Professional Documents
Culture Documents
Csnb414 Lab 1
Csnb414 Lab 1
Learning Objectives
Apply symmetric encryption using openssl and different ciphers.
Introduction
Block cipher
The most commonly used symmetric encryption algorithms
Processes the plaintext input in fixed-sized blocks and produces a block of ciphertext of
equal size for each plaintext block
3 most important symmetric block ciphers are Data Encryption Standard (DES), Triple DES
(3DES), and Advanced Encryption Standard (AES).
To apply a block cipher in a variety of applications, four “modes of operation” have been defined
by NIST (FIPS 81). In essence, a mode of operation is a technique for enhancing the effect of a
cryptographic algorithm or adapting the algorithm for an application. The modes are summarized
in Table 1:
OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL) and Transport
Layer Security (TLS) network protocols and related cryptography standards. The openssl
program is a command line tool for using the various cryptography functions of OpenSSL's
crypto library from the shell. It can be used for:
Encryption and Decryption with various ciphers
Calculation of Message Digests
Creation of RSA, DH and DSA key parameters
Creation of X.509 certificates, CSRs and CRLs
SSL/TLS Client and Server Tests
Handling of S/MIME signed or encrypted mail
Example:
Press Ctrl + D to exit the file and return to the prompt after editing.
5. You will be using the openssl tool for this purpose. To configure and install openssl
libraries, go to the openssl-1.0.1 folder and run the following commands.
(This step might not needed if openssl is already configured)
seed@User(10.0.2.4):~/SN000000$ cd /home/seed/openssl-1.0.1
seed@User(10.0.2.4):~$ sudo ./config
seed@User(10.0.2.4):~$ sudo make
seed@User(10.0.2.4):~$ sudo make test
seed@User(10.0.2.4):~$ sudo make install
Encrypt
seed@User(10.0.2.4):~/openssl-1.0.1$ openssl enc –aes-256-
cbc –e –in /home/seed/SN000000/myfile.txt –out
/home/seed/SN000000/myfile.dat
(Note, enter the above command listing on a single line.)
enter aes-256-cbc encryption password: <insert the
password>
Verifying - enter aes-256-cbc encryption password: <insert
the password>
Example:
openssl is the command; enc stands for encryption, -aes256 for – AES with 256 bit
of keylength, -in is the input message (plaintext), -out is the output message
(ciphertext). The selection of the extension .dat is arbitrary. You could have used any
file name of your liking, provided it doesn’t exist already in your home directory.
Decrypt
seed@User(10.0.2.4):~/openssl-1.0.1$ openssl enc –aes-256-
cbc –d –in /home/seed/SN000000/myfile.dat –out
/home/seed/SN000000/mydecryptedfile.txt
(Note, enter the above command listing on a single line.)
enter aes-256-cbc decryption password: <insert the
password>
CSNB414 Data and Computer Security 4
Below are some common options for the openssl enc command:
Option Description
-in input file
-out output file
-e Encrypt
-d Decrypt
Hint: You can find the meaning of the command-line options and all the supported cipher types
by typing man enc.
Option Description
des-cbc DES in CBC mode
des-cfb DES in CFB mode
des-ede3-cbc Three key triple DES in CBC mode
aes-128-cbc AES 128 bit in CBC mode
Part 2: Encoding using pseudo random number as a key with DES and AES
• Use OpenSSL to generate a pseudo random number, which you will use as a DES key.
• Utilize OpenSSL’s DES utility to encrypt and decrypt documents.
• Download an encrypted file.
• Create file hashes to demonstrate file integrity.
The following steps will generate a 56 bit DES key. Then, DES key will be used to encrypt, and
decrypt, an ASCII text file. After that, SHA-1 hashes will be employed to demonstrate that the
unencrypted file is identical to the original text file.
1. We will explore on how to create a file containing a pseudo random number that is 56 bits
long. In the current directory that has been created, which is SN000000, type the following:
ls -la des_keyXXXXXXXX
Recall that you need to substitute your student ID for the XXXXXXXX.
You may open your des_keyXXXXXXXX using GHex editor to see 56 bits key.
CSNB414 Data and Computer Security 5
To make sure that the encryption operation worked, list the encrypted file:
ls -la myfile.enc
3. Now, to provide assurance that the process works appropriately, you should decrypt the .enc
file that you just created. After you decrypt the file, go ahead and list it to make sure it’s
there, and show the contents of it to ensure it properly decrypted.
ls -la mydecryptedusingkey.txt
more mydecryptedusingkey.txt
Since identical files will have identical message digests, you can prove that the files are
identical by creating and comparing each file’s message digest. Enter the following
command, and then compare the generated digests (hashes).
If both hashes are identical, it demonstrate that the decrypted file is identical to the original
text file.