Question

1. Create an RSA private key

2. Output the key in a text format so that it shows the following:

    modulus
    public exponent (e)
    private exponent (d)
    the primes (p and q)

Send me a file called key.txt with this information.

3. Using openssl's rsautl option encrypt this message to me: "NAME" using the public key that's embedded with the private key above. Attach a file named encrypted.txt that contains the encrypted message. Hint: Copy the text above and put it in a file, then the openssl -pubout option to extract the public part of the key to a new file. Use that file as your "inkey" parameter.

4. Using openssl's rsautl option sign the message "NAME" to me using your private key. Attach the signed message as the file signed.txt and the message.txt. (The submission is two files; the original file with the plaintext "NAME" inside, and the signature which is the digest of that file)

5. Copy all the output from this assignment (especially your public and private keys) to a safe place for subsequent assignments.

DO THIS USING A MAC

Answer 1

Task 1 Encryption using different ciphers and modes

In this task, we will play with various encryption algorithms and modes. You can use the following

openssl enc command to encrypt/decrypt a file. To see the manuals, and to see the various cipher

modes that OpenSSL supports, you can type man openssl and man enc.

% openssl enc <ciphertype> -e -in plain.txt -out cipher.bin \

-K 00112233445566778899aabbccddeeff \

-iv 0102030405060708

(The backslashes denote the fact that the command carries over onto the next line, and are of course not

necessary in general.)

Replace the <ciphertype> with a specific cipher type, such as -aes-128-cbc (for AES with 128-

bit keys in CBC mode), -aes-128-cfb (cipher feedback mode), -bf-cbc (Blowfish in CBC mode),

etc. You can see the list of supported ciphers on your machine by running the command openssl enc

--help (note that the enc command actually does not support the --help option—get used to the doc-

umentation for OpenSSL being rather poor—but that it will nonetheless show you its various options and

supported ciphers). Familiarize yourself with this by trying at least three different ciphers and three different

modes.

We include some common options for the openssl enc command in the following:

-in <file> input file

-out <file> output file

-e encrypt

-d decrypt

-K/-iv key/iv in hex is the next argument

-[pP] print the iv/key (then exit if -P)

Sections 1–4 are Copyright

c 2006 - 2011 Wenliang Du, Syracuse University (with slight updates provided

by Dave Levin). The development of this document is/was funded by three grants from the US National

Science Foundation: Awards No. 0231122 and 0618680 from TUES/CCLI and Award No. 1017771 from

Trustworthy Computing. Permission is granted to copy, distribute and/or modify this document under the

terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Soft-

ware Foundation. A copy of the license can be found at http://www.gnu.org/licenses/fdl.html.

However, you will very rarely be typing in the key and initialization vector yourself: that is very prone

to error, and is kind of a waste of time. Instead, we can use OpenSSL itself to help us generate random

symmetric keys. Really, all we want from a symmetric key is that it be the right size and that it be random,

so we generate them with OpenSSL’s rand command:

% openssl rand -base64 16 > symm_key

This will generate a 16 byte (128 bit) random value in base 64 encoding. We can use this to encrypt as

follows:

% openssl enc ciphertype -e -in plain.txt -out cipher.bin \

-pass file:symm_key -salt

Note that the key we generated, symm key, is being used instead of specifying the key by hand. Strictly

speaking, we will not use this as our key, but rather as a sort of “password” that will be used to help generate

the key. To see this, you can attach the -P option to view the key that is actually being used. In any event,

decryption also uses the same -pass file:symm key argument (it does not need the -salt argument

— technically, neither does encryption, as it is the default, but this is just to reinforce that you should never

use no salt).

Submission: Please submit a file task1a.bin using the above static key (00112233...) and initial-

ization vector (010203...) in AES 128-bit mode with CBC; this file should decrypt to a file consisting of

your UID. Also, submit two additional files: the first should be task1.key which is a random key value

as described above, and the second should be called task1b.bin. We should be able to decrypt, using

256-bit AES in CBC mode, task1b.bin using task1.key as the key file (as above) to get the plaintext

file: a file consisting of your UID.