Module 4: Applied cryptography

Put your answers in the README.md file in the GitHub repository.
Github Classroom Link: https://classroom.github.com/a/W7S2B0pW

Exercise 1 - Diffie-Hellman key exchange

With Diffie-Hellman key exchange, two parties arrive at a common secret key, without passing the common secret key in public.

Complete the following steps to exchange a private key with a partner.

Step 1. Find a partner to exchange keys with.

Step 2. Choose one person to represent Alice and the other person to represent Bob.

Step 2. Agree upon the public key values of g and n. Use a prime number for n.

Step 3. Alice chooses a number for private key a and Bob chooses a number for private key b.

Step 4a. Alice calculates the value A: \(A = g^a \mod n\)

Step 4b. Bob calculates the value B: \(B = g^b \mod n\)

Step 5. Alice and Bob exchange values A and B.

Step 6a. Alice calculates a copy of the shared secret key using Bob's public B and Alice's private a: \(key = B^a \mod n\)

Step 6b. Bob calculates a copy of the shared secret key using Alice's public A and Bob's private a: \(key = A^b \mod n\)

Step 7. Verify with your partner that you now have the same shared secret key.

Step 8. Record your math and results in the README.md file in your GitHub repository for this module.

Exercise 2 - Encrypt a file using a partner's public key (Asymmetric cryptography)

The goal of this exercise is to use a partner's public key to encrypt a message that only they can decrypt using their private key.

Step 1. Find a partner to exchange encrypted messages with.

Step 2. Change directory to where the public keys are stored for this class. And list available the keys.

$ cd /opt/publickeys/
$ ls
  

Step 3. Import your partner's public key file.

gpg --import name_of_pub_key_file

Step 4. List your public keys.

$ gpg --list-public-keys

Step 5. Sign your partner's key. Signing a key tells the gpg software that you trust the key that you have been provided with and that you have verified that it is associated with the person in question.

$ gpg --sign-key your.partner@richmond.edu

Step 6. Change directory back to your home directory and create a plaintext message. Edit a plaintext file and write a short message for your partner (maybe your favorite flavor of ice cream).

$ cd ~
$ nano partnersname.txt
  

Step 7. Encrypt the plaintext message using your partner's public key.

$ gpg --encrypt --armor --recipient your.partner@richmond.edu partnersname.txt

Step 8. View your encrypted file.

$ cat partnersname.txt.asc

Step 9. Copy the encrypted file to the /opt/messages/ directory.

$ cp partnersname.txt.asc /opt/messages/

Step 10. Copy the encrypted file that your partner left for you in the /opt/messages directory to your home directory.

$ cd /opt/messages/
$ ls 
$ cp yourname.txt.asc ~
  

Step 11. Change directory back to your home directory and decrypt the file.

$ cd ~
$ gpg --decrypt yourname.txt.asc
  

Step 12. Put the results of the gpg decrypt command into the README.md file in your GitHub repository for this module.

Step 13. In the README.md file explain who has access to decrypt the encrypted file. Attempt to decrypt the partnersname.txt.asc with your private key. Explain the results of this command and why this is the case.

$ gpg --decrypt partnersname.txt.asc

Step 14. Re-encrypt the partnersname.txt file but this time use both your partner's and your public key.

$ rm partnersname.txt.asc
$ gpg --encrypt --armor --recipient your.partner@richmond.edu --recipient your.email@richmond.edu partnersname.txt
  

Exercise 3 - Sign a file using your private key (Asymmetric cryptography)

With a digital signature, a sender can use a private key together with a message to create a signature. Anyone with the corresponding public key can verify whether the signature matches the message, but a forger who does not know the private key cannot sign a message as the own of the private key.

Step 1. Create a new plaintext message in a new file.

$ nano signedbyyourname.txt

Step 2. Sign the plaintext file with your private key.

$ gpg --sign --armor signedbyyourname.txt

Step 3. View your encrypted file.

$ cat signedbyyourname.txt.asc

Step 4. Copy your signed file to the /opt/signed/ directory.

$ cp signedbyyourname.txt.asc /opt/signed/

Step 5. Copy the encrypted file that your partner left for you in the /opt/signed directory to your home directory.

$ cd /opt/signed/
$ ls 
$ cp signedbypartner.txt.asc ~
  

Step 6. Change directory back to your home directory. Then decrypt and read your partner's signed file.

$ cd ~
$ gpg --decrypt signedbypartner.txt.asc
  

Step 7. Put the results of the gpg decrypt command into the README.md file in your GitHub repository for this module.

Step 8. In the README.md file explain who has access to decrypt the file and why.

Exercise 4 - Encrypt a file using a partner's public key and sign the file using your private key (Asymmetric cryptography)

Step 1. Use the gpg program to encrypt using your partner's public key, but also sign the message with your private key.

Hint: You can use both the --encrypt and --sign options in a single command.

Example

$ gpg --encrypt --sign --armor --recipient your.partner@richmond.edu partnersname.txt
  

Step 2. Experiment with the gpg command in step 1. In the README.md file, write down the steps you took to share an encrypted and signed message.

Step 3. In the README.md file explain who has access to decrypt the file and why.

Exercise 5 - Encrypt a file using a shared secret key with AES (Symmetric cryptography)

Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both the encryption of plaintext and the decryption of ciphertext.

Step 1. Find out what ciphers are available with the gpg program, and add this to the README.md file.

$ gpg --version

Step 2. Create a new message to encrypt.

$ nano yournamesymmetric.txt

Step 3. Think of a passphrase. Share this passphrase with your partner, this is your shared symmetric key.

Step 4. Encrypt the file using AES256. When prompted for a passphrase enter the phrase from step 3.

$ gpg --armor --symmetric --cipher-algo AES256 yournamesymmetric.txt

Step 5. View your encrypted file.

$ cat yournamesymmetric.txt.asc

Step 6. Copy your encrypted file to the /opt/symmetric/ directory.

$ cp yournamesymmetric.txt.asc /opt/symmetric/

Step 7. Copy your partner's encrypted file to your home directory.

$ cd /opt/symmetric/
$ ls
$ cp partnernamesymmetric.txt.asc ~
  

Step 8. Change directory back to your home directory. Then decrypt and read your partner's signed file.

$ cd ~
$ gpg --decrypt partnernamesymmetric.txt.asc
  

Step 9. Put the results of the gpg decrypt command into the README.md file in your GitHub repository for this module.

Step 10. In the README.md file explain who has access to decrypt the encrypted file.

CMSC 334

Computer Security

David G. Balash

david.balash@richmond.edu

Slack for Q&A