# Lab 4 – Public Key Certificates and PKI

## General goal
In this lab you’ll get familiarized with creating and processing X.509 public key certificates and with creating and
operating a simple OpenSSL-based PKI. The lab makes use of the Cryptography library for Python and the OpenSSL
command tool.

## Specific goals
- Deploy a simple one-level demo-CA with OpenSSL
- Generate an end user Certificate Signing Request with pyca/cryptography
- Issue an end user certificate using demo-CA and export it in PEM format with OpenSSL
- Load and unserialize an end user PEM certificate using pyca/cryptography and use the associated public key
- Export a certificate in PKCS12 format and use it to sign a PDF file with Adobe Reader
- See some certificate real world examples  

Modules and tools
The documentation of the pyca/cryptography library can be found at
https://pypi.org/project/cryptography. 

You’ll may find useful to have these links as reference:
- X.509 Tutorial:
https://cryptography.io/en/latest/x509/tutorial.html
- X.509 CSR (Certificate Signing Request) Object
https://cryptography.io/en/latest/x509/reference.html#x-509-csr-certificate-signing-request-object
- Loading Certificates:
https://cryptography.io/en/latest/x509/reference/#loading-certificates
- X.509 Certificate Object:
https://cryptography.io/en/latest/x509/reference.html#x-509-certificate-object

OpenSSL web page is https://www.openssl.org/. Documentation (manpages) can be found at
https://www.openssl.org/docs/man1.1.1/. We are going to use the command line tool, whose commands can be
found at: https://www.openssl.org/docs/man1.1.1/man1/. The commands that you’ll have to use in Lab 4 are the following ones:
- ca - sample minimal CA application:
https://www.openssl.org/docs/man1.1.1/man1/ca.html
- x509 - Certificate display and signing utility:
https://www.openssl.org/docs/man1.1.1/man1/x509.html
- req - PKCS#10 certificate request and certificate generating utility:
https://www.openssl.org/docs/man1.1.1/man1/req.html
- verify - Utility to verify certificates:
https://www.openssl.org/docs/man1.1.1/man1/verify.html

## Lab assignment and assessment

You are given two configuration files (<code>openssl_AC1.cnf</code> and <code>openssl_AC2.cnf</code>) that you will use to specify some options
for the two Certification Authorities considered in the OpenSSL demo-CA.
Next, you’ll be guided through several tasks you’ll have to complete. 
Lab 4 assessment will be performed with a test/quiz/exam at the end of the course.

# 0. Modules installation and imports

In [19]:

from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives.asymmetric import padding as asym_padding
from cryptography.exceptions import InvalidSignature
from cryptography.hazmat.primitives.asymmetric import utils
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.serialization import load_pem_private_key, load_pem_public_key

from cryptography import x509
from cryptography.x509.oid import NameOID
from cryptography.x509 import load_pem_x509_certificate

# 1. Deploying AC1 and issuing AC1's self-signed certificate

You are going to use the <code>OpenSSL</code> tool to deploy a demo CA. <code>OpenSSL</code> is already installed in the VM you are using and you can use <code>OpenSSL</code> command line tool through the terminal offered in JupyterLab .

1) Create a folder and name it as <code>PKI</code>
2) Open a terminal (File > New > Terminal) and go to the PKI folder by writing the command <code>cd PKI</code> (as shown below in line [0]) and press <code>Enter</code>. 
3) Next, create a new folder for AC1 (line [1]), go into this folder (line [2]) and create the infrastructe needed to deploy AC1 (lines [3-4]). 
4) Place the file <code>openssl_AC1.cnf</code> that you should have downloaded from Aula Global inside the AC1 folder. WITH CARE: You may want to change some data inside the conf file (eg, the common name of the CA)  
5) Now, you are ready to create an RSA key pair and a self-signed certificate for AC1 (line [5]). Below you can see an output similar to the one you should get. <mark>NOTE DOWN THE PASSWORD FOR THE PRIVATE KEY if you think that you may forget it (if you do not remember it, you'll have to repeat the process AGAIN if you need to use the private key). </mark>

# 2. Creating the end user's keys and the Certificate Signing Request (CSR)

Before coding anything in Python, prepare a folder for the end user entity (here named as A). 

Go back to the PKI folder (line [8]) and create a folder for A (line [9]). 

