applied-cryptography/appliedcrypto

Fork 0

mirror of https://github.com/billbuchanan/appliedcrypto.git synced 2026-02-21 11:18:02 +00:00

Files

History

billbuchanan efcd03aa61 Update

2025-03-03 10:18:06 +00:00

gpg

Update

2025-03-03 10:18:06 +00:00

parking

Update

2021-02-19 08:17:42 +00:00

.DS_Store

Update

2025-01-27 19:50:40 +00:00

bill_public_key.txt

Update

2021-01-18 20:47:18 +00:00

mypub.key

Update

2021-02-19 08:17:42 +00:00

new_lab04.docx

Update

2025-02-17 12:24:33 +00:00

new_lab04.pdf

Update

2025-02-17 12:24:33 +00:00

priv.pem

Update

2021-02-18 22:10:56 +00:00

README.md

Update README.md

2025-02-17 12:03:16 +00:00

sample_ans.md

Update sample_ans.md

2023-02-16 16:11:04 +00:00

README.md

Either complete Part 1 first and then do Part 2, or start with Part 1 and then do Part 2.

Part 1 (Lab 4: Asymmetric (Public) Key)

Objective: The key objective of this lab is to provide a practical introduction to public key encryption, and with a focus on RSA and Elliptic Curve methods. This includes the creation of key pairs and in the signing process.

Video demo: here

Note: If you are using Python 3, instead of "pip install pycrypto" you can install pycryptodome with "pip3 install pycryptodome".

A RSA Encryption

A.1

With public key encryption, we can use the public key to either encrypt data, or it can be used to prove a digital signature. The following is a public key generated with the GPG program:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.21 (MingW32)

