SSL/TLS Under Lock and Key: A Guide to Understanding SSL/TLS Cryptography
By Paul Baka and Jeremy Schatten
4/5
()
About this ebook
If you are looking for a comprehensive, soup-to-nuts resource on SSL/TLS, look no further. This book, geared towards bridging the gap between the absolute beginner and the veteran IT Professional, combines the theoretical and the practical in equal measure.
The first half of our book focuses on foundational theory, covering topics su
Related to SSL/TLS Under Lock and Key
Related ebooks
The Concise Guide to SSL/TLS for DevOps Rating: 5 out of 5 stars5/5Hands-On Network Forensics: Investigate network attacks and find evidence using common network forensic tools Rating: 0 out of 5 stars0 ratingsTLS Mastery: Beastie Edition: IT Mastery, #16 Rating: 0 out of 5 stars0 ratingsPenetration Testing with the Bash shell Rating: 0 out of 5 stars0 ratingsTLS Mastery: Tux Edition: IT Mastery, #16 Rating: 0 out of 5 stars0 ratingsMastering Wireshark Rating: 2 out of 5 stars2/5Full Stack Python Security: Cryptography, TLS, and attack resistance Rating: 0 out of 5 stars0 ratingsInstant Traffic Analysis with Tshark How-to Rating: 0 out of 5 stars0 ratingsAPI Security: A guide to building and securing APIs from the developer team at Okta Rating: 0 out of 5 stars0 ratingsUnderstanding Network Hacks: Attack and Defense with Python Rating: 0 out of 5 stars0 ratingsReal-World Cryptography Rating: 4 out of 5 stars4/5DNSSEC Mastery, 2nd edition: IT Mastery, #18 Rating: 0 out of 5 stars0 ratingsWeb Penetration Testing with Kali Linux Rating: 5 out of 5 stars5/5Nmap Essentials Rating: 4 out of 5 stars4/5Securing the Cloud: Cloud Computer Security Techniques and Tactics Rating: 5 out of 5 stars5/5Learn Kali Linux 2019: Perform powerful penetration testing using Kali Linux, Metasploit, Nessus, Nmap, and Wireshark Rating: 0 out of 5 stars0 ratingsSELinux System Administration Rating: 0 out of 5 stars0 ratingsMastering Metasploit Rating: 0 out of 5 stars0 ratingsMetasploit Bootcamp Rating: 5 out of 5 stars5/5Learning Network Forensics Rating: 5 out of 5 stars5/5Burp Suite Essentials Rating: 4 out of 5 stars4/5Applied Network Security Monitoring: Collection, Detection, and Analysis Rating: 3 out of 5 stars3/5Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide Rating: 5 out of 5 stars5/5Kali Linux – Assuring Security by Penetration Testing Rating: 3 out of 5 stars3/5Mastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercrime, and IoT attacks Rating: 0 out of 5 stars0 ratingsLearning Linux Binary Analysis Rating: 4 out of 5 stars4/5PHP Security and Session Management: Managing Sessions and Ensuring PHP Security (2022 Guide for Beginners) Rating: 3 out of 5 stars3/5SQL Injection Attacks and Defense Rating: 5 out of 5 stars5/5Kali Linux CTF Blueprints Rating: 0 out of 5 stars0 ratings
Security For You
IAPP CIPP / US Certified Information Privacy Professional Study Guide Rating: 0 out of 5 stars0 ratingsCompTIA Security+ Certification Study Guide, Fourth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Hacking For Dummies Rating: 4 out of 5 stars4/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsHow to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry Rating: 4 out of 5 stars4/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5Ultimate Guide for Being Anonymous: Hacking the Planet, #4 Rating: 5 out of 5 stars5/5CompTIA CySA+ Cybersecurity Analyst Certification Passport (Exam CS0-002) Rating: 5 out of 5 stars5/5The Cyber Attack Survival Manual: Tools for Surviving Everything from Identity Theft to the Digital Apocalypse Rating: 0 out of 5 stars0 ratingsCompTIA CySA+ Practice Tests: Exam CS0-002 Rating: 0 out of 5 stars0 ratingsSocial Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5Practical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5CompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratingsApple Card and Apple Pay: A Ridiculously Simple Guide to Mobile Payments Rating: 0 out of 5 stars0 ratingsBlockchain Basics: A Non-Technical Introduction in 25 Steps Rating: 5 out of 5 stars5/5
Reviews for SSL/TLS Under Lock and Key
1 rating1 review
- Rating: 4 out of 5 stars4/5You should cover more examples of how to make use of those Certs between 3 layer architecture. With more examples.. will be really helpful.
Thanks for your great basics.
Book preview
SSL/TLS Under Lock and Key - Paul Baka
SSL/TLS: UNDER LOCK AND KEY
Reflowable eBook Edition
by Paul Baka and Jeremy Schatten
Copyright © 2020 Keyko Pty Ltd. All rights reserved.
Keyko Pty Ltd
Suite 1A Level 2
802 Pacific Highway
Gordon NSW 2072
Australia
books@keyko.com.au
Edited by Sophie Pearce and Hollie Acres
Cover artwork by Ruslan Kholyaev
Formatting by Phillip Gessert
ISBN: 978-0-6489316-0-7 (Colour Edition)
ISBN: 978-0-6489316-3-8 (Black and White Edition)
ISBN: 978-0-6489316-2-1 (PDF eBook)
ISBN: 978-0-6489316-1-4 (Reflowable eBook)
ISBN: 978-0-6489316-4-5 (Audiobook)
All rights reserved. No part of this publication may be reproduced, distributed or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the publisher, except in the case of brief quotations embodied in critical reviews and certain other noncommercial uses permitted by copyright law. For permission requests, write to the publisher at the address above.
