Add to collection(s) Add to saved
  1. Arts & Humanities
  2. Communications

Assignment #3 GPG

advertisement 
CSc 254 - Assignment 3: GPG, Fall 2006, Ghansah
Due: Monday, November 6
GOALS: The purpose of this lab is to get an understanding of how to secure
communications and what tools are available to assist us in doing that. We will use GPG
which is the same as Open PGP based on RFC 2440.
REQUIREMENTS
In this assignment you will learn details on how to configure GNUPG to establish secure
communications to each group in the class. You will learn to manage the keys and key
distribution between groups. There will be two groups. For convenience it will be the
same as the one used for the attack and defend assignment.
Download and install GNUPG on your computer if you do not already have it. You
should plan to securely communicate to each group in the class. The following site below
should be of some assistance.
http://www.gnupg.org/
Discuss the challenges you encountered and how you resolved them.
You should use the tools and techniques we have discussed in the lecture. Output from
programs should feature prominently.
Creating the Public Key Pair
For this assignment you will actually communicate between groups and need keys and
signatures for each group, so that step should be included here.
In your report:
1.
Show the exact command you used to create the keypair.
2.
Show the exact command you used to create the revocation certificate.
3.
Describe the method you used to choose a strong password (but do not include
your passphrase in your report).
4.
Explain why you chose the algorithm you chose (may require research).
5.
Explain why you chose the key size you chose (may also require research).
6.
Describe one possible place safe place to store your keypair and revocation
certificate (but not the one you really used!).
Do not include your passphrase, private key, revocation certificate, or the location where
you stored any of these items in your report. Keep this information private.
Signing Keys
In lab:
1.
Have everyone on your team sign your key in turn. You sign their keys in
exchange.
2.
Assign ownertrust to each public key you import.
3.
When finished, make sure your keyring contains all your teammates' public keys
and signatures from all your teammates on your public key
In your report:
1.
Describe the steps you took (and the steps you should have taken, if different)
when signing your teammates' keys. Show the exact commands you used.
2.
Insert a very verbose listing of your keyring in your report (gpg --verbose -verbose --list-keys)
3. Explain what ownertrust values you assigned to your teammates' keys and why.
Publishing Your Key
In lab:
1.
Export your key to a file on portable media.
2.
Send your public key to a keyserver. Indicate where you sent it.
After lab:
1.
Put your public key somewhere public (a web page, Oncourse, etc.)
2.
Put your fingerprint in your e-mail signature, business card, or on some other item
that's convenient for passing along to others but where space is tight.
In your report:
1.
Show the exact command you used to export the key. Explain any extra options
you used.
2.
Give an example of how you've published your public key (if on a web page, give
a URL).
3. Give an example of how you've published your fingerprint (one of your business cards,
copy of your e-mail signature, etc.)
Encrypting and Signing Messages
In lab:
1.
Compose a signed, encrypted message for your teammates. It should also be
encrypted for yourself. Explain how you did it showing all the steps and commands you
used.
2. Receive your teammates' signed, encrypted messages. Decrypt them and verify the
signatures. Explain how you did it showing all the steps and commands you used.
In your report:
1.
Include the text-encoded ciphertext of the signed, encrypted message you sent to
your teammates.
2.
Include the decrypted messages your teammates sent you. Also include the output
of the signature verification step for each message. Show the exact commands you used.
Email.
Email your signed/encrypted messages to your group members
Email signed messages only by email
Do the above two except detach the signatures from the email.
Show how you verified the email messages
RECOMMENDATIONS: What you learned, problems you faced, how much time it
took, suggestions for the instructor, etc.
DELIVERABLES:
Answers to all the questions in the “Requirements” section above.
Turn in a files containing your “script” session.
Turns in files of all data such messages both plaintext and encrypted.
GRADING CRITERIA: Your grade will be based on answers to the above questions as
well as how well you attempted to identify the device by using appropriate nmap options.
SUBMISSION: MUST BE DONE ELECTRONICALLY USING THE CLASS
DROPBOX.
Related documents
Handout 1
Handout 1
Safety Culture- Building a Great One
Safety Culture- Building a Great One
Just Me, A Player` s Poem By: Tom Krause
Just Me, A Player` s Poem By: Tom Krause
有更多机会表現自己 - CLTA-WA
有更多机会表現自己 - CLTA-WA
TeammateTime: Moving to Teammate Time
TeammateTime: Moving to Teammate Time
Are Good Proposal Managers Two Faced_APMP Dallas
Are Good Proposal Managers Two Faced_APMP Dallas
Mining Your Ps and Qs: Detection of Widespread Weak Keys in
Mining Your Ps and Qs: Detection of Widespread Weak Keys in
100 THRASS HOTWORDS® - ik
100 THRASS HOTWORDS® - ik
Download
advertisement