What instructional toy programs do you suggest writing to understand certificates?

Question

I understand better some concepts when I write toy programs for isolated aspects of the problem at hand. For instance, for encryption you can write a program to encrypt and then decrypt a string.. and see that you get the initial string.

What toy programs do you suggest that I write to understand certificates? (server/client interaction, ssl communication, signatures, etc) And/or what .NET namespaces should I explore?

(not important for the question, but I use c#)

Answer 1

• Create a symmetric key and encrypt/decrypt something with it. Modify the encrypted byte [] and try to decrypt it. Play with different padding and modes and repeat a few times.
• Create/Save/Load certificates and private keys.
• Verify the certificate chain for any certificate you find to see the most common kind of errors.
• Create a symmetric key, encrypt it with the public key of one cert ("client") and the private of another ("server").
• Create a message that sends the above key encrypted with the "server" private key, then some encrypted text and sign the whole thing. Then decode and verify this using the "server" public key and the "client" private key.

Namespaces?

• System.Security.Cryptography
• System.Security.Cryptography.Authentication
• System.Security.Cryptography.X509Certificates

A few interesting types:

• RSACryptoServiceProvider
• SymmetricAlgorithm
• RijndaelManaged
• ICryptoTransform
• X509Chain

Answer 2

I do not agree with the given answer. In order to understand certificates, you have to understand the infrastructure behind it (called PKI, Public Key Infrastructure). That means you have to read some material about first

• How does public key crypto work (in general)
• Why are PKI's needed
• What is a certificate and why do we need it

Programming this stuff doesn't make sense if you dont know the concepts behind it.

You compare it to encryption/decryption. Both are blackboxes where the user does not need to know how it works (internally) in order to use it.

However, certificates and PKIs are different. in order to be able to user them in a practical and mostly secure way, you need to first grasp the concepts (by reading, but dont be afraid reading a few wiki pages and asking a few questions here will get you more than halfway) before you can program it.

edit after comment: Yes, toy programs are always nice to grasp the concept in practice. What comes to mind:

• Do a public key encrypt/decrypt (basic)
• Do signature/check signature (i know it is the same as the previous one, but it is principally different) (basic)
• Try to connect to a server and do the SSL handshake yourself (advanced)
• Try to connect to a server, fetch the certificate and check the validity through the whole certificate chain (moderate)
• Try to create your own self-signed certificates (moderate)
• Try to use other encryption algorithms besides RSA, try DSA, El-Gamal, Elliptic Curves Crypto (moderate)
• Implement a diffie-hellman keyexchange algorithm (advanced)

And once you're done with these i think you'll quite a reasonable understanding of the whole thing. If you're still curious, you can always dive into the more advanced stuff like the math, like how you cheat, algorithm correctness proofs etc.

Btw, i just stumbled over a recent discovery concerning SSL/TLS and since you're working on that subject, perhaps you'll like to read this small article:

http://blog.ivanristic.com/2009/11/ssl-and-tls-authentication-gap-vulnerability-discovered.html