Objectives:

• https://wiki.lpi.org/wiki/LPIC-303_Objectives_V2

Example questions:

• https://www.examtopics.com/exams/lpi/303-200/view/

Cryptography

325.1 X.509 Certificates and Public Key Infrastructures (weight: 5)

Candidates should understand X.509 certificates and public key infrastructures. They should know how to configure and use OpenSSL to implement certification authorities and issue SSL certificates for various purposes.

Openssl cookbook

• https://www.feistyduck.com/books/openssl-cookbook/

[~]: openssl version                            
OpenSSL 1.0.2g  1 Mar 2016

[~]: openssl version -a
OpenSSL 1.0.2g  1 Mar 2016
built on: reproducible build, date unspecified
platform: debian-amd64
options:  bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx) 
compiler: cc -I. -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
OPENSSLDIR: "/usr/lib/ssl"

[~]: ls -lah /usr/lib/ssl         
total 48K
drwxr-xr-x   3 root root 4,0K Mär 12  2019 .
drwxr-xr-x 223 root root  36K Feb 16 11:43 ..
lrwxrwxrwx   1 root root   14 Jan 27  2015 certs -> /etc/ssl/certs
drwxr-xr-x   2 root root 4,0K Mär 12  2019 misc
lrwxrwxrwx   1 root root   20 Feb 27  2019 openssl.cnf -> /etc/ssl/openssl.cnf
lrwxrwxrwx   1 root root   16 Jan 27  2015 private -> /etc/ssl/private

Der misc Ordner enthält scripts:

[~]: ls -lah /usr/lib/ssl/misc 

General links:

• https://wiki.archlinux.org/index.php/OpenSSL#Usage
• https://www.feistyduck.com/library/openssl-cookbook
• https://en.wikipedia.org/wiki/X.509
• https://www.freebsd.org/doc/handbook/openssl.html
• https://docs.aws.amazon.com/iot/latest/developerguide/x509-certs.html
• https://en.wikipedia.org/wiki/Certificate_revocation_list
• Online Certificate Status Protocol (OCSP)
• https://wiki.archlinux.org/index.php/Openssl
• https://wiki.archlinux.org/index.php/Transport_Layer_Security
• https://jlk.fjfi.cvut.cz/arch/manpages/man/openssl.1ssl
• https://jlk.fjfi.cvut.cz/arch/manpages/man/core/openssl/req.1ssl.en
• https://jlk.fjfi.cvut.cz/arch/manpages/man/config.5ssl
• https://jlk.fjfi.cvut.cz/arch/manpages/man/genpkey.1ssl
• https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
• https://jamielinux.com/docs/openssl-certificate-authority/sign-server-and-client-certificates.html

Logjam attach:

• https://weakdh.org/

Open-source PKI software:

• https://github.com/letsencrypt/boulder

325.2 X.509 Certificates for Encryption, Signing and Authentication (weight: 4)

Candidates should know how to use X.509 certificates for both server and client authentication. Candidates should be able to implement user and server authentication for Apache HTTPD. The version of Apache HTTPD covered is 2.4 or higher.

• http://www.modssl.org/docs/2.8/ssl_overview.html

325.3 Encrypted File Systems (weight: 3)

Candidates should be able to set up and configure encrypted file systems.

• https://gitlab.com/cryptsetup/cryptsetup/-/wikis/FrequentlyAskedQuestions