mQINBFIpG2IBEACuiDv9Lo8UW0eUh9sUvB11tncGMIgJczcdSlHXNoApf0uEmTPw
ngIpmkeOdXniLeEHv2eao98I3IjtIfvo2YfnqFQ2lSn+UUfnCf+nh6jYAnyEOCIi
dr8oXN5Lx91XfRCdU17oGYW6azTIKZqxLQticf0GvCaXYHdBaAqU5E1C20sC6CnV
IlqIxr/kjzvQdhZ1Ig8LPu9Ol7ltsf6BevEI0wSLJFRZXF3mHb9iYNtJnz+gWj/S
XBWcgJpFblH0dOo8gyF/K58HBMh8NPo9nQqO9bWmo/TMPzdX5DERGMaZ92tg34I6
bFjGj2oflu22o8WlOZn07iXAkJKG6BLcnOT4tpqVCWrM2YBr+eD7BR9Q2qRaJQ3T
8fm2ohYHiLjqkvH7/LjpGTilcdwkHmUjr9pD/MJQZR5BsyyWg0a6A35jvViAVaAo
Zkz+wFE6TCIdPGBj9q+vH++F3MZDl/qREiWeUn1cu01JobPJIr6b48eyLkxHbeu3
z1GlIuzNfC8al/Wr9rPJZpOehf/woddIdkxnYvqyyxXo/t7/7ksMJglW6VVVKVgG
mWEFHoL93pcKXZdqImsCUtK362v8qrb3RlhG/zgFHBRljcvAVbeP+Y7HayeO756i
WewGiy/9Z5dlS1MV594fhXM9BzwMWfbosZBivi1jvOEyTSpma3q0fHx/tQARAQAB
tCBzY2huZWllciA8c2NobmVpZXJAc2NobmVpZXIuY29tPokCOQQTAQIAIwUCUikb
YgIbAwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJELS0KiztrOpnODkP/3PA
sx0r2/6D48GLqTmUBwJiK6z4EmNaMmwElvqzeadc7DknzSqHKWDcDCZPxllIlDRv
kdAx7kKq+zuSAfzEtK+KZ4jm0ahn5bpdDzp+j8YHvym+JXcmy+JSIgdtQmCybT0B
1xPyrVpxK7uEr6M+XBxIZ8OfpKf1uQbBQllwL47ejgYGdHP5kX0dMb2hr4OcfpxC
ah/OXf3CpXYuOxrFIQ+b0NoqQCcap/6ggVO/cKO06d9J+xhJd0Rv5B4ILBLx0/PM
Y4UbOs/7uAOwTkQTCIUkURq2mIHQBy4jLIVaOACdwHaKaC6C6Q6/rSiNHDQuOKZF
Q0LVS+ygiQg7VWyA1dVsyGZTeIlQ6UwHARasrSs6AtKHbKaU6cZ1IKYmv+y5vQ3u
dfl2cePriJIJgiZEFWe/iH5tDvIQkGkUnOACvVMtMtP9tfhL6igrMazck/JjXRHv
RL1VUKwZx0rQrT7APxHBL/wAwCLE4Hf6eEMegyeqkY7l/bSTTvwGfA+VlMGyi93v
5J9JNopmk9XRCGjYlK1uDxSvWnJIm5BpQVGFFx0bLx+0Y89fVwqKzOuv5DvQ7CRT
EMuBSDZrZLpS0y7yBHfYHijxV3R7/LQvWr04uaAViPrTUFvHrY4vxDk43YHLjeQ8
Eu3SnlSp19cAVXiImAdd5kp7koG4+6k0zDHyla7puQINBFIpG2IBEAC48ibokoiU
+lIFRGWk1ZOHxGQXZkh9LRocpaUF+b0AonYjWD/tzoQ/KhMWU6aPiu/Ldg7FcdFY
o7FnCLkz1FMRhr3oS0YrkUiEirWGPEWMJdwrGp0t6ecy2g0Q0Jhc8O8JNE5pAmtE
tVkb2MWgD0hRUIoFSO/abtCtQUkV7ymkPNJ5HTArNjjCcZ9QdQZykAqYqXhKbv2W
IMe/tUGaJYFw5xpuMdZ+etm8xFuw6iLO5EgDtLvAp7yooqOgQIXwXG0EBMshFdqO
ivpgG/JldYqx1li2S53wiCqHXJr7M9Ch23Maix14/6Q6PK20KgLjeo9WTgLCJjB1
krUNbgbWOQIxk/ZgXcs4Z+VJXAFHrL3yoR+rBKYDDDjnSm0oWCvfYmNADSwaNPgJ
cLL4/ibTUZZBezMqppfyTZjrBI1Ng+UMoRyMeJe3Ypg6/HvQ82B6wPSZZs49YkKK
F36TrHUuSuO2vlVELb9NYM8ZVG8hJ/Og/PVyGKGCEb0EwgefwMomKRlNbk7IQoAb
fzbhhRlhyZbFAD3QtuCJnTyHb/FSoXGS/PDpRyFRMQQsNQznded5TzAqmbnw1ZAQ
zbZ/A3WKNoSrsyY97y8XZhXMlcpYOsUR7hGJoxQOizw57Y42nGltJpyntYGR/M10
0Xl+h0zrSfCwG86GZHhhgvG4I/RdgwvWVQARAQABiQIfBBgBAgAJBQJSKRtiAhsM
AAoJELS0KiztrOpn9ikP/i22bfoOzsyqG57YL2yxG2AM0N/qy5yfJT9uNJky3rRW
zZ+iEglOKKwCj60fKbp9snm3Xyj8t6LGrM6Qu8YuKX40wHx7m2VUpgheeKoZAHV2
9oCnwkJ8V3OJhp7D32O0TRya4ZhAXNrAGqEPUp0E8Yep/bWPUAlNtOxp1y2sJIHG
mtcEee0J/AFJvU3BS885IbJxCA3YdEbgx45B8Et74WpCj4LuWrii7GmEnXbh/kv/
JLzniZCV/5F/+8dfUZld/02GYZN02lorlbzdbZkkh6dc+GbyN0kSnQMEBhIp9xDW
RdtbHdJpMNUxZyFAhCU7k1bTs5Fo1QNgug76LQhlhSwc/DpZWMTeKwas7P8VelAu
5ZX3eUV0pB+sinFb+ArhW9nCtBBebLAJTL86tlxe4mq4C9sHV4AW6amcisAU8OEN
e2MX3zIbN9I23EM+5mRVfGHavVR0gRU8M/QcO9FEP5Q3nFt6rWWfYMPSwV0Vk1kG
ThswcgVlMG/ed6u2zlt4A39V414Lz/fECSFlTo1f3T3i2j06TT+QNMj/4jMZHsqj
QlRYkxLnN2DRwmbPJeBtGCfW3wvhDZJ0w1XvBcO9fJLIkw87swaFCQclw66EM2Ga
Mhc2jkLSMoXGEv/OHvneDPIZN9lSJWweHtVayhk2buFMxWka4sVTrfMvFx4Fm5ve
=R5Hk
-----END PGP PUBLIC KEY BLOCK-----

