In this lab, you will implement preliminary parts of the ScroogeCoin cryptocurrency. In the next lab, you will act as Scrooge and verify transactions sent to you by users and add them to your blockchain.
- Download and install the Java Unlimited Strength Jurisdiction files from
http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html. These files remove any restrictions on cryptographic strengths. Read the README file to understand why this step is needed and how to carry out the installation. If you dont install these files, you will get an Illegal key size exception when trying to generate keys.
- In this lab and future labs, you must use cryptographically secure random number generation where necessary. Read the following link on generating cryptographically secure random values in Java:
https://www.cigital.com/blog/proper-use-of-javas-securerandom/
In your submission, answer the following questions:
- Can the Java SHA1PRNG be used securely for cryptographic operations such as generate private/public key pairs?
- What pitfalls do programmers have be aware of when using pseudo-random number generators for cryptographic operations?
- Why should a programmer be concerned about using getInstanceStrong() in certain types of applications?
- In ScroogeCoin, the central authority Scrooge receives transactions from users. Scrooge signs all hash pointers in the ScroogeCoin blockchain. To generate signatures, you will need to generate a private/public key pair on your computer that you can use to digitally sign transactions.
Bouncycastle (https://www.bouncycastle.org/) is a popular Java crypto library used in real world crypto systems. The lab includes a lib directory that contains the jars for this library.
Read and thoroughly understand the CryptoReference2.java file which uses crypto primitives like what Bitcoin uses. Try running the CryptoReference2 program on your computer and confirm that it completes successful without throwing exceptions. This program generates ECDSA keys. Read more about this type of cryptographic algorithm at https://en.bitcoin.it/wiki/Elliptic_Curve_Digital_Signature_Algorithm.
- Fill in the GenerateScroogeKeyPair.java main method with code that does the following: A. Generates a ECDSA key pair for Scrooge.
- Stores the private key in an encrypted format on disk.
- Store the public key in a separate, unencrypted file.
Run the class to generate the key pair for Scrooge. Name the key files as scrooge_sk.pem and scrooge_pk.pem so that it is clear who they belong to. You will use this key pair for the remaining parts of this lab.
In your submission, include your code and the contents of the file containing Scrooges public key. Do not submit your secret key. Remember never to give out your secret key and to always encrypt the secret key file when storing it on disk.
- Fill in the GenerateDigitalSignature main method with code that does the following:
- Reads Scrooges key pair from disk
- Generate Scrooges digital signature for the message Pay 3 bitcoins to Alice. Do not include the quotations in the message. Capitalization matters.
In your submission, include your code and the digital signature in hexadecimal.
Reviews
There are no reviews yet.