Previous Page
Next Page

Certification Objective 11.01–Explain How to Protect Files Using the Solaris Cryptographic Framework

Protecting files is a core component in Sun's Solaris security strategy. Although MD5 and SHA1 were developed to help detect corrupt or maliciously altered files, Sun also recommends using a more comprehensive package as well, called Tripwire (www.tripwire.com). In addition to Tripwire, Sun recommends that you use the Automated Security Enhancement Tool (ASET, discussed in Chapter 8) and the Basic Security Module (BSM, discussed in Chapter 5) to help prevent unauthorized changes from being made to system files.

Exam Watch 

For the exam, remember the four methods Sun recommends to monitor and help prevent unauthorized changes from being made to system files, specifically ASET, which is discussed in Chapter 8, and BSM, which is covered in Chapter 5.

In this section, we'll look in detail at using the Solaris Cryptographic Framework to protect the integrity of files. We'll learn how to generate a random key for use with the encrypt and mac commands, provide a checksum that ensures the integrity of a file, protect a file with a message authentication code (MAC) and verify to the receiver of your message that you were the sender, and protect the content of files with encryption.

Generating Symmetric Keys

Symmetric keys, or secret keys, are computational procedures used for encryption, where the same key is used for both encryption and decryption. The first step in creating a symmetric key is to determine the length (in bytes) required by your encryption algorithm. To do so, simply list the bit range of all supported algorithms with the encrypt -l and mac -l commands, as shown here:

encrypt -l 
Algorithm       Keysize:     Min   Max (bits)
---------------------------------------------
aes                          128   128
arcfour                      8     128
des                          64    64
3des                         192   192
mac -l 
Algorithm       Keysize:     Min   Max (bits)
---------------------------------------------  
des_mac                      64    64
sha1_hmac                    8     512
md5_hmac                     8     512

The next step is to determine the key length in bytes by dividing the minimum and maximum key sizes by 8. Note that when the minimum and maximum key sizes are different, intermediate key sizes are possible. At that point, you can generate the symmetric key with the dd command:

dd if=/dev/urandom of=keyfile bs=n count=n

where if=/dev/urandom is the input file (for a random key, use the /dev/urandom file), of=keyfile is the output file that holds the generated key, bs=n is the key size in bytes (for the length in bytes divide the key length in bits by 8), and count=n is the count of the input blocks.

For example, to create a key for the MD5 algorithm in a file for later decryption, you can issue this command:

dd if=/dev/urandom of=$HOME/md5key/md5key64 bs=64 count=1

Notice that the minimum and maximum bit key sizes for MD5 are different, so we used 64, which is the maximum byte size (that is, 512/8). The same rules apply for creating an AES key (note that AES uses a mandatory 128-bit key, or 16 bytes). Here's an example:

dd if=/dev/urandom of=$HOME/aeskey/aeskey16 bs=16 count=1
Exam Watch 

To create a symmetric key, use the dd command:

dd if=/dev/urandom of=keyfile bs=n count=n

where if=/dev/urandom is the input file (for a random key, use the /dev/urandom file), of=keyfile is the output file that holds the generated key, bs=n is the key size in bytes (for the length in bytes divide the key length in bits by 8), and count=n is the count of the input blocks.

Ensuring the Integrity of Files Using Checksum

You can ensure that files weren't altered using the Solaris cryptographic framework by using message digest algorithms. As you know, a message digest is a one-way function for a stream of binary data that serves as verification that the data was not altered since the message digest was first generated—such as from when a file was compiled or modified. An example of a message digest is as follows:

Filename: tgpids.tar.Z
 Creation Date: October 05, 2004
 File Size: 500 KB
MD5: A12A24F23E36B0EFC4A9C42C3747B8B8

In this example, the message digest was created using an MD5 checksum utility. This particular utility was developed by Fourmilab (www.fourmilab.ch/md5/md5.tar.gz). John Walker of Fourmilab submitted an excellent man page for the utility, in which he describes the message digest as a compact digital signature for an arbitrarily long stream of binary data. An ideal message digest algorithm would never generate the same signature for two different sets of input, but achieving such theoretical perfection would require a message digest as long as the input file. Message digest algorithms have much in common with techniques used in encryption, but the means provide a different end: verification that data has not been altered since the signature was published.

Many older programs requiring digital signatures employed 16- or 32-bit cyclical redundancy codes (CRCs) that were originally developed to verify correct transmission in data communication protocols; but these short codes, while adequate to detect the kind of transmission errors for which they were intended, are insufficiently secure for applications such as electronic commerce and verification of security-related software distributions.

The most commonly used present-day message digest algorithm is the 128-bit MD5 algorithm, developed by Ron Rivest of the MIT Laboratory for Computer Science and RSA Data Security, Inc. The algorithm, with a reference implementation, was published as Internet RFC 1321 in April 1992 and was placed into the public domain at that time. Message digest algorithms such as MD5 are not deemed "encryption technology" and are not subject to the export controls some governments impose on other data security products. For example, Sun states that export law in the United States requires that the use of open cryptographic interfaces be restricted. The Solaris cryptographic framework satisfies the current law by requiring that kernel cryptographic providers and PKCS#11 cryptographic providers be signed.

Again, referring to the example, after downloading the file, you would run the command-line MD5 utility on it to ensure that you get the same MD5 hash output posted with the download link from when the file was originally created or modified. If the signature or hash is different, you can assume that the file was either corrupted during transfer or possibly maliciously altered.

The MD5 and the Secure Hashing Algorithm (SHA1) are among the most popular message digest algorithms. The MD5 algorithm takes a message of arbitrary length and produces a 128-bit message digest. SHA1—a revision to the original SHA that was published in 1994—is similar to the MD4 family of hash functions developed by Rivest. The algorithm takes a message and produces a 160-bit message digest. Finally, the Solaris cryptographic framework supports a command that can be used to check the integrity of files in this fashion. You can issue the digest command to compute a message digest for one or more files.