Using the following Web page, determine the owner of the key, and the ID on the key:

https://asecuritysite.com/encryption/pgp1

By searching on-line, what is an ASCII Armored Message?

A.2

Bob has a private RSA key of:

And receives a ciphertext message of:

uW6FQth0pKaWc3haoqxbjIA7q2rF+G0Kx3z9ZDPZGU3NmBfzpD9ByU1ZBtbgKC8ATVZzwj15AeteOnbjO3EHQC4A5Nu0xKTWpqpngYRGGmzMGtblW3wBlNQYovDsRUGt+cJK7RD0PKn6PMNqK5EQKCD6394K/gasQ9zA6fKn3f0=

Use the following code:

# https://asecuritysite.com/rsa/rsa_example
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_OAEP
import base64

binPrivKey = "-----BEGIN RSA PRIVATE KEY-----\nMIICXgIBAAKBgQDoIhiWs15X/6xiLAVcBzpgvnuvMzHBJk58wOWrdfyEAcTY10oG\n+6auNFGqQHYHbfKaZlEi4prAoe01S/R6jpx8ZqJUN0WKNn5G9nmjJha9Pag28ftD\nrsT+4LktaQrxdNdrusP+qI0NiYbNBH6qvCrK0aGiucextehnuoqgDcqmRwIDAQAB\nAoGAZCaJu0MJ2ieJxRU+/rRzoFeuXylUNwQC6toCfNY7quxkdDV2T8r038Xc0fpb\nsdrix3CLYuSnZaK3B76MbO/oXQVBjDQZ7jVQ5K41nVCEZOtRDBeX5Ue6CBs4iNmC\n+QyWx+u4OZPURq61YG7D+F1aWRvczdEZgKHPXl/+s5pIvAkCQQDw4V6px/+DJuZV\n5Eg20OZe0m9Lvaq+G9UX2xTA2AUuH8Z79e+SCus6fMVl+Sf/W3y3uXp8B662bXhz\nyheH67aDAkEA9rQrvmFj65n/D6eH4JAT4OP/+icQNgLYDW+u1Y+MdmD6A0YjehW3\nsuT9JH0rvEBET959kP0xCx+iFEjl81tl7QJBAMcp4GZK2eXrxOjhnh/Mq51dKu6Z\n/NHBG3jlCIzGT8oqNaeK2jGLW6D5RxGgZ8TINR+HeVGR3JAzhTNftgMJDtcCQQC3\nIqReXVmZaeXnrwu07f9zsI0zG5BzJ8VOpBt7OWah8fdmOsjXNgv55vbsAWdYBbUw\nPQ+lc+7WPRNKT5sz/iM5AkEAi9Is+fgNy4q68nxPl1rBQUV3Bg3S7k7oCJ4+ju4W\nNXCCvRjQhpNVhlor7y4FC2p3thje9xox6QiwNr/5siyccw==\n-----END RSA PRIVATE KEY-----"

ciphertext=base64.b64decode("uW6FQth0pKaWc3haoqxbjIA7q2rF+G0Kx3z9ZDPZGU3NmBfzpD9ByU1ZBtbgKC8ATVZzwj15AeteOnbjO3EHQC4A5Nu0xKTWpqpngYRGGmzMGtblW3wBlNQYovDsRUGt+cJK7RD0PKn6PMNqK5EQKCD6394K/gasQ9zA6fKn3f0=")

privKeyObj = RSA.importKey(binPrivKey)
cipher = PKCS1_OAEP.new(privKeyObj)
message = cipher.decrypt(ciphertext)

print
print ("====Decrypted===")
print ("Message:",message)

What is the plaintext message that Bob has been sent?

