Scribd
Upload
186 views2 pages

LAB 1 Crypto Appliqu e

This document provides instructions for completing a lab exercise on asymmetric cryptography using the OpenSSL toolkit. It outlines the following steps: 1. Generate key pairs for Alice and Bob using OpenSSL's genrsa command. 2. Have Alice encrypt a document using Bob's public key with rsautl. Then have Bob decrypt it with his private key. 3. Demonstrate that asymmetric encryption cannot be used for large files by attempting to encrypt a large randomly generated file. 4. Have Alice digitally sign a file's hash using her private key with rsautl. Then have Bob verify the signature with Alice's public key to authenticate, provide non-repudiation and ensure integrity.

Uploaded by

Tristan Bilot
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
186 views2 pages

LAB 1 Crypto Appliqu e

This document provides instructions for completing a lab exercise on asymmetric cryptography using the OpenSSL toolkit. It outlines the following steps: 1. Generate key pairs for Alice and Bob using OpenSSL's genrsa command. 2. Have Alice encrypt a document using Bob's public key with rsautl. Then have Bob decrypt it with his private key. 3. Demonstrate that asymmetric encryption cannot be used for large files by attempting to encrypt a large randomly generated file. 4. Have Alice digitally sign a file's hash using her private key with rsautl. Then have Bob verify the signature with Alice's public key to authenticate, provide non-repudiation and ensure integrity.

Uploaded by

Tristan Bilot
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Cryptographie appliquée

Nour El Madhoun LAB 1 [email protected]

1 Introduction to OpenSSL
1. OpenSSL is a cryptographic toolkit implementing the SSL/TLS protocol. It offers a programming
library in C to build secure client/server applications based on SSL/TLS protocol. An OpenSSL online
command allows the creation of keys, the creation of a digital certificate, the calculation of a hash,
the asymmetric encryption and decryption, etc. You can find all the information about OpenSSL at:
https://www.openssl.org/
2. The general syntax of an openssl command is: $ openssl command option
3. The OpenSSL commands to use in this Lab are:

• genrsa: allows to generate a key pair (private key and public key)
• rsautl : allows to perform asymmetric encryption and decryption. It also allows to sign data and
to verify them.
• dgst: allows to generate a hash.
• rsa: allows to extract the public key from a file that contains a key pair

4. An OpenSSL command has several options. The options of each command are very important to
consult. For this reason, in order to consult the options of the command:

• genrsa, please use the command: openssl genrsa -help


• rsautl , please use the command: openssl rsautl -help
• dgst, please use the command: openssl dgst -help
• rsa, please use the command: openssl rsa -help

5. Please follow these steps to begin your practical work:

(a) Launch the Debian operating system or the Debian virtual machine.
(b) Open a Terminal .
(c) Enter the UNIX command sudo su (default password : root).
(d) Create a new folder named LAB1 .
(e) Access this folder and create two new folders: a Alice and Bob.
(f) Access Alice’s folder and create the file AliceDocument. You can write a text of your choice in
this file.
(g) We ask you to create a key pair for Alice: AlicePublicKey and AlicePrivateKey . You need
to use the OpenSSL commands genrsa and rsa.

2 Exercise ”Asymmetric cryptography”


In this exercise, the interest is to encrypt a document with a public key and decrypt it thanks to the
private key.

(a) Access Bob’s folder and create a key pair for Bob: BobPublicKey and BobPrivateKey .
(b) Alice wants to encrypt AliceDocument thanks to Bob’s public key, for this reason you need to
proceed as follows:

1
Cryptographie appliquée
Nour El Madhoun LAB 1 [email protected]

• Alice does not have Bob’s public key, and then you must copy Bob’s public key to Alice’s
folder.
• You will now proceed to encrypt AliceDocument thanks to BobPublicKey by naming the
encrypted document AliceDocumentEncrypted. To do this, your need to use the OpenSSL
command rsautl.
• Check the content of the file AliceDocumentEncrypted . What do you notice?
(c) The objective in this step is to decrypt AliceDocumentEncrypted thanks to BobPrivateKey :
• We ask you to copy AliceDocumentEncrypted to Bob’s folder.
• You will now proceed to decrypt AliceDocumentEncrypted thanks to BobPrivateKey by
naming the decrypted document AliceDocumentDecrypted. To do this, you need to use
the OpenSSL command openssl rsautl.
• Check the content of the file AliceDocumentDecrypted . What do you notice?
(d) The objective of this step is to show you that asymmetric encryption cannot be applied to large
files:
• Create a file with large size named LargeFile by entering the OpenSSL command:
openssl rand -out LargeFile -base64 $((2**30 * 3/4))
• Try now to encrypt LargeFile by using BobPublicKey and by naming the encrypted file
LargeFileEncrypted. What do you notice?
(e) The objective of this step is to show you how Alice can generate an electronic signature in order
to: authenticate herself to Bob, ensure the non-repudiation for herself and guarantee the integrity
of the signed data.
• Create a file named AuthData and write a text of your choice.
• You will now proceed to apply the hash function SHA256 on the document AuthData to
find its hash HashAuthData. To this this, you need to use the OpenSSL command: dgst
• Check the content of HashAuthData.
• You will now proceed to sign HashAuthData thanks to AlicePrivateKey by naming the
signature AliceSignature. To do this, you need to use the OpenSSL command rsautl.
• Copy AliceSignature, AlicePublicKey and AuthData to Bob’s folder.
• You will now proceed to verify AliceSignature thanks to AlicePublicKey. To do this, you
need to:
– Retrieve HashAuthData by entering the OpenSSL command: openssl rsautl -verify
-in AliceSignature -pubin -inkey AlicePublicKey -out HashAuthData
– Calculate a new hash HashBob on AuthData thanks to the hash function SHA256 .
– Compare HashAuthData with HashBob by entering the UNIX command: diff Hash-
Bob HashAuthData. What do you notice ?
• Try changing some characters in HashBob or HashAuthData and re-run the diff command
to see the difference.

You might also like