3DQEJARYLdGltQGtzdS5lZHUwgZ8wDQYJ KoZIhvcNAQEBBQADgY0AMIGJAoGBAOTRJmntlJy7cf3N3yW0/1jSUoWROlVkaZfg Aojz59gKlEDMLtVn2DKYDexWe0AUV9gBEpHTguX5Vi322IpPjOvO/3n1kHrdgD5L Nnc9tYYe5fF0RKzisRz7HKu6aXXY6dNFJMVRj7cTg4uSh7IS5lJvDCjohEnPJYzF 2g8mSoSBAgMBAAGgADANBgkqhkiG9w0BAQQFAAOBgQC1BjorEY98HkW7ceyH9s3d EcFy6uFKXP2hFjCEesrW+N8lMdyrXYbyxffdE6ZpMEcNoYS9S0wxuwg1f7WjI/3S y+fA2yviU+7c7blBd7r/r8uaviJB3uMWTgWKdnKBsnqBRvUQcytSrflzANV0MHIq tVhFOv/lfqxQIha0m6BFQw== -----END CERTIFICATE REQUEST-----

7 Programming SSL Client Side  Limited support in built-in socket module  ssl = socket.ssl( socket )  Two methods: read(), write()  Create wrapper to make easier to use – see basic-wrap.py Server Side  Need either additional module or version 2.6 or later of Python  See example on next slide

8 Python 2.6 ssl module server side example while True: newsocket, fromaddr = bindsocket.accept() connstream = ssl.wrap_socket(newsocket, server_side=True, certfile="mycertfile", keyfile="mykeyfile", ssl_version=ssl.PROTOCOL_TLSv1) deal_with_client(connstream)

Download ppt "Data Encryption using SSL Topic 5, Chapter 15 Network Programming Kansas State University at Salina."

Similar presentations

HTTPS/SSL Oleh: Idris Winarno. Persiapan Pastikan repository debian # vim /etc/apt/sources.list deb etch main contrib non-freehttp://kebo.vlsm.org/debian.

HTTPS/SSL Oleh: Idris Winarno. Persiapan Pastikan repository debian # vim /etc/apt/sources.list deb etch main contrib non-freehttp://kebo.vlsm.org/debian.
Apache2 HTTPS. 1. Install webserver Apache # apt-get install apache2 2. Buat direktori untuk menyimpan file https # mkdir /var/www/secure 3. Instalasi.

Apache2 HTTPS. 1. Install webserver Apache # apt-get install apache2 2. Buat direktori untuk menyimpan file https # mkdir /var/www/secure 3. Instalasi.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Cryptography and Network Security

Cryptography and Network Security
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
Securing Network Communication. 2 Security Issues in Communication Privacy  Anyone can see content Integrity  Someone might alter content Authentication.

Securing Network Communication. 2 Security Issues in Communication Privacy  Anyone can see content Integrity  Someone might alter content Authentication.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.

SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.

Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Chapter 8 Web Security.

Chapter 8 Web Security.
SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004

SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004
Zach Miller Condor Project Computer Sciences Department University of Wisconsin-Madison Lockdown of a Basic Pool.

Zach Miller Condor Project Computer Sciences Department University of Wisconsin-Madison Lockdown of a Basic Pool.
Zach Miller Condor Project Computer Sciences Department University of Wisconsin-Madison Securing Your Condor Pool With SSL.

Zach Miller Condor Project Computer Sciences Department University of Wisconsin-Madison Securing Your Condor Pool With SSL.

Similar presentations

Ads by Google