B OpenSSL (RSA)

We will use OpenSSL to perform the following:

B.1

First we need to generate a key pair with:

openssl genrsa -out private.pem 1024

This file contains both the public and the private key.

What is the type of public key method used:

How long is the default key:

How long did it take to generate a 1,024 bit key?

Use the following command to view the keys:

 cat private.pem

B.2

Use following command to view the output file:

cat private.pem

What can be observed at the start and end of the file:

B.3

Next we view the RSA key pair:

openssl rsa -in private.pem -text

Which are the attributes of the key shown:

How many bits does the RSA modulus have, and how many bits are used for the two prime numbers. What is the value of e?

B.4

Let’s now secure the encrypted key with 128-bit AES (and based on a key generated from a passphrase):

openssl rsa -in private.pem -aes128 -out keyaes.pem

Why should you have a password on the usage of your private key?

B.5

Next we will export the public key:

openssl rsa -in private.pem -out public.pem -outform PEM -pubout

View the output key. What does the header and footer of the file identify?

B.6

Now create a file named “myfile.txt” and put a message into it. Next encrypt it with your public key:

openssl pkeyutl -encrypt -inkey public.pem -pubin -in myfile.txt -out file.bin

B.7

And then decrypt with your private key:

openssl pkeyutl -decrypt -inkey private.pem -in file.bin -out decrypted.txt

What are the contents of decrypted.txt?

B.8

What can you observe between these two commands for differing output formats:

openssl pkeyutl -encrypt -inkey public.pem -pubin -in myfile.txt -out file.bin

cat file.bin

and:

openssl pkeyutl -encrypt -inkey public.pem -pubin -in myfile.txt -out file.bin -hexdump

cat file.bin

C OpenSSL (ECC)

Elliptic Curve Cryptography (ECC) is now used extensively within public key signing and key exchange. This includes with Bitcoin, Ethereum, Tor, and IoT applications. In this part of the lab we will use OpenSSL to create an EC key pair. For this we generate a random 256-bit private key (priv), and then generate a public key point (which is priv multiplied by G). This will use a generator point (G), and which is an (x,y) point on the selected elliptic curve.

C.1

First we need to generate a private key with:

openssl ecparam -name secp256k1 -genkey -out priv.pem

The file will only contain the private key (and should have 256 bits).

Now use “cat priv.pem” to view your key.

Can you view your key?

C.2

We can view the details of the ECC parameters used with:

openssl ecparam -in priv.pem -text -param_enc explicit -noout

Outline these values:

Prime (last two bytes):

Generator (last two bytes):

Order (last two bytes):

C.3

Now generate your public key based on your private key with:

openssl ec -in priv.pem -text -noout

How many bits and bytes does your private key have:

How many bit and bytes does your public key have (Note the 04 is not part of the elliptic curve point):

What is the ECC method that you have used?

C.4

First we need to generate a private key with:

openssl ecparam -list_curves

Outline three curves supported:

C.5

Let’s select two other curves:

openssl ecparam -name secp128r1 -genkey -out priv.pem
openssl ecparam -in priv.pem -text -param_enc explicit -noout

and:

openssl ecparam -name secp521r1 -genkey -out priv.pem
openssl ecparam -in priv.pem -text -param_enc explicit -noout

How does secp128k1, secp256k1 and secp512r1 different in the parameters used? Perhaps identify the length of the prime number used, and the size of the base point (G).

