Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

CIT 480: Securing Computer Systems Lab #1: Cryptography

advertisement 
CIT 480: Securing Computer Systems
Lab #1: Cryptography Basics
Name: _____________________
1: Lab Preparations
In this lab, you will not need to use a virtual machine. You will do all parts of this lab with your Linux
user account. To start, login to your Linux PC in the GH 160 lab or login to a Linux server like
kosh.nku.edu via ssh with your NKU Linux username and password. We will use the OpenSSL
package to experiment with encryption and decryption using both symmetric and asymmetric (public
key) encryption algorithms. We will also use OpenSSL to compute message authentication codes.
The command man openssl will provide short descriptions of how the command works. See the
OpenSSL command HOWTO at http://www.madboa.com/geek/openssl/ to obtain more details.
We will use some fairly long command lines, so you may be tempted to use copy and paste. Don’t.
Using copy and paste between a word processor document and the command line will cause some very
difficult to debug problems. For example, many word processors use “smart quotes” instead of actual
double quotes. Smart quotes are angled double quotes that look nice, but neither the left nor the right
smart quote is the same character as the ASCII double quote character used on the command line and in
programming languages. These copy and paste errors can be quite difficult to debug, as the error
messages will never state that copy and paste was the problem, and a wide variety of punctuation
characters used in programming and command shells are affected.
Instead, remembering the basics of command line editing will help make using these faster and more
accurate. The up and down arrows navigate through history, while the command history will show a
numbered list of all past commands from this session. The ! command can be used to execute any
command from history by number, e.g. !14 will execute the 14th command in the history list, and !! will
execute the previous command. While editing a command line, you can use emacs style editing
commands, such as ctrl-a to move to the beginning of the line, ctrl-e to the end of line, and ctrl-k will
delete from the cursor position to the end of the line.
2: Encryption and Decryption
Copy the password file from the path /etc/passwd on kosh.nku.edu to your home directory and verify
its presence.
If you are using a Linux PC, use sftp to perform this operation. Basic file navigation commands in
sftp are the same as in the UNIX shell, but you also need the get and put commands to download and
upload files. The help command will display a list of available commands.
$ sftp kosh.nku.edu
sftp> cd /etc
sftp> get passwd
sftp> quit
$ ls -l
If you are doing this lab on kosh.nku.edu use cp to perform this operation as follows:
$ cp /etc/passwd .
2.1: Encrypt the file using the Advanced Encryption Standard (AES) 128-bit version using the openssl
command. Use whatever password you want to use for encryption, but remember it as you will need it
for later questions in the lab.
Compare the sizes and types of the resulting files. Describe how they differ in your own words.
$ openssl aes-128-cbc -salt -in passwd -out passwd.aes
$ ls -l passwd*
$ file passwd*
2.2 (not for online sections): Pick a nearby student in the class and share your encrypted file with them.
Give them the pathname of the file and make any modifications to file and directory with permissions
with chmod needed to give them access. In the box below, write down the full pathname of the file and
any chmod commands you had to use to give them access.
2.3 (not for online sections): Use the following command to decrypt the file given to you by your
fellow student. Compare the file with the original file using the diff command to verify that
decryption worked correctly. If the diff command produces no output, then the files match. Any
output indicates a discrepancy between the two files.
$ cd
$ openssl aes-128-cbc -d -salt -in /path/from/neighbor/passwd.aes -out decrypt-passwd.txt
$ diff passwd decrypt-passwd.txt
3: Message Authentication Codes
In this part of the lab, we will use openssl to generate message authentication codes, which are also
known as message digests, to check when a file has been modified.
3.1: Compute the MD5, SHA-1, and SHA-256 MACs for the passwd file. Write down the three
resulting MACs in the box below. What are the similarities between the three different MACs? What
are the differences?
$ openssl dgst -md5 passwd
$ openssl dgst -sha1 passwd
$ openssl dgst -sha256 passwd
3.2: Copy the passwd file, then compare the MACs of the original and copied passwd files. Do the
MACs differ in any way?
$
$
$
$
cp passwd passwd.1
openssl dgst -md5 passwd.1
openssl dgst -sha1 passwd.1
openssl dgst -sha256 passwd.1
3.3: Edit passwd.1 and change the first character, which is an r, to an s, then compute the checksums
again. Write the checksums in the box below. What are the differences between the MACs for passwd
and passwd.1? Are the majority of the encoded digits different? How are the differences between the
MACs of the two files important for using MACs to secure the integrity of files?
$
$
$
$
vim passwd.1
openssl dgst -md5 passwd.1
openssl dgst -sha1 passwd.1
openssl dgst -sha256 passwd.1
4: Public Key Encryption (not for online sections)
In this section, you will create a public/private key pair and exchange encrypted messages with a fellow
student.
4.1: Create RSA public and private keys. The first command creates a 2048-bit RSA private key stored
in an encrypted file named mykey.pem. The second command generates the public key from that file and
stores it in a plaintext file named mykey.pub. Include your public key in the box below.
$ openssl genrsa -des3 -out mykey.pem 2048
$ openssl rsa -in mykey.pem -pubout -out mykey.pub
4.2: Share your public key with your partner from the first part of the lab. Give them the pathname of
the public key file and make any modifications to file and directory with permissions with chmod
needed to give them access. In the box below, write down the full pathname of the file and any chmod
commands you had to use to give them access.
4.3: Encrypt a short message in a file with your partner's public key, so that only your partner can read
the resulting file. Even you cannot decrypt the file, since you do not know your partner's private key.
$ echo “my short message” > plain.txt
$ openssl rsautl -encrypt -pubin -inkey /path/to/my/partners/key.pub -in plain.txt -out
plain.rsa
4.4: Decrypt the file that your partner encrypted with your public key above. Do the files match?
$ openssl rsautl -decrypt -inkey mykey.pem -in /path/to/my/partners/plain.rsa -out plain.2
$ diff plain.2 plain.txt
4.5: Attempt to encrypt the passwd file with your partner's public key. What error message do you see?
Describe in words how you would encrypt a file to share with your partner to avoid this error message.
$ openssl rsautl -encrypt -pubin -inkey /path/to/my/partners/key.pub -in passwd -out
passwd.rsa
5: Submitting the Lab
A hardcopy of this lab is due in the class following the one in which you began this lab. Online
students will submit the lab via Blackboard.
Related documents
lecture 3
lecture 3
Unit 6 Operating Systems
Unit 6 Operating Systems
output decrypts
output decrypts
CS 465 Introduction to Computer Security
CS 465 Introduction to Computer Security
RHA030 - Workbook
RHA030 - Workbook
OpenSSL is an open source project which
OpenSSL is an open source project which
cs772MidtermFall15Solution
cs772MidtermFall15Solution
Heartbleed – What is it?
Heartbleed – What is it?
Application Security - wisc.org.ua
Application Security - wisc.org.ua
Download
advertisement