IT@KMUTNB

advertisement
Computer Network Security Lab #2 1
IT@KMUTNB
Lab #2
Encryption with OpenSSL
1. The Goal of the Laboratory
The main objectives of this laboratory are:
1.1 To
experiment
with
various
symmetric
investigate
the
differences
encryption
techniques
1.2 To
among
symmetric
encryption techniques
2. Symmetric Ciphers
Symmetric key algorithms use the same key to encrypt and
decrypt data. OpenSSL supports several symmetric key
algorithms, some of which you have already studied in class.
List 1 stream cipher and 3 block ciphers that you studied in
the lecture.
Cipher
Stream or Block
1.
2.
3.
4.
3. openssl enc
Dr.Sirapat Boonkrong
Computer Network Security Lab #2 2
IT@KMUTNB
The OpenSSL
enc
command allows you to encrypt and
decrypt your data with several symmetric encryption algorithms.
To view the available algorithms, execute the command:
openssl
list-cipher-commands.
When issuing the
enc
command, the syntax of should be as
follows:
openssl enc [-encryption algorithm] [-e] [-d] [-K key] [-iv vector]
[-in file_input] [-out file_output] [-nopad]
where:

-encryption algorithm,
indicates the symmetric encryption
algorithm to use to encrypt and/or decrypt (e.g. -aes128, aes-cbc-256, -rc4);

-e
indicates that the operation to be performed is
encryption;

-d
indicates that the operation to be performed is
decryption;

-K
key,
indicates the key to use for the symmetric
cryptographic operations;

-iv vector,

-in
indicates the initialization vector to use;
file input indicates the file containing the data to be
encrypted or decrypted;

-out
file output indicates the file where to save the result
of an encryption or decryption operation;
Dr.Sirapat Boonkrong
Computer Network Security Lab #2 3
IT@KMUTNB

-nopad,
indicates that the padding must not be applied
(ATTENTION: if you use this option with a symmetric
block algorithm, the length of the data to be encrypted
must be necessarily a multiple of the length of the
algorithm block);

-p,
is used to print on the standard output the key and the
initialization vector.
4. Symmetric Encryption Exercise
In this exercise, you’ll use the OpenSSL command named
enc to encrypt a block of data. Create a text file named
ptext
containing the message you want to encrypt, like for example
the message:
“This message is my great secret!”.
After creating
ptext,
check that its size is exactly 32 bytes.
Even though it is not absolutely necessary that the length of the
message to encrypt is exactly 32 bytes, it will be required in
one of the following exercises.
4.1 AES-128 in CBC mode
The data contained in the file
ptext
can be encrypted using
the AES algorithm with the following command, where the key
and the IV will be generated by OpenSSL from a password that
you provide. The encrypted text will be saved in the file
ctext.
Execute the following command:
openssl enc -e -in ptext -out ctext -aes-128-cbc -nosalt –p
Dr.Sirapat Boonkrong
Computer Network Security Lab #2 4
IT@KMUTNB
4.1.1 What do you see after executing the above
command?
4.1.2 What does ctext look like?
4.2 AES-128 in ECB mode
4.2.1 What command would you execute if you would like
to encrypt ptext to get ctext using AES-128 in ECB mode?
4.2.2 What do you see after executing the command in
4.2.1?
Dr.Sirapat Boonkrong
Computer Network Security Lab #2 5
IT@KMUTNB
4.2.3 What does ctext look like?
4.2.4 Are there any differences from your answers in
4.1.2 and 4.2.3? If so, what are the differences? Why are they
different?
4.3 DES and 3DES
4.3.1 Find out the commands used for encrypting the
same data (ptext) with DES and 3DES. (For 3DES, you may
Dr.Sirapat Boonkrong
Computer Network Security Lab #2 6
IT@KMUTNB
have to think a little bit, because they commands are a tricky ,
but it is not difficult.)
4.3.2 What do you see after executing the commands in
4.3.1?
4.3.3 What does
ctext
look like after DES and 3DES
encryption?
4.4 RC4
Dr.Sirapat Boonkrong
Computer Network Security Lab #2 7
IT@KMUTNB
4.4.1 What command would you execute if you would like
to encrypt your
ptext
with the RC4 algorithm? (Hint: OpenSSL
has several RC4 commands with different key length
4.4.2 What do you see after executing the commands in
4.4.1?
4.3.3 What does ctext look like after the RC4 encryption?
5. The Differences among AES, DES, 3DES and RC4
Dr.Sirapat Boonkrong
Computer Network Security Lab #2 8
IT@KMUTNB
5.1 Do you notice anything different when encrypting
ptext
with AES, DES, 3DES and RC4? Explain your answer. (Hint:
Your answer could include the differences in the commands
and the outputs. You should also explain why they are
different.)
6. openssl speed
The OpenSSL command
speed
can be used to measure the
performance of the various algorithms implemented by
OpenSSL. To measure the performance of a specific algorithm
you can use the following command:
openssl speed algorithm_name
7. openssl rand
Dr.Sirapat Boonkrong
Computer Network Security Lab #2 9
IT@KMUTNB
The OpenSSL
rand
command is used to generate a pseudo-
random string of size nbyte and save its value in the file
file_name:
openssl rand -out file_name nbyte
8. Performance of Symmetric Encryption Algorithms
In this exercise, you will evaluate both the time required to
perform the cryptographic operations and the additional data
overhead.
8.1 Create files of different sizes (e.g. 100 B, 10 kB, 1 MB,
100 MB); for this purpose, you can use the following command:
openssl rand -out r.txt size_in_bytes
Now fill in the Table 1 with the results obtained when
encrypting
the
files
with
different algorithms
and
with
different key lengths. To evaluate the time required by the
encryption operations, use the time command:
time the_openssl_encryption_command
Table 1: Time Taken to Encrypt the Data
100B
10kB
1MB
100MB
DES-ECB
DES-CBC
3DES-ECB
3DES-CBC
AES-128-
Dr.Sirapat Boonkrong
Computer Network Security Lab #2 10
IT@KMUTNB
ECB
AES-128CBC
AES-256ECB
AES-256CBC
128
Bit
RC4
64 Bit RC4
40 Bit RC4
Analyse the values in Table 1. You should at least
attempt to explain why you think the values you have obtained
are different.
Dr.Sirapat Boonkrong
Computer Network Security Lab #2 11
IT@KMUTNB
8.2 Will the time required for decryption (using the same
algorithms) be significantly different? Try out!
Table 2: Time Taken to Decrypt the Data
100B
10kB
1MB
100MB
DES-ECB
DES-CBC
3DES-ECB
3DES-CBC
AES-128ECB
AES-128CBC
AES-256ECB
AES-256CBC
128
Bit
RC4
64 Bit RC4
40 Bit RC4
Dr.Sirapat Boonkrong
Computer Network Security Lab #2 12
IT@KMUTNB
8.3 OpenSSL contains a
performance
of
Execute the
speed
the
speed
command used to check the
supported
cryptographic
algorithms.
command for all the algorithms you ran in
Table 1. Show your outputs.
Which is the difference between using
using
speed
time
and the one
command to calculate the performance of an
algorithm? Which one (time vs. speed) do you think is better to
Dr.Sirapat Boonkrong
Computer Network Security Lab #2 13
IT@KMUTNB
be used to measure the performance of a cryptographic
algorithm? Why?
At the end of the lab, you should be familiar with encryption
commands in OpenSSL. You should also have seen the
differences among the algorithms you have learned in the
lecture. I hope that you have enjoyed this laboratory exercise.
See you next time.
Dr.Sirapat Boonkrong
Download