Commands genrsa, rsa, rsautl, dsaparam, gendsa, dsa  (more generaly genpkey,pkey,pkeyutl)

1. Compare speed of RSA, AES128, SHA1 and RSA functions.
  
RSA: 
2. Generate RSA-1024 private key in PEM format to RSApriv.pem with 65536 as the public exponent. Open the file and check the format.
3. Compute corresponding public key (PEM format) to RSApub.pem and open the file to see the content.
4. Print out the values RSA primes, modulus, ... and check the correctness of values (p,q,e,d,n) - use some math software e.g. www.wolfram_alpha.com to perform the operations (large numbers). 
5. Use RSA keys to encrypt and decrypt message "123456789012". What is the maximum size of message - what happend when larger message is encryted? Try!
6. Use RSA keys to sign and verify signature of the message 123456789012. 

DH
7. Generate parameters (group) for DH with generator g = 2 and size of the group 512 bits. 
8. Print out the parameters and check correctness of their values (p, ord(g)).

DSA: 
9. Generate 1024 DSA parameters to DSAparams.pem.
10. Generate DSA private and public key from DSAparams.pem.   
11. Sign and verify signature of document (Use UCO as content) - use sha1 alg. for hashing. 
12. Create second DSA signature and compare it with the first one.  


Certificate & browser: 

13. Find certificate (click on lock in browser -> Certificate) of www.google.com find out which algorithms are used for hashing. Look at the content (Public alg, period, ...) of the Cert.
14. Look at the certification path - who is the issuer of the user certificate? Check its certificate ...  ?
15. Who is the trust anchor in the chain - check isuer and subject in his cert. 
16. Download corresponding CRL of leave CA. 
17. Open CRL and check its content.

Connecting to SSL Services (s_client)
18. Connect to www.fi.muni.cz. 
19. Check certificate path.
20. Connect to www.google.cz and save cert to GOOGLE.crt.

Format transformations (x509)
21. Decode certificate GOOGLE.crt.
22. Convert a certificate from PEM to DER format.
23. Convert a certificate from DER to PEM format.

Cert (x509)
24. Create CSR (certificate signing request) from existing key. 
25. Check the content of CSR. 
26. Create self signed cert(x509 or req). 
	

Revocation (s_client, X509, ocsp) - Optional
27. Checking OCSP Revocation
	1. Obtain the certificate that you wish to check for revocation (s_client).
	2. Obtain the issuing certificate.	
	3. Determine the URL of the OCSP responder(x509).
	4. Submit an OCSP request and observe the response(ocsp).