If you want to see an example of ECC, try here

D Elliptic Curve Encryption

D.2

Let’s say we create an elliptic curve with y² = x³ + 7, and with a prime number of 89, generate the first five (x,y) points for the finite field elliptic curve. You can use the Python code at the following to generate them:

https://asecuritysite.com/encryption/ecc_points

First five points:

E RSA

E.1

A simple RSA program to encrypt and decrypt with RSA is given next. Prove its operation:

import rsa
(bob_pub, bob_priv) = rsa.newkeys(512)

msg='Here is my message'
ciphertext = rsa.encrypt(msg.encode(), bob_pub)
message = rsa.decrypt(ciphertext, bob_priv)
print(message.decode('utf8'))

Now add the lines following lines after the creation of the keys:

print (bob_pub)
print (bob_priv)

Can you identify what each of the elements of the public key (e,N), the private key (d,N), and the two prime number (p and q) are (if the numbers are long, just add the first few numbers of the value):

When you identity the two prime numbers (p and q), with Python, can you prove that when they are multiplied together they result in the modulus value (N):

Proven Yes/No

Note

You may find that the rsa library may not run on some systems, so the following is an equivalent:

from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import serialization
import sys

size=512
M=5

if (len(sys.argv)>1):
	size=int(sys.argv[1])
if (len(sys.argv)>2):
	M=int(sys.argv[2])

try:
	print(f"RSA key size: {size}\nM={M}\n")

	private_key = rsa.generate_private_key(public_exponent=65537,key_size=size)

	priv= private_key.private_numbers()
	p=priv.p
	q=priv.q 
	d=priv.d
	n=p*q
	print("=== RSA Private key ===")
	print (f"p={p} q={q} d={d} N={n}")
	print (f"\nBit length of p and q is {p.bit_length()}")
	print (f"Bit length of N is {n.bit_length()}")

	print("\n=== RSA Public key ===")
	pub = private_key.public_key()
	e=pub.public_numbers().e
	n=pub.public_numbers().n
	print (f"\nN={n} e={e}")



	C = pow(M,e,n)
	Plain = pow(C,d,n)
	print (f"\nMessage={M}")
	print (f"Cipher={C}")
	print (f"Decrypt={Plain}")



	print("\n=== Private Key PEM format ===")
	pem = private_key.private_bytes(encoding=serialization.Encoding.PEM,format=serialization.PrivateFormat.PKCS8,encryption_algorithm=serialization.NoEncryption())
	print ("Private key: ",pem.decode())


	pem = pub.public_bytes(encoding=serialization.Encoding.PEM,format=serialization.PublicFormat.SubjectPublicKeyInfo)

	print("\n=== Public Key PEM format ===")
	print ("Public key: ",pem.decode())

except Exception as e:
    print(e)

E.2

We will follow a basic RSA process. If you are struggling here, have a look at the following page:

https://asecuritysite.com/encryption/rsa

First, pick two prime numbers:

Now calculate N (p.q) and PHI [(p-1).(q-1)]:

PHI =

Now pick a value of e which does not share a factor with PHI [gcd(PHI,e)=1]:

Now select a value of d, so that (e.d) (mod PHI) = 1:

[Note: You can use this page to find d: https://asecuritysite.com/encryption/inversemod]

Now for a message of M=5, calculate the cipher as:

C = M^e (mod N) =

Now decrypt your ciphertext with:

M = C^d (mod N) =

Did you get the value of your message back (M=5)? If not, you have made a mistake, so go back and check.

Now run the following code and prove that the decrypted cipher is the same as the message:

import libnum

p=11
q=3
N=p*q
PHI=(p-1)*(q-1)
e=3

d= libnum.invmod(e,PHI)

print (e,N)
print (d,N)
M=4
print ("\nMessage:",M)
cipher = M**e % N
print ("Cipher:",cipher)
message = cipher**d % N
print ("Message:",message)

Select three more examples with different values of p and q, and then select e in order to make sure that the cipher will work:

E.2

In the RSA method, we have a value of e, and then determine d from (d.e) (mod PHI)=1. But how do we use code to determine d? Well we can use the Euclidean algorithm. The code for this is given at:

https://asecuritysite.com/encryption/inversemod

Using the code, can you determine the following:

Inverse of 53 (mod 120) = 
Inverse of 65537 (mod 1034776851837418226012406113933120080) =

Using this code, can you now create an RSA program where the user enters the values of p, q, and e, and the program determines (e,N) and (d,N)?