Now write code in the next cell to create an RSA private key for the end user. Serialize and save the private key in a file named <code>Akey.pem</code>. <mark>NOTE DOWN THE PASSWORD FOR THE PRIVATE KEY if you think that you may forget it (if you do not remember it, you'll have to repeat the process AGAIN if you need to use the private key). </mark>

In [7]:
# YOUR CODE HERE

Now write code to create a Certificate Signing Request (CSR) for entity A. Follow the tutorial provided at https://cryptography.io/en/latest/x509/tutorial/#creating-a-certificate-signing-request-csr to create the CSR (remember that you should  already have created the private key). 

<mark>Make sure you change the COMMON NAME so it contains the NIA of the students working collaboratively in this lab (or just yours if you are working by yourself). </mark>

When you follow the tutorial, notice that instead of requesting a certificate for a web server, you’ll request an end user certificate, so you’ll have to:
- use a common name that is not a domain name (not <code>u“mysite.com”</code> )
- do not add the <code>DNSName</code> extension

Save the CSR in a file named <code>Acsr.pem</code>.

In [8]:
# YOUR CODE HERE

Now, using the terminal, go to A's folder (line [10]) and copy A's CSR in the folder <code>solicitudes</code> of AC1 (line [11]). 

Use command <code>req</code> to see the contents of the CSR (line [12]). Below you can see an output similar to the one you should get.

# 3. Issuing the end user's certificate

Now go to the AC1 folder (line [13]) and you are going to review A's CSR (line [14]) and then, if everything is OK, you'll issue A's certificate (line [15]). Notice that requested the pass phrase is the one protecting AC1's private key. 

Finally, print the contents of the issued certificate (line [16]) and copy it --the file <code>01.pem</code> inside folder <code>nuevoscerts</code> (or named with the corresponding serial number that you have used for A's certificate)-- to A's folder as <code>Acert.pem</code> (line [17]).

# 4. Using the end user's certificate

Now, write code to load and unserialize A's certificate. Notice that your are provided with several auxiliary functions to do this (<code>load_pem</code> and <code>unserialize_pemcert</code>). Once you have the certificate object, print the value of some of its attributes (consult reference provided at https://cryptography.io/en/latest/x509/reference/#x-509-certificate-object) such as the serial number, the fingerprint, the subject, the validity period...   

In [15]:
def unserialize_pemcert(pemlines):
    certificate = load_pem_x509_certificate(pemlines)
    return certificate

def save_pem(pem, filename): 
    with open(filename, 'wb') as pem_out: 
        pem_out.write(pem) 

def load_pem(filename): 
    with open(filename, 'rb') as pem_in: 
        pemlines = pem_in.read() 
        return pemlines

pemlines = load_pem("./PKI/A/Acert.pem")

Acert = unserialize_pemcert(pemlines)

# YOUR CODE HERE

From now on, the public key will be inside the certificate and you can access to it with <code>cert.public_key()</code>. 

# 5. Encrypting a message for your teacher

Download the public key provided in Aula Global as <code>teachercert.pem</code>, upload it to JupyterLab, load the cert and use the public key within it to encrypt a message to your teacher. Use RSA with OAEP padding with the parameters <code>mgf = padding.MGF1(algorithm=utils.hashes.SHA256())</code>,
<code>algorithm = utils.hashes.SHA256()</code>, and <code>label = None</code>. 

Once you have the encrypted message, encode it in base64 and save it in a file using 'wb' mode (name the file as secret_message_from_YOUR-NAME-SURNAME.enc). 

<mark>Submit the file containing the encrypted message to the assignment published in Aula Global.</mark> 

In [None]:
# YOUR CODE HERE

# 6. Signing a PDF file within Acrobat Reader

Next, you'll use the <code>OpenSSL</code> tool to export the end user's certificate together with its certification chain (in this case it only contains the certificate of AC1) AND the end user's private key.

First, move in the terminal to A's folder (line [18]), then copy AC1's certificate to A's folder (line [19]) and finally, use command <code>pkcs12</code> to export A's cert, AC1's cert and A's private key into a single file in PKCS12 format (line [20]). You'll be asked for a 'Export Password'; this password will be used to protect the private key inside the PKCS12 file, so... make sure you will be able to recall it afterwards if you do not want to repeat the process. 