The author and publisher have taken care in preparation of this book, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information or programs contained herein.
Table of
Contents
Introduction: Scope and Audience
About the Authors
Paul Baka
Jeremy Schatten
Chapter 1: SSL, TLS and Cryptography
Cryptography
The Caesar Cipher
Symmetric Cryptography
Asymmetric Cryptography
SSL/TLS: The Best of Both Worlds
Hashing
Digital Signatures
SSL vs. TLS: Demystifying legacy terminology
Transport Layer Security TLS
TLS 1.0
TLS 1.1
TLS 1.2
TLS 1.3
Key Generation
Key Size
RSA
ECC
DES
AES
Chapter 2: Common Protocols
HTTPS
Handshake Protocol
Key Exchange
Authentication
Encryption over HTTPS
Renegotiation
Cipher Suites
Certificate Transparency
SNI
HSTS
HPKP
Perfect Forward Secrecy
SMTPS
Explicit SSL/TLS
StartTLS
FTPS
LDAPS
TCP
DTLS (UDP)
SCTP
SPDY
QUIC
Chapter 3: Public Key Infrastructure
Certificate Lifecycle
Key Pair Generation
Certificate Signing Request
Validation
Issuance
Revocation
Certificate Authorities
Root Certificate Authorities
Intermediate Certificate Authorities
Internal Certificate Authorities
Certificate Cross Certification
CRLs and OCSP Stapling
Certificate Authority Authorisation (CAA)
Most Utilized and Publicly Trusted Certificate Authorities
Chapter 4: X.509 Certificates
Certificate Fields
Certificate Extensions
Type of Certificates
Standard
Wildcard Certificates
SAN/UCC Certificates
Client Certificates
Code Signing Certificates
Chapter 5: Vulnerabilities and Flaws
Key Size
MITM Attack
Upstream Compromise
Key Escrow
Proxies/Middleboxes
Digital Signature Forgery
SSL Stripping
Well-Known Attacks
POODLE
Heartbleed
DROWN
CRIME, and BREACH
Targeted Nationstate Attacks
Quantum Computing
Chapter 6: Implementation
A Plethora of File Formats and Extensions
Base64 or Binary?
Public Key, Private Key, or both?
Windows SCHANNEL
Java Keystores
*nix Conventions
PKCS #7 and PKCS #12
Private Key Storage
Hardware Security Module (HSM)
DPAPI
File System ACLs
Chapter 7: OpenSSL
Setup and Using OpenSSL
Windows
Mac
Linux
Common Commands
Generating a Self Signed Certificate
Generating a CSR for third party signature
Converting a Binary certificate into a Base64 certificate
Converting a Base64 certificate into a Binary certificate
Splitting a PKCS12 (PFX) into its component public and private keys
Combining a Base64 public and private key into a PKCS12 (PFX)
Display certificates from a remote system
Generating Diffie-Hellman parameters
Checking key, file, and CSR association
Chapter 8: HTTP/2 and HTTP/3
Exciting new features
The HTTPS Everywhere Movement
Chapter 9: Quick-Start Configuration
Apache
NGINX
Microsoft Windows and IIS
SCHANNEL Registry changes
Java and Tomcat
cPanel
Terminology
Introduction:
Scope and Audience
SSL/TLS is an inherently complex topic; there are lots of resources and guides available that explain how to do something but very few which discuss why. This book seeks to address this gap, and in such a way that a beginner could pick this up, read through it cover to cover, and at least start to put together a mental map of the different facets of cryptography. SSL/TLS must be accessible to everyone because it is foundational to our modern online world. We need it to check our bank accounts, to talk to our friends online, and to compete in business. Though this book has been written for the beginner, meticulous attention has been paid to the layout such that an experienced professional could still find value in this writing as a desk reference. Finally, while it would be nice if this book serves a need, it is more important that it shares a passion. Each chapter has been written, and re-written with this in mind.
Feedback is greatly welcomed from our readers, and we will strive to keep it up-to-date and relevant. You may contact Paul via email books@keyko.com.au with any recommendations, ideas and general feedback.
About the Authors
Paul Baka
With over a decade of experience in web and online security, Paul has dedicated his career to ensuring that this sometimes complicated field is made accessible to those looking to secure their online privacy. With an intricate network of peers in the industry, Paul has not only built up his own knowledge and skill in this area, he has had the benefit of drawing knowledge from this network of field specialists. As an entrepreneur Paul has created multiple successful start-ups with a focus on the privacy of individuals and businesses alike.
When not dedicating himself to his work, Paul enjoys his time with family and friends, travelling and adventuring. With snow upon the mountains of Japan, Canada and Australia regularly carved by his well worn snowboard.
Jeremy Schatten
As a Systems Administrator with a background in Computer Science, Jeremy has never been able to pick between designing infrastructure and writing code. This inspired a lifelong fascination with digital cryptography as, like Jeremy, it has a foot in two worlds. Other than SSL/TLS, Jeremy’s areas of technical expertise include Enterprise Storage, Virtualization, and software deployment pipelines. Unlike Paul, Jeremy is an avid indoorsman, and spends his non-screen time cooking, reading, and baking bread. He lives in Rockville, Maryland with his partner Kate and their cat Dorian Gray.
Chapter 1
SSL, TLS and Cryptography
Cryptography
Cryptography is the practice of creating and solving codes. It predates the earliest computers by over 1000 years! It can be used to hide important messages so that they can only be read by the intended recipient. In-fact, any attempt at obfuscating a message qualifies as a form of cryptography. One famous example of a cryptographic scheme is often performed by school children; milk (from the dairy aisle) is applied to a piece of paper with a Q-Tip in order to form letters, these letters are invisible unless the paper is