E.3

Run the following code and observe the output of the keys. If you now change the key generation key from ‘PEM’ to ‘DER’, how does the output change:

from Crypto.PublicKey import RSA

key = RSA.generate(2048)

binPrivKey = key.exportKey('PEM')
binPubKey =  key.publickey().exportKey('PEM')

print (binPrivKey)
print (binPubKey)

E.4

A simple RSA program to encrypt and decrypt with RSA is given next. Prove its operation:

import rsa
(bob_pub, bob_priv) = rsa.newkeys(512)
ciphertext = rsa.encrypt('Here is my message'.encode(), bob_pub)
message = rsa.decrypt(ciphertext, bob_priv)
print(message.decode('utf8'))

A sample here

F PGP

F.1

The following is a PGP key pair. Using https://asecuritysite.com/encryption/pgp, can you determine the owner of the keys:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: OpenPGP.js v4.4.5
Comment: https://openpgpjs.org

xk0EXEOYvQECAIpLP8wfLxzgcolMpwgzcUzTlH0icggOIyuQKsHM4XNPugzU
X0NeaawrJhfi+f8hDRojJ5Fv8jBI0m/KwFMNTT8AEQEAAc0UYmlsbCA8Ymls
bEBob21lLmNvbT7CdQQQAQgAHwUCXEOYvQYLCQcIAwIEFQgKAgMWAgECGQEC
GwMCHgEACgkQoNsXEDYt2ZjkTAH/b6+pDfQLi6zg/Y0tHS5PPRv1323cwoay
vMcPjnWq+VfiNyXzY+UJKR1PXskzDvHMLOyVpUcjle5ChyT5LOw/ZM5NBFxD
mL0BAgDYlTsT06vVQxu3jmfLzKMAr4kLqqIuFFRCapRuHYLOjw1gJZS9p0bF
S0qS8zMEGpN9QZxkG8YEcH3gHxlrvALtABEBAAHCXwQYAQgACQUCXEOYvQIb
DAAKCRCg2xcQNi3ZmMAGAf9w/XazfELDG1W35l2zw12rKwM7rK97aFrtxz5W
XwA/5gqoVP0iQxklb9qpX7RVd6rLKu7zoX7F+sQod1sCWrMw
=cXT5
-----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: OpenPGP.js v4.4.5
Comment: https://openpgpjs.org

xcBmBFxDmL0BAgCKSz/MHy8c4HKJTKcIM3FM05R9InIIDiMrkCrBzOFzT7oM
1F9DXmmsKyYX4vn/IQ0aIyeRb/IwSNJvysBTDU0/ABEBAAH+CQMIBNTT/OPv
TJzgvF+fLOsLsNYP64QfNHav5O744y0MLV/EZT3gsBwO9v4XF2SsZj6+EHbk
O9gWi31BAIDgSaDsJYf7xPOhp8iEWWwrUkC+jlGpdTsGDJpeYMIsVVv8Ycam
0g7MSRsL+dYQauIgtVb3dloLMPtuL59nVAYuIgD8HXyaH2vsEgSZSQn0kfvF
+dWeqJxwFM/uX5PVKcuYsroJFBEO1zas4ERfxbbwnsQgNHpjdIpueHx6/4EO
b1kmhOd6UT7BamubY7bcma1PBSv8PH31Jt8SzRRiaWxsIDxiaWxsQGhvbWUu
Y29tPsJ1BBABCAAfBQJcQ5i9BgsJBwgDAgQVCAoCAxYCAQIZAQIbAwIeAQAK
CRCg2xcQNi3ZmORMAf9vr6kN9AuLrOD9jS0dLk89G/XfbdzChrK8xw+Odar5
V+I3JfNj5QkpHU9eyTMO8cws7JWlRyOV7kKHJPks7D9kx8BmBFxDmL0BAgDY
lTsT06vVQxu3jmfLzKMAr4kLqqIuFFRCapRuHYLOjw1gJZS9p0bFS0qS8zME
GpN9QZxkG8YEcH3gHxlrvALtABEBAAH+CQMI2Gyk+BqVOgzgZX3C80JRLBRM
T4sLCHOUGlwaspe+qatOVjeEuxA5DuSs0bVMrw7mJYQZLtjNkFAT92lSwfxY
gavS/bILlw3QGA0CT5mqijKr0nurKkekKBDSGjkjVbIoPLMYHfepPOju1322
Nw4V3JQO4LBh/sdgGbRnwW3LhHEK4Qe70cuiert8C+S5xfG+T5RWADi5HR8u
UTyH8x1h0ZrOF7K0Wq4UcNvrUm6c35H6lClC4Zaar4JSN8fZPqVKLlHTVcL9
lpDzXxqxKjS05KXXZBh5wl8EGAEIAAkFAlxDmL0CGwwACgkQoNsXEDYt2ZjA
BgH/cP12s3xCwxtVt+Zds8NdqysDO6yve2ha7cc+Vl8AP+YKqFT9IkMZJW/a
qV+0VXeqyyru86F+xfrEKHdbAlqzMA==
=5NaF
-----END PGP PRIVATE KEY BLOCK-----