Computing a Digest of a File

By comparing digests of a file, you are checking its integrity to ensure that the file has not been corrupted or altered. In the Solaris cryptographic framework environment, you can perform digest computations using the following syntax:

digest -v -a algorithm input-file > digest-listing

where -v displays the output with file information, -a algorithm is the algorithm used to compute a digest (that is, MD5 or SHA1), input-file is the input file for the digest to be computed, and digest-listing is the output file for the digest command.

Exam Watch 

For the exam, you should know how to compute a message digest for one or more files by issuing the digest command. Remember that a message digest is a unique number which is created algorithmically from a file. If the file should change, the message digest will also change.

With regard to checking the integrity of files, be sure to take advantage of the Solaris Fingerprint Database (sfpDB). As you should know by now, sfpDB is a free tool from Sun that allows you to check the integrity of system files through online cryptographic checksums. By doing so, you can determine whether system binaries and patches are safe in accordance with their original checksums among a huge database stored at Sun. MD5 software binaries that can be used with sfpDB for Intel and SPARC architectures can be freely downloaded from Sun at http://SunSolve.Sun.com/md5/md5.tar.Z.

The MD5 software is compressed in the tar file format; therefore, after downloading to a directory (such as /usr/local), unpack the archive with the following command:

zcat md5.tar.Z | tar xvf -

The software will be unpacked into an MD5 subdirectory. After downloading and unpacking the MD5 archive, the file permissions must be modified before they can be executed. To permit only root, for example, to read, write, and execute the MD5 programs, issue the command chmod 700 /usr/local/md5/*. Additionally, the owner and group of the MD5 files must be modified to belong to a system user and associated group. Given the particular functionality, traditionally they should be owned by root; therefore, you should also issue the chown root:root /usr/local/md5/* command.

Using MD5 Software  Creating hexadecimal MD5 digital fingerprints is simple. For example, based on the installation mentioned previously, to create an MD5 fingerprint for the su program on a SPARC system, you would enter this command:

/usr/local/md5/md5-sparc /usr/bin/su

The output should look something like this:

MD5 (/usr/bin/su) = cb2b71c32f4eb00469cbe4fd529e690c

Furthermore, by placing a space between target files, you can create MD5 fingerprints for more than one file at a time, such as for the su and ls programs, by issuing this command:

/usr/local/md5/md5-sparc /usr/bin/su /usr/bin/ls

The output should look something like this:

MD5 (/usr/bin/su) = cb2b71c32f4eb00469cbe4fd529e690c
MD5 (/usr/bin/ls) = 351f5eab0baa6eddae391f84d0a6c192

Finally, to create MD5 fingerprints for all files in the /usr/bin directory, you could issue the MD5 command, along with the find command, such as in the following:

find /usr/bin -type f -print \
| xargs -n100 /usr/local/md5/md5-sparc > /tmp/md5output.txt

The output will be printed to the /tmp directory in file md5output.txt. The contents of the file can easily be copied into the online fingerprint database for integrity checks.

Protecting Files with a Message Authentication Code (MAC)

Without altering the original file, of course, and to protect a digest, you can compute a message authentication code (MAC) of a file. To do so, follow these steps:

  1. List the available algorithms by issuing the mac -l command:

    mac -l 
    Algorithm       Keysize:     Min   Max (bits)
    ---------------------------------------------
    des_mac                      64    64
    sha1_hmac                    8     512
    md5_hmac                     8     512
  2. Generate a symmetric key using the dd command:

    dd if=/dev/urandom of=keyfile bs=n count=n
    

    where if=/dev/urandom is the input file (for a random key, use the /dev/urandom file), of=keyfile is the output file that holds the generated key, bs=n is the key size in bytes (for the length in bytes divide the key length in bits by 8), and count=n is the count of the input blocks. For more detail and examples, see the "Generating Symmetric Keys" section earlier in this chapter.

    Exam Watch 

    For the exam, you should know how to create a MAC of a file. This algorithm creates a short message digest from a larger block of text by hashing it with a secret key.

  3. Create a MAC using this command:

    mac -v -a algorithm -k keyfile input-file

    where -v displays the output in the following format: algorithm (input-file) = mac. Here, -a algorithm is the algorithm used to compute the MAC (type the algorithm as the algorithm appears in the output of the mac -l command), -k keyfile is the file that contains a key of algorithm- specified length, and input-file is the input file for the MAC.

Encrypting and Decrypting Files

When you encrypt a file using the encrypt command, the original file is not modified in any way—unlike many other encryption utilities—but the output file is an encrypted form of the original file. To encrypt a file, simply create a symmetric key using the same method detailed throughout this chapter, and then issue the encrypt command:

encrypt -a algorithm -k keyfile -i input-file -o output-file
Exam Watch 

On some versions of Sun's exam, you'll be required to know how to encrypt and decrypt a file by creating a symmetric key, and then issuing the encrypt command. To decrypt the output file, you need to pass the same key and the same encryption mechanism that encrypted the file but use the decrypt command.

where -a algorithm is the algorithm to use to encrypt the file (type the algorithm as the algorithm appears in the output of the encrypt -l command), -k keyfile is the file that contains a key of algorithm-specified length (the key length for each algorithm is listed, in bits, in the output of the encrypt -l command), -i input-file is the input file that you want to encrypt (this file is left unchanged), and -o output-file is the output file that is the encrypted form of the input file. To decrypt the output file, use the decrypt command and simply pass the same key and the same encryption mechanism that encrypted the file.


Previous Page
Next Page