Now, download the PKCS12 file to a computer with Adobe Reader installed. Download also the provided PDF file in Aula Global and open it within the Adobe Reader program. 

Search for 'Tools' or 'Herramientas' and look for the tool named 'Certificates' or 'Certificados'. Open it and select then 'Digitally Sign' or 'Firmar digitalmente'. Follow the instructions and provide the required information when requested:
- The area where the signature's graphical mark will be placed 
- The file containing the PKCS12 certificate
- The password protecting the private key (previously named 'Export Password') 

Save the signed PDF file and check the signature you've just generated. Check also that you can see in the certificates associated with the signature the data present in AC1 and A's certificates. 

<mark>Submit the signed PDF to the corresponding assignment published in Aula Global</mark>

# 7. FNMT-RCM Certification Authority

The organization Fábrica Nacional de Moneda y Timbre (FNMT) from the Spanish Government issues
private individual certificates (https://www.sede.fnmt.gob.es/en/certificados/persona-fisica). 
You may request one if you want and satisfy the requirements, although in this lab you are not requested so. 
In this lab you are requested to have a look at some documentation that a real PKI has to publish (Certification Practices Statement) and also check the AC RAIZ FNMT-RCM certificate (the root certificate) against the one that is embedded in the Firefox browser (it should be installed in the lab’s Windows computer).

Access the Certification Practices Statement file in this URL: https://www.sede.fnmt.gob.es/documents/10445900/10536309/dgpc_english.pdf
Have a look at the index of the file to grasp the type of information that a document of this type should contain. 
Then, check the information provided from page 14 to 17 related to the FNMT-RCM root certificate. In particular, look for the fingerprint of the certificate. 

On the other hand, open a Firefox browser or a Chrome browser. Open the Preferences panel in any of the browsers. Look for the Privacy and Security configuration and specifically for the the place where you can check the certificates. Search for the embbeded FNMT-RCM root certificate and view its contents. Look for the fingerprint and check that it is the same that the one specified in the Certification Practices Statement. 







# 8. Web server's certificates 

Open the Mozilla Firefox browser or the Chrome web browser and access the web pages listed next. Right-click on the lock icon that
you’ll find next to the URL to its left and click on the “Certificate” link to get more information on this
web server certificate:
- https://www.google.com
- https://www.uc3m.es
- https://stackoverflow.com/
- https://administracion.gob.es/
- https://www.wikipedia.org/

Find out for each certificate:
- the certified common name (and associated DNS names),
- the validity period, 
- the type and length of the certified keys, 
- the key usages,
- which entity has issued each certificate (and how long the certificate chain is), 
- the type and length of the keys of the issuing authority, and 
- the validity period of the certificate of the issuing authority.

Open a browser and open the following web pages:
- https://letsencrypt.org 
- https://letsencrypt.org/getting-started/
- https://letsencrypt.org/how-it-works/

Now answer the following questions:
- Which is the purpose of this organization?
- Which are the pros of the server public key certificates issued by Let’s encrypt?

In [22]:
#from cryptography.hazmat.primitives.serialization import load_pem_private_key, load_pem_public_key
#from cryptography.hazmat.primitives.asymmetric import rsa
#from cryptography.hazmat.primitives.asymmetric import padding as asym_padding
#from cryptography.exceptions import InvalidSignature

VERBOSE = True
    
def serialized_pem_to_ascii_lines(pem):
    split_pem = pem.splitlines()
    ascii_lines = ""
    n = 0
    for i in split_pem:
        ascii_lines = ascii_lines + split_pem[n].decode("ascii") + "\n"
        n = n + 1
    return ascii_lines


def sign_rsapss(message, private_key):
    # Here there is the definition of the sign method
    # https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa.html#cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey
    # Sign has as parameters data(bytes), padding (PSS or PKCS_X), algorithm (this has to be a
    # hash alorithm or you may pass a prehashed data)