F.2

Using the code at the following link, generate a key: https://asecuritysite.com/encryption/openpgp

F.3

An important element in data loss prevention is encrypted emails. In this part of the lab we will use an open source standard: PGP.

1. Create a key pair with (RSA and 2,048-bit keys):

> gpg --gen-key
gpg (GnuPG) 1.4.23; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: keyring `C:/Users/Administrator/AppData/Roaming/gnupg\secring.gpg' created
gpg: keyring `C:/Users/Administrator/AppData/Roaming/gnupg\pubring.gpg' created
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name: Bill Buchanan
Email address: w.buchanan@napier.ac.uk
Comment: My Key
You selected this USER-ID:
    "Bill Buchanan (My Key) <w.buchanan@napier.ac.uk>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
..+++++
.......+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++
+++++
gpg: C:/Users/Administrator/AppData/Roaming/gnupg\trustdb.gpg: trustdb created
gpg: key E343DC3A marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub   2048R/E343DC3A 2023-02-12
      Key fingerprint = 745F 2F35 1244 943C 5997  5AF5 5F00 436C E343 DC3A
uid                  Bill Buchanan (My Key) <w.buchanan@napier.ac.uk>

Now export your public key using the form of:

gpg --export -a "Your name" > mypub.key

Now export your private key using the form of:

gpg --export-secret-key -a "Your name" > mypriv.key

How is the randomness generated?

Outline the contents of your key file:

2. Now send your lab partner your public key in the contents of an email, and ask them to import it onto their key ring (if you are doing this on your own, create another set of keys to simulate another user, or use Bill’s public key – which is defined at http://asecuritysite.com/public.txt and send the email to him):

gpg --import theirpublickey.key

Now list your keys with:

gpg --list-keys

Which keys are stored on your key ring and what details do they have:

3. Create a text file, and save it. Next encrypt the file with their public key:

gpg -e -a -u "Your Name" -r "Your Lab Partner Name" hello.txt

What does the –a option do:

What does the –r option do:

What does the –u option do:

Which file does it produce and outline the format of its contents:

4. Send your encrypted file in an email to your lab partner, and get one back from them.

Now create a file (such as myfile.asc) and decrypt the email using the public key received from them with:

gpg –d myfile.asc > myfile.txt

Can you decrypt the message:

5. Next using this public key file, send Bill (w.buchanan@napier.ac.uk) a question (http://asecuritysite.com/public.txt):

Did you receive a reply:

6. Next send your public key to Bill (w.buchanan@napier.ac.uk), and ask for an encrypted message from him.

G GitHub Keys

G.1

On your VM, go into the ~/.ssh folder. Now generate your SSH keys:

ssh-keygen -t rsa -C "your email address"

The public key should look like this:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLrriuNYTyWuC1IW7H6yea3hMV+rm029m2f6IddtlImHrOXjNwYyt4Elkkc7AzOy899C3gpx0kJK45k/CLbPnrHvkLvtQ0AbzWEQpOKxI+tW06PcqJNmTB8ITRLqIFQ++ZanjHWMw2Odew/514y1dQ8dccCOuzeGhL2Lq9dtfhSxx+1cBLcyoSh/lQcs1HpXtpwU8JMxWJl409RQOVn3gOusp/P/0R8mz/RWkmsFsyDRLgQK+xtQxbpbodpnz5lIOPWn5LnT0si7eHmL3WikTyg+QLZ3D3m44NCeNb+bOJbfaQ2ZB+lv8C3OxylxSp2sxzPZMbrZWqGSLPjgDiFIBL w.buchanan@napier.ac.uk

View the private key. What is the DEK-Info part, and how would it be used to protect the key, and what information does it contain?

