Tool for analysis of security certificates
Project description
Tool for analysis of security certificates and their security targets (Common Criteria, NIST FIPS140-2...).
This project is developed by the Centre for Research On Cryptography and Security at Faculty of Informatics, Masaryk University.
Usage (CC)
The tool requires several Python packages as well as the pdftotext
binary somewhere on the PATH
.
The easiest way to setup the tool is to install it in a virtual environment, e.g.:
Install Python virtual environment (if not yet):
python3 -m pip install --upgrade pip
pip install virtualenv
Setup new local one named 'virt' :
python3 -m venv virt
. virt/bin/activate
pip install -e .
The following steps will do a full extraction and analysis of CC certificates:
- Make a directory in which the certificates will be downloaded and processing will take place. The contents of the directory are under the control of the tool, and may be overwritten!
- Run
python process_certificates.py --fresh --do-download-meta <dir>
to download certificate metadata from the Common Criteria portal. - Run
python process_certificates.py --fresh --do-extraction-meta <dir>
to extract metadata from the downloaded Common Criteria pages. - Run
python process_certificates.py --fresh --do-download-certs <dir>
to download the certificate and security target PDF files. This step takes time as there is quite a lot of files. It also takes up a lot of space (around 5GB). It is done in parallel and the number of threads can be changed with the-t/--threads
switch (the default is 4). - Run
python process_certificates.py --fresh --do-pdftotext <dir>
to convert the PDF files to text. - Run
python process_certificates.py --fresh --do-extraction <dir>
to extract information from the certificates and security targets. - Run
python process_certificates.py --fresh --do-pairing <dir>
. - Run
python process_certificates.py --fresh --do-processing <dir>
to run various heuristics which will create post-processed sectionprocessed
for every certificate (results are stored incertificate_data_complete_processed.json
). - Run
python process_certificates.py --fresh --do-analysis <dir>
to perform analysis of certificates (various graphs, statistics...). - Open, look and enjoy graphs like
num_certs_in_years.png
ornum_certs_eal_in_years.png
. Forcertid_graph.dot.pdf
and other large graphs use Chrome to display as Adobe Acrobat Reader will fail to show whole graph.
Extending the analysis
The analysis can be extended in several ways:
- Additional keywords can be extracted from PDF files (modify
cert_rules.py
) - Data from
certificate_data_complete.json
can be analyzed in a novel way - this is why this project was concieved at the first place. - Help to fix problems in data extraction - some PDF files are corrupted, there are many typos even in certificate IDs...
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for sec_certs-0.0.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | b16db70061d1a52d28462bb5f413d4831428f7d6f01e025055804e78de9adeb0 |
|
MD5 | b4573b8e3379ee252384e16033a91fe1 |
|
BLAKE2b-256 | 6ba546ec83088dcc5aa819b637f5314adc43517a00c17a47302112dc584b0fb9 |