    # Padding PSS
    # https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa.html#cryptography.
    # hazmat.primitives.asymmetric.padding.PSS
    # Probabilistic. mgf is a mask generation function --> MGF1. salt_length(int):
    # this is the length of the salt, recommended to be set to PSS.MAX_LENGTH
    signature = private_key.sign(
        message,
        asym_padding.PSS(
            mgf=asym_padding.MGF1(hashes.SHA256()),
            salt_length=asym_padding.PSS.MAX_LENGTH
        ),
        hashes.SHA256()
    )
    if VERBOSE:
        print("\n\nGENERATING RSA_PSS SIGNATURE")
        print("message: ", message)
        print("signature: ", signature)
        pwd = b"pwd_just_for_printing"
        print("pem private key serialization pwd: ", pwd)
        print("pem serialized private_key: \n", pem_serialize_enc_priv_key(private_key, pwd))
        print("ascii pem serialized private_key: \n",
              serialized_pem_to_ascii_lines(pem_serialize_enc_priv_key(private_key, pwd)))
    return signature


def verify_rsapss(message, signature, public_key):
    try:
        public_key.verify(
            signature,
            message,
            asym_padding.PSS(
                mgf=asym_padding.MGF1(hashes.SHA256()),
                salt_length=asym_padding.PSS.MAX_LENGTH
            ),
            hashes.SHA256()
        )
        if VERBOSE:
            print("\n\nVERIFYING RSA_PSS SIGNATURE")
            print("message: ", message)
            print("signature: ", signature)
            print("pem serialized public_key: \n", pem_serialize_pub_key(public_key))
            print("ascii pem serialized public_key: \n",
                  serialized_pem_to_ascii_lines(pem_serialize_pub_key(public_key)))
            print('The signature verification has been successful')
        return True
    except InvalidSignature:
        if VERBOSE:
            print("\n\nVERIFYING RSA_PSS SIGNATURE")
            print("message: ", message)
            print("signature: ", signature)
            print("pem serialized public_key: \n", pem_serialize_pub_key(public_key))
            print("ascii pem serialized public_key: \n",
                  serialized_pem_to_ascii_lines(pem_serialize_pub_key(public_key)))
            print('The signature verification has failed')
        return False

In [34]:
with open('./PKI/A/payload.txt', 'rb') as f:
    payload = f.read()
    

sk = pem_unserialize_enc_priv_key(load_pem("./PKI/A/Akey.pem"), pwd_for_private_key)

signature = sign_rsapss(payload, sk)

pk = Acert.public_key()

verify_rsapss(payload, signature, pk)



GENERATING RSA_PSS SIGNATURE
message:  b'my very important message'
signature:  b'P\x18t\xe6\x8fP\xe2\x0e\xb5\x8cDl\xa5\xb0ji 5\xfa\xc3z3\x88U\x8a\xe0f\xd7b8e\x88\xb3\x83\xfe;\xed<>T\x07K#\x95oaZ?\x1d\xd7\x94\xb4~\xc1\x8ezT\xdb;\xf5I\x1b\x10u\xb3P\x1c\x88bj\x02`=\xe2\x8d3\xd2\x1c$\xcb.\x9ei\xef\x9a\xcd\t\xf2\xb8\x93\x897\xb5\x8c\xf1m\x11\xed\xdbL>\xb05\xf29~\xa3\x19\x0e]t\xcd\x029\xe8\xf1\x81\x987\xbb\xd2\xd5t\xb9\xb5\x8c\xbdDXv@<\xc1]\x84\xa0\x0e\xb8\x85yS/\xd2u\xb8\x01\xe2\xa3p\xde\xfe\xd3\xde\x0cD\x0e\xc0\xad^\xf0"v\xa1_`\x07\x03\x90\xa6\xde(\x071\xad1l\x7f\x05\xfe\x15]\xac\xb9i#g\xb1\xfb\x8eW\r\x1ea\xce\xe3>\xe0RAd-\x08J1\xf8\x10\xc9\xed\x0c\n\xd4\xc9\'\x0e(\xaa\xa6\xd8\']V\xbeAL\x90T\x9e\xb4\xc8\x16\xf6q$\x9c\xc1\xd37U\xe4\xe8\x17\xc0I\xa6\x16\x19\x08\xba\xd8\x12\xf9p\x9cyAv'
pem private key serialization pwd:  b'pwd_just_for_printing'
pem serialized private_key: 
 b'-----BEGIN ENCRYPTED PRIVATE KEY-----\nMIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIESa0R8KNK4ACAggA\nMAwGCCqG

True