The company you work for, which specializes in cryptography, has been commisionned by a financial institution, the Georgian Bank (GB), whom has just aquired another bank -- the Alpha Credit Union (ACU). As part of the merger, bank accounts are to be transferred from ACU to GB and customers are to migrate to GB's online banking systems login. Of particular interest are files containing customer's PINs and passwords the will need to be securely transferred from ACU to GB.
It has been agreed that a system needs to be built to support file-level encryption, so that an export of the customer credentials can be encrypted by ACU, transferred to GB and decrypted for import.
The high level requirements are:
A new PKI will be stood up to issue certificates to GB and ACU.
GB's certificate will be used to encrypt the files to be transferred.
The files will also need to be signed by ACU.
The files will be compressed (for efficiency) by ACU and decompressed by GB.
The certificates issued to GB and ACU are not self-signed, but rather chain up to a common root trusted by both GB and ACU.
Before using the certificates for crypto operations, they must be verified using the trust chain. Revocation can be ignored for this project.
The system should accept any file, not just files you created. It'd be nice if your system is compatible with other groups', but it's not a requirement.
Order of operations: encryption, signing, compression. What order did you choose, and why? Be sure to provide an explanation in the Design Document.
Scripts/code/commands. Provide a brief writeup on what they do (similar to assignment).
Design Document. Explain your overall design and design choices, be sure to include diagrams to help explain system components and process/data flow.
Operator Manual. Explain how to use the system for operators, e.g. step by step instructions.
Implement file encryption.
Implement digital signature for files.
Create and use certificates.
Implement a mini PKI.