Laboratory Five – Public Key Infrastructure
This laboratory introduces you how to use PGP, a Public key cryptographic freeware
that issued to generate a private/public key. Note that a pair key is just a number,
which associates with a certificate. For example, your ID number is similar to a
private key, while your name, your birth date, nationality are the data for a certificate.
The laboratory was originally developed by Wilson and was modified to suit your
need.
Objectives:
1
2
install the PGP software and how to encrypt/decrypt a file.
digitally sign a document
Review: (encryption and digital signature, lecture 3-2, page 16)
Encryption: recipient’s public key to encrypt and recipient’s private key to decrypt
Digital signature: sender’s private key to sign and sender’s public key to un-sign
Procedure: - download and install PGP8.0.2
- Please download the [securengine_setup.exe], [Sunset.jpg] and [password.txt]
from the following web site:
http://personal.cityu.edu.hk/~dcykcho/dco20203/PGP8.exe
- Save the [PGP8.exe] installation program in the [Desktop].
-
Double click the icon
to install the program.
Click [Next]  [Yes]  [Next] to start the installation.
2016/2/18
1
-
After accepting the license agreement, the installation completed, you will see the
following screen. Select [No, I’m a New User], then click [Next].
-
Use the [Default] Destination Folder and click [Next].
-
Then, only select [PGPdisk Volume Security] and click [Next] and [Next] to
install.
-
Once complete, please click [Finish] to
restart your computer.
2016/2/18
2
-
After reboot, you will see the following screen. Please click [Later] to continue:
Part II – PGP key pair generation
-
Before start to use PGP, we need to generate a pair of key. Please click [Expert] to
start the key creation steps. Please fill in your name in the field [Full name] and
email address in the field [Email address], then click [Next].
-
Then, please key in and confirm your [Passphrase] not less than 8 characters, then
click [Next].
2016/2/18
3
-
Finally, the key pair will be generated. Click [Next] and [Finish] to Exit.
Part III – Sending the Public key to the CA
-
You can see that, in your machine you have a key pair named with [you name]
and [email address].
-
with this key pair, you can send your Public key to the CA’s server and let other
users to obtain your public key. (here, we send it to ourselves.)
-
Please select [Server] then select [Send to] > [Domain Server]. Your public key is
now sending to the Public Key server.
Part IV – Using the Public key for Encryption
-
Now, use [Notepad] to create a plaintext document (you may type something in
this document) and save it on the WindowsXP Desktop with filename
[plaintext.txt].
-
Search your recipient’s public key by his/her email address in the PGPkeys
Desktop Panel. [Right-click] your desired key and select [Import to Local
Keyring] to import his/her public key into your PGPkeys Desktop Panel.
2016/2/18
4
-
After successfully import his/her key in your local keyring, you can [Right-click]
the document [plaintext.txt] in the WindowsXP desktop and select [PGP >
Encrypt].
-
2016/2/18
5
Now, you can select which recipient you want to send and use his/her public key
to encrypt the [plaintext.txt] document.
-
Please tick the [Text Output] and press [OK] to start encryption.
When you use recipient’s public key for encryption, does the system ask you for a
password? (Yes/No)__________________________________________________
Why? _____________________________________________________________
-
Now, in your WindowsXP Desktop, you should find an encrypted file with the
filename [plaintext.txt.asc].
-
You may use the [Notepad] to see the content of the encrypted file.
-
Finally, please email this encrypted file to the recipient and see whether he/she
can decrypt this file or not.
This time, when the recipient wants to decrypt the file, does the system ask
him/her for a password? (Yes/No) _____________________________________
Briefly explain why?
________________________________________________________________
2016/2/18
6
Part V – Using the Private for Digital Signature
-
Now, use [Notepad] to create another plaintext document (you may type
something in this document) and save it on the WindowsXP Desktop with
filename [signature.txt].
-
This time, the private key owner wants to digital sign a document with his/her
own private key.
-
[Right-click] the [signature.txt] document in the WindowsXP desktop and select
[PGP > Sign].
-
Type your [Passphrase], select [Text Output] and press [OK].
Does the system ask you for a password when you want to digital sign your
document? (Yes/No) ________________________________________________
Why?___________________________________________________________
-
Now, in your WindowsXP Desktop, you should find an encrypted file with the
filename [signature.txt.asc].
-
You may use the [Notepad] to see the content of the digital signed file.
Content
Digital
Signature
2016/2/18
7
-
Finally, please email this digital signed file to the recipient and see whether he/she
can verify this file or not.
-
[Right-click] the [signature.txt.asc] document in the WindowsXP desktop and
select [PGP > Decrypt & Verify].
This time, when the recipient wants to verify this file, does the system ask you for a
password? (Yes/No) ________________________________________________
Why?____________________________________________________________
Now, try to use [Notepad] to modify one of the characters in the Digital Signed
file [signature.txt.asc] and see whether you can successfully verify this file or not.
(Yes/No) __________________________________________________________
What is the error message?__________________________________________
Two Marks: ______________
2016/2/18
8