On your Ubuntu instance setup your new keys for ssh:

ssh-add ~/.ssh/id_git

Now create a Github account and upload your public key to Github (select Settings-> New SSH key or Add SSH key). Create a new repository on your GitHub site, and add a new file to it. Next go to your Ubuntu instance and see if you can clone of a new directory:

git clone ssh://git@github.com//.git

If this doesn’t work, try the https connection that is defined on GitHub.

H What I should have learnt from this lab?

The key things learnt:

The basics of the RSA method.
The process of generating RSA and Elliptic Curve key pairs.
To illustrate how the private key is used to sign data, and then using the public key to verify the signature.

A reflective statement:

In ECC, we use a 256-bit private key. This is used to generate the key for signing Bitcoin transactions. Do you think that a 256-bit key is largest enough? If we use a cracker what performs 1 Tera keys per second, will someone be able to determine our private key?

Additional

The following is code which performs RSA key generation, and the encryption and decryption of a message (https://asecuritysite.com/encryption/rsa_example):

from Crypto.PublicKey import RSA
from Crypto.Util import asn1
from base64 import b64encode
from Crypto.Cipher import PKCS1_OAEP
import sys

msg = "hello..."

if (len(sys.argv)>1):
        msg=str(sys.argv[1])

key = RSA.generate(1024)

binPrivKey = key.exportKey('PEM')
binPubKey =  key.publickey().exportKey('PEM')

print
print ("====Private key===")
print (binPrivKey)
print
print ("====Public key===")
print (binPubKey)

privKeyObj = RSA.importKey(binPrivKey)
pubKeyObj =  RSA.importKey(binPubKey)


cipher = PKCS1_OAEP.new(pubKeyObj)
ciphertext = cipher.encrypt(msg.encode())

print
print ("====Ciphertext===")
print (b64encode(ciphertext))

cipher = PKCS1_OAEP.new(privKeyObj)
message = cipher.decrypt(ciphertext)


print
print ("====Decrypted===")
print ("Message:",message)

The code is here. Can you decrypt this:

fIVuuWFLVANs9MjatXbIbtH7/n0dBpDirXKi82jZovXS/krxy43cP0J9jlNz4dqxLgdiqtRe1AcymX06JUo1SrcqDEh3lQxoU1KUvV7jG9GE3pSxHq4dQlcWdHz95b9go6QYbe/5S/uJgolR+S9qaDE8tXYysP8FeXIPd0dXxHo=

The private key is:

Part 2: AWS Lab for RSA Encryption

The steps to perform RSA encryption using the AWS KMS is here:

https://asecuritysite.com/aws/lab04

Follow the steps to create RSA encryption.

README.md Unescape Escape

Part 1 (Lab 4: Asymmetric (Public) Key)

A RSA Encryption

A.1

A.2

B OpenSSL (RSA)

B.1

B.2

B.3

B.4

B.5

B.6

B.7

B.8

C OpenSSL (ECC)

C.1

C.2

C.3

C.4

C.5

D Elliptic Curve Encryption

D.2

E RSA

E.1

Note

E.2

E.2

E.3

E.4

F PGP

F.1

F.2

F.3

1. Create a key pair with (RSA and 2,048-bit keys):

3. Create a text file, and save it. Next encrypt the file with their public key:

4. Send your encrypted file in an email to your lab partner, and get one back from them.

5. Next using this public key file, send Bill (w.buchanan@napier.ac.uk) a question (http://asecuritysite.com/public.txt):

6. Next send your public key to Bill (w.buchanan@napier.ac.uk), and ask for an encrypted message from him.

G GitHub Keys

G.1

H What I should have learnt from this lab?

Additional

Part 2: AWS Lab for RSA Encryption

README.md