CSCI 343 - Homework 5

Encryption is the life for me!

Due before end-of-day, Wednesday, 16 Nov 2016

Homework

This week, we'll be learning to use openssl and GnuPG, the Gnu Privacy Guard. It is a clone of the popular asymmetric cryptographic software PGP (Pretty Good Privacy) (see also the international PGP homepage). They both function in a similar manner, but only GnuPG is installed on the CS systems.

Collaboration

Note that you must work with other students in order to complete the assignment. You should still perform your own work and learn how to perform the steps on your own.

Part 1 - Private Key Cryptography

I'd like you to get some hands on experience working with some cryptographic tools. On the lab machines, there is a program called openssl which contains a variety of algorithms and modes discussed in lecture. You can read about how to use it on the enc man page. (Type "man enc" on the command line to view.) You'll probably want to pay attention to the "-e", "-d", "-in", and "-out" options.

Decrypt messages from me

Decrypt the following files using the key "kittens". Include the plaintext of each as separate files in your homework submission.

  1. message.des-ecb.enc - Single DES using ECB mode
  2. message.aes-cbc.enc - 128-bit AES using CBC mode
  3. message.rc4.enc - 128-bit RC4

Encrypt a message to me

Create a text file with a secret message to share with me. Pick one of the private key algorithms and encrypt the file. In your README include the name of the ciphertext file, the algorithm used (be specific!), and the key I need to use to decrypt it. List the full command that I will need to use to decrypt the file. Make it easy for me to just cut-and-paste it.

Performance analysis

Using the openssl "speed" command, compare the throughput of DES in CBC mode; DES3; and AES using 128-, 192-, and 256-bit keys in CBC mode.

Part 2 - Public Key Cryptography

Details

  1. You'll probably want to start out by looking through either the manpage or the Gnu Privacy Handbook. You might want to read How PGP Works from the folks at PGP International, or poke around in the GnuPG Documentation.

  2. Use GnuPG to generate both a signing and encryption key (default selection) with a size of least 1024 bits. Since you will be submitting a revocation certificate for this key, you might want to set the validity of both to be no more than 120 days (be sure it lasts until at least the end of the semester, but is not permanent)

    Note that public computer labs are not a good place to store your private key. If you plan to use GnuPG to actually secure or authenticate information, you should probably create and keep the key on your own machine (or another trusted machine) and set the validity of the key to a longer period of time.

    Also, pick a good pass phrase. You should select something that would be difficult to guess, yet able to be memorized. You aren't restricted to 8 characters as you are on some systems, so phrases with mixes of words, letters, and symbols can be a good choice.

  3. Generate a revocation certificate for your key.
  4. Generate a fingerprint for your key.
  5. Export your key to an ASCII (not binary) file.
  6. Add someone else's key to your keyring by:

    1. Importing a key from a file (they must export it to a file, get the file to you, and then you can add it).
    2. By downloading a key from a key server. You should download my class demo GnuPG key from pgpkeys.mit.edu (Fingerprint: B0B8 6D24 4DDB 1446 9847 B4CF 27D0 D585 4F56 0921 ID: 4F560921)
  7. List all the keys in your keyring.
  8. Encrypt and sign a file for someone else using their public key (before you've signed it).
  9. Sign someone else's key and get someone to sign your key. Once your key has been signed, you have to get them to export the key and then you can re-import it. (Otherwise, how would you get their signature?)
  10. Generate a detached signature for a file.
  11. Verify someone else's detached signature.
  12. See what is output for a failed signature check.
  13. Encrypt and sign a file for someone else using their public key (once you've signed it).
  14. Decrypt and verify the signature on a file from someone else using your private key.

To handin

Create a Zip file with the following information and submit it via Blackboard: (All files must be in ASCII format not binary)


Last Modified: November 11, 2016 - Benjamin A. KupermanVI Powered