Certificate CrackingA digital certificate can be cracked but applying a password and detecting if the certificate can be read. In the following we enter some passwords, and then determine if an exception is caused. Either seperate the words by a comma, or one word per line: The result is then:
|
Tutorial
The bill01.pfx, bill02.pfx, ... certificates have a password which is the name of a fruit. Can you determine them? [Ans]
The country01.pfx, country02.pfx, ... certificates have a password which is the name of a country. Can you determine them?
Try an example
- Load fruits (bill01.pfx). Go
- Load fruits (bill02.pfx). Go
- Load fruits (bill03.pfx). Go
- Load fruits (bill04.pfx). Go
- Load fruits (bill05.pfx). Go
- Load fruits (bill06.pfx). Go
- Load fruits (bill07.pfx). Go
- Load fruits (bill08.pfx). Go
- Load fruits (bill09.pfx). Go
- Load fruits (bill10.pfx). Go
- Load fruits (bill11.pfx). Go
- Load fruits (bill12.pfx). Go
- Load fruits (bill13.pfx). Go
- Load fruits (bill14.pfx). Go
- Load fruits (bill15.pfx). Go
- Load fruits (bill16.pfx). Go
- Load fruits (bill17.pfx). Go
- Load fruits (bill18.pfx). Go
- Load countries (country01.pfx). Go
- Load countries (country02.pfx). Go
- Load countries (country03.pfx). Go
- Load countries (country04.pfx). Go
- Load countries (country05.pfx). Go
- Load countries (country06.pfx). Go
Code
string path = Server.MapPath("/") + "fred.pfx"; string[] pass1 = pass.Split(','); string message = ""; foreach (string ss in pass1) { message += h.showCer2(path, ss.Trim())+"\n"; } public string showCer2(string f,string password) { try { X509Certificate2Collection collection = new X509Certificate2Collection(); collection.Import(f, password, X509KeyStorageFlags.PersistKeySet); foreach (X509Certificate2 cer in collection) { try { hash1 = cer.SerialNumber; hash2 = cer.GetEffectiveDateString(); hash3 = cer.Subject; hash4 = cer.GetPublicKeyString(); hash5 = cer.GetKeyAlgorithm(); hash6 = cer.Issuer; hash7 = cer.GetRawCertDataString(); // Import the certificate into an X509Store object } catch (Exception ex) { return ("Trying: "+password+ " - Exception"); } } } catch (Exception ex) { return ("Trying: "+password+ " - Exception"); } return ("Trying: " + password + " - Able to read"); } }
Presentation
A related blog is [here] and here is an outline:
Certificate creation
The following defines the method for creating the certificates First we create a key pair (PVK) and a digital certificate (CER):
makecert.exe -n "CN=Test" -r -pe -a sha512 -len 4096 -cy authority -sv bill.pvk bill.cer
Where -pe defines that the private key is exportable, and -n defines the certificate subject. In this case the key length is 4,096 bits (using the -len option), and -a defines the hashing method of SHA-512 (md5|sha1|sha256|sha384|sha512). Next we add the key pair (PVK) to the certificate (CER) to produce a digital certificate (PFX) and add a password (using the -po option):
pvk2pfx.exe -pvk bill.pvk -spc bill.cer -pfx country01.pfx -po germany pvk2pfx.exe -pvk bill.pvk -spc bill.cer -pfx country02.pfx -po finland pvk2pfx.exe -pvk bill.pvk -spc bill.cer -pfx country03.pfx -po russia pvk2pfx.exe -pvk bill.pvk -spc bill.cer -pfx country04.pfx -po iceland pvk2pfx.exe -pvk bill.pvk -spc bill.cer -pfx country05.pfx -po estonia pvk2pfx.exe -pvk bill.pvk -spc bill.cer -pfx country06.pfx -po france pvk2pfx.exe -pvk bill.pvk -spc bill.cer -pfx bill01.pfx -po orange pvk2pfx.exe -pvk bill.pvk -spc bill.cer -pfx bill02.pfx -po lemon pvk2pfx.exe -pvk bill.pvk -spc bill.cer -pfx bill03.pfx -po kiwi pvk2pfx.exe -pvk bill.pvk -spc bill.cer -pfx bill04.pfx -po strawberry pvk2pfx.exe -pvk bill.pvk -spc bill.cer -pfx bill05.pfx -po raspberry pvk2pfx.exe -pvk bill.pvk -spc bill.cer -pfx bill06.pfx -po blackberry pvk2pfx.exe -pvk bill.pvk -spc bill.cer -pfx bill07.pfx -po melon pvk2pfx.exe -pvk bill.pvk -spc bill.cer -pfx bill08.pfx -po grapes pvk2pfx.exe -pvk bill.pvk -spc bill.cer -pfx bill09.pfx -po pineapple pvk2pfx.exe -pvk bill.pvk -spc bill.cer -pfx bill10.pfx -po blueberry pvk2pfx.exe -pvk bill.pvk -spc bill.cer -pfx bill11.pfx -po pear pvk2pfx.exe -pvk bill.pvk -spc bill.cer -pfx bill12.pfx -po coconut pvk2pfx.exe -pvk bill.pvk -spc bill.cer -pfx bill13.pfx -po apricot pvk2pfx.exe -pvk bill.pvk -spc bill.cer -pfx bill14.pfx -po guava pvk2pfx.exe -pvk bill.pvk -spc bill.cer -pfx bill15.pfx -po tangerine pvk2pfx.exe -pvk bill.pvk -spc bill.cer -pfx bill16.pfx -po pomegranate pvk2pfx.exe -pvk bill.pvk -spc bill.cer -pfx bill17.pfx -po olive pvk2pfx.exe -pvk bill.pvk -spc bill.cer -pfx bill18.pfx -po tomato
Test
A sample test of digital certificates is [here]