I need help in doing this work.

The CA will sign the intermediate CA$$s public key and allow it to sign client certificates. The intermediate CA will then sign a certificate of a client. You will also have to create modified versions of the openssl.cnf file for each of them. The following are details of the CA$,$ intermediate CA and client.

CA: CARoot, Inc. $($www$.$caroot.com$),$ US

Intermediate CA: Trust Services, Inc. $($www$.$trustservices.com$),$ US

Client: University of Denver $($universityofdenver$.$edu$),$ US

Perform the following actions using the OpenSSL command line. Note that you must use the configuration files in your commands; do not put every applicable parameter in the command line.

As is done here, create a CA and a client CSR$.$ Do not sign the CSR using the CA yet.

Create a folder for an intermediate CA$.$ Repeat the same steps as for a CA$,$ but add the following new section to its OpenSSL configuration file.

$[$ int$\_$ca$\_$req $]$ This section should include extensions that the intermediate CA would like to include in its CSR file while requesting a signature from the CA$.$ Ask for extensions that would allow the intermediate CA to sign other certificates, sign its CRL$,$ or generate digital signatures. All extension fields should be critical.

Create a new section in the CA$$s OpenSSL configuration file.

$[$ int$\_$ca $]$ This section should include default extensions that the CA will add when signing a certificate for an intermediate CA$.$ It should allow the intermediate CA to sign other user certificates but not sign certificates for other intermediate CAs $($hint: pathlen$).$ The extensions should also have the subject and authority key identifier.

Generate a CSR for the intermediate CA$$s certificate. Then get it signed by the CA to generate the intermediate CA$$s certificate $($name it interimca.crt$).$ The intermediate CA certificate should have a validity of $5$ years. Verify the certificate and ensure that the correct extensions are present in it$.$

Next get the client$$s certificate signed by the intermediate CA$.$ Name the certificate universityofdenver.crt$.$ Client certificates should be given a validity of $3$ months.

Verify the entire certificate chain, i$.$e$.$ verify universityofdenver.crt using the CA and intermediate CA$$s certificates.

Submit a text file with the list of commands used by you in the exercise along with the three certificates created $($CA$,$ intermediate CA and client$)$ and the OpenSSL configuration files for the CA and the intermediate CA$.$

Here is a command sequence: ################################################

# Generic Cryptographic Operations

################################################

# Create working directory

mkdir keying

cd keying

#####

# Create test file with some text

nano file.txt

# See file

cat file.txt

#####

# Hash function

openssl dgst $-$help

openssl dgst $-$sha$1$ file.txt

openssl dgst $-$sha$256$ file.txt

openssl dgst $-$sha$512$ file.txt

#####

# HMAC

openssl dgst $-$sha$256-$hmac $75984738957438975984379859437$ file.txt

openssl dgst $-$sha$256-$hmac $75984738957438975984379859436$ file.txt

openssl dgst $-$sha$256-$hmac $75984738957438975984379859436-$out file$\_$sha$256.$out $-$binary file.txt

cat file$\_$sha$256.$out

xxd file$\_$sha$256.$out

#####

# AES$-128-$CBC Encrypt

openssl enc $-$aes$128-$K $1234567890$abcdefabcdef$1234567890-$in file.txt $-$iv a$1$b$2$c$3$d$4$e$5$f$6$a$7$b$8$c$9$d$01234567890$ab $-$out file$\_$aes$128$cbc$.$out

cat file$\_$aes$128$cbc$.$out

xxd file$\_$aes$128$cbc$.$out

# Different iv$,$ different encryption

openssl enc $-$aes$128-$K $1234567890$abcdefabcdef$1234567890-$in file.txt $-$iv a$1$b$2$c$3$d$4$e$5$f$6$a$7$b$8$c$9$d$01234567890$ac $-$out file$\_$aes$128$cbc$.$out

xxd file$\_$aes$128$cbc$.$out

# Base$64$ encoded output

openssl enc $-$base$64-$aes$128-$K $1234567890$abcdefabcdef$1234567890-$in file.txt $-$iv a$1$b$2$c$3$d$4$e$5$f$6$a$7$b$8$c$9$d$01234567890$ac $-$out file$\_$aes$128$cbc$.$b$64$

cat file$\_$aes$128$cbc$.$b$64$

#####

# AES$-128-$CBC Decrypt $($just use $-$d$)$

openssl enc $-$d $-$base$64-$aes$128-$K $1234567890$abcdefabcdef$1234567890-$in file$\_$aes$128$cbc$.$b$64-$iv a$1$b$2$c$3$d$4$e$5$f$6$a$7$b$8$c$9$d$01234567890$ab $-$out file$\_$decrypted.txt

#####

# List of ciphers

openssl list $-$cipher$-$algorithms

#####

# RSA key generation

openssl genrsa $-$out keypair.pem $4096$

# See keys $($modulus and priv.exp is private key, modulus and pub.exp is public key$)$

openssl rsa $-$in keypair.pem $-$text $-$noout

# Extract public key into a separate file

openssl rsa $-$in keypair.pem $-$pubout $-$out pub$\_$keypair.pem

openssl rsa $-$in pub$\_$keypair.pem $-$pubin $-$text $-$noout

#####

# RSA encryption

openssl rsautl $-$encrypt $-$pubin $-$inkey pub$\_$keypair.pem $-$in file.txt

openssl rsautl $-$encrypt $-$pubin $-$inkey pub$\_$keypair.pem $-$in file.txt $-$out file$\_$rsa.out

#####

# RSA decryption

openssl rsautl $-$encrypt $-$pubin $-$inkey pub$\_$keypair.pem $-$in file.txt $-$out file$\_$rsa.out

openssl rsautl $-$decrypt $-$inkey keypair.pem $-$in file$\_$rsa.out

#####

# Digital signature

openssl dgst $-$sha$256-$sign keypair.pem $-$out file$\_$signature file.txt

xxd file$\_$signature

openssl dgst $-$sha$256-$verify pub$\_$keypair.pem $-$signature file$\_$signature file.txt

############$.$ a detailed explanation with the steps performed willl be helpful.