Using learned skills take time and applying the skills learned in the classroom takes time or will it? Programming languages evolved to a stage where traditional computer science classes should produce skills much quicker than even 10-15 years ago. Languages like Scratch, Kodu, SmallBasic, ... can teach kids from age 6-7 to code code that used to take weeks to create. Thus, we should be able to apply learned skills in much higher level by the time students reach college.
That requires learning the environment and terminology where the code will be placed, what we refer to as Information Technology ( I.T. ). What is the point to let a programmer design a code that will be used in a network environment if the programmer have no idea what broadcast traffic is and the final code will broadcast so much that will bring the whole network to a halt.
Code can be performing the same function we talked about in the early stage of programming, but elevate the skills to include security concepts even at the simplest level.
Let see what we can do about understanding X509 certificates used in the Public Key Infrastructure ( PKI ) environment.
Generate a a public / private key certificate on your computer that can be used with Microsoft's Encrypting File Systems ( EFS ) to be the recovery agent. Recovery Agents are used to help users get back to their files in case if the user forgets the password or if the user's certificate is lost or corrupted. It might be considered the "back door", but for good purpose and need to know how to manage this configuration to provide security instead of vulnerability.
In forensic investigation, we also need to know how to use this process in order to recover user files for investigations and what are the consequences of resetting system passwords without actually finding the user's password. Offline resetting user password will lose our ability to recover file content with the user's credentials, but we can still get to the user file content using the recovery agent credentials.
C:\>cipher /rc:\temp\recoveryAgent
Please type in the password to protect your .PFX file:
Please retype the password to confirm:
Your .CER file was created successfully.
Your .PFX file was created successfully.
At this point, we have a certificate that we can work with, but you might want to see how to use it in the operating system.
Type certmgr.msc and import the certificate. Double click on the certificate to see its details.
So, can we see the same type of information by writing our own code? We
should be able to read the details of this certificate by using
predefined libraries where we do not need to implement a class full of
methods and dissect the structure in a "painful" way. Technology can
help and we can read teh certificate like we read any other simple text
input file.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Security;
using System.Net;
using System.Security.Cryptography.X509Certificates;
namespace ReadCert
{
class Program
{
static void Main(string[] args)
{
X509Certificate cert = X509Certificate.CreateFromCertFile("c:\\temp\\recoveryAgent.cer");
System.Console.WriteLine("Serial Number: {0}", cert.GetSerialNumberString());
System.Console.WriteLine("Effective Date: {0}", cert.GetEffectiveDateString());
System.Console.WriteLine("Name: {0}", cert.GetName());
System.Console.WriteLine("Public Key: {0}", cert.GetPublicKeyString());
System.Console.WriteLine("Pblick Key Algorithm: {0}", cert.GetKeyAlgorithm());
System.Console.WriteLine("Issuer: {0}", cert.GetIssuerName());
System.Console.ReadLine();
}
}
}
The output will show something like this:
Serial Number: 1B982E5AE7996DB54A2539E549580EAF
Effective Date: 10/21/2014 7:41:40 AM
Name: CN=Zoltan, L=EFS, OU=EFS File Encryption Certificate
Public Key: 3082010A0282010100C8CB222A159660D559147EA174004766B619B1C6478897F6DF
79EE28C9A4BC26984009B915FDEE6669F27A3E56AD592CC22A3D89FEBA94A6BB778C6A9A804E1489C4F23B8903ADBB71364546500611606E8D5E8F9C9D8DA0F231C7696251BC24671A31F0DA562F63607032A1E9ED69E772059686EE128E8D6D303A0E1856748ED3B8CA9C17121D933810B0D274CD87AD066E710466A5657CE4946C7F14827E99F20634CE096867685134AB752770CFA0C5DDCC95BF20EBE9651D097BCD7A792CB38389FD0FEDC702F23EC2AA9B3AC8873EDF5E525241263CE7641881E5E052D681460EBE8F69C2887AA8DD6FC28A81602257F4139EC34C40173868DC240F6AC70203010001
Pblick Key Algorithm: 1.2.840.113549.1.1.1
Issuer: CN=Zoltan, L=EFS, OU=EFS File Encryption Certificate
You still have to understand what this means and how to use it, but it
is much better conversation than writing the good old "Hello World" read
from a text file. Embrace technology and learn about I.T. with coding
in mind not the traditional business based computer science based
thinking to find the area of the pizza pie.
No comments:
Post a Comment