Cryptography v2

SEC 336: Information Security Technologies
Spring 2021
Quiz 2
Cryptography
Outcome: Introduction to symmetric and asymmetric encryption
Objectives:
1. Install GPG
2. Generate Keypairs
3. Manage keys
4. Encrypt and decrypt documents
5. Sign documents
This lab is inspired from the following resources: Mike Ashley about PGP (https://www.gnupg.org/gph/fr/manual.html)
, Guide about Yubikey and GPG (https://github.com/drduh/YubiKey-Guide).
Spring 2021
Task 1: Install GPG

PGP (Pretty Good Privacy) is one of the most well-known public key cryptography programs.
The OpenPGP format is the open cryptography standard from PGP. It is adopted by two
software: GPG (free) and PGP (paid). Under Linux, the best-known distribution is GnuPG. On
Windows, we can use Gpg4win.
In a public key system, each user has a key pair. GnuPG allows each user to have a pair of
primary keys and zero or more pairs of secondary keys.
In this lab, we will cover some of the basic functionalities of the GnuPG software. This includes
creating, exchanging key pairs, encrypting, decrypting and signing documents.
1. Start Alpine Docker image

docker run -it --rm alpine
2. Install the gpg package using the following command:

apk add gnupg
3. GPG is installed and ready to go! Check the version of the installed tool and the supported
encryption algorithms by typing:
gpg -h
- what are the supported encryption algorithms?
Task 2: Generate Keypairs

1. The following command is used to create new primary keypair:
gpg --full-generate-key
As you see from the output of the above command, GnuPG can create different types of
keypairs. The primary pair is used make signature operations, whereas the second pair is used
for encrypting. The different choices proposed by the gpg are the following:
Choice 1: It allows to create two RSA keypairs, the first keypair is used for signature and the
second one for encryption.
Choice 2: It allows to create two keypairs, the first one is DSA used for signature and the second
one is Elgamal is used for encryption.
- what are the other three choices?
Spring 2021
2. Type 1 to select choice 1 and press Enter
3. For the Key size: The longer the key, the more resistant it will be against an attack, but it
requires a longer processing time. We currently consider that 2048 bits is a minimum to have
security for a few years. Type 2048 and press Enter
4. For the expiration Date: It must be chosen with care, because it is difficult to send the key with
the updated date to users who already have your expired public key. For this lab, type 0 and
press Enter, then type Y to confirm
- What does option 0 mean?

- What is a revocation certificate in gpg?
5. For the identity: Before being distributed, the key must be linked to an identity. To do this, we
will attach the key pairs to an identifier (i.e. your mail address). For the purpose of this lab, you
can use your personal email address if you are creating the keys on your own device and you
want to adopt the keys that you create for your personal use. Insert your name, email address,
and comment if needed then press Enter. Type O to confirm if all the details are correct
6. A pop-up window will appear for you to enter a Password. As a final step, you should provide a
password that will be used to prove your identity when you wish to modify or use your private
keys (e.g. for signing documents). For this lab, Choose an easy-to-remember phrase that you
won’t forget. This password is used to generate a symmetric key which encrypts and decrypts
the database where your private keys are stored.
7. Once you provided all the above information, gpg generates the keypairs and give you
information about the identifier of your keypairs and their types (e.g. 2048 bits, RSA). - -
- Provide a screenshot your result.
Spring 2021
- What was created in addition to the keypair?
Task 3: Manage keys

Keys management includes all the operations that allows you to add or delete a key or revoke
an existing one. We will see in this section how to achieve all the above-mentioned operations
in addition to other important commands that you need to know.
1. Listing existing keys: You can list the existing keys using the following commands:
gpg --list-keys
gpg --list-secret-keys
- Provide a screenshot of the output

- What is the difference between the output of the two commands?
2. Exporting keys: You might have to copy your key to another machine to use the same key there,
you can export your private key using the following command:
gpg --armor --export-secret-keys InsertIdentifierEmailHere > private.key
Spring 2021
3. View the private key using the following command:

cat private.key
Spring 2021
- Provide a screenshot of the output.
you can later import the key on another machine using the command: gpg --import private.key
4. Creating keys: You can add different sub keypairs that can be used for different purposes. For
example, one sub keypair can be used for signing business documents while the other keypair
for signing personal documents. To add more sub keypairs, follow these steps:
a. Enter the editing mode of the primary key using this command:
gpg --edit-key InsertIdentifierEmailHere
b. Enter the command:

addkey
c. Specify the type of the key, select: RSA (encrypt only)

d. Specify the key size: 2048
e. Specify the expiration of the key: 0, and type y to confirm
f. Enter your password
g. Use CTRL + C to exit editing mode
- Provide a screenshot of the output
Spring 2021
5. Deleting keys: To delete an existing key, you should execute the following commands:
a. Enter in the editing mode of the primary key using this command:
b. Select the wanted key using the command:

key N
where N represents the order of the key and can take values starting from 0.
c. Enter the command, and type y to confirm:

delkey
d. Enter CTRL+C to exit editing mode
6. Revoking keys: Sometimes, our private keys can be lost (e.g. your hard disk is crashed or stolen,
or you may simply forget your passphrase). In this case, we should inform our correspondents as
quickly as possible by revoking our key and sending them the revocation certificate. In order to
revoke a key, you need to know the passphrase of the private key that you want to revoke, and
you need to have an access to the private key. Follow the below steps to revoke a key:
Spring 2021
a. Enter the edit mode:

b. Select the key to revoke using the below command, where N is the order number of the
key, starting from 0:
key N
c. Revoke the key using the below command:

Revkey
d. Select a reason for revocation and confirm.

e. Press CTRL + C to exit editing mode
7. Distributing keys: In an ideal scenario, we should distribute our keys by giving them personally
to our correspondents. However, the PGP keys can be distributed by email, or by other
electronic means of communication. In addition to email, one of the most known distribution
methods is to post your public key to central public key servers. Use the following command to
distribute your key:
a. use the command: gpg --list-keys
b. copy your public key id that is shown in the screenshot below
c. send your public key:

gpg --keyserver keys.gnupg.net --send-key InsertPublicKeyID
- provide a screenshot of the output

-
Spring 2021
Task 4: Encrypt and Decrypt documents

You can encrypt and decrypt documents using the following commands:
1. First, we will encrypt a document using symmetric encryption:
a. create the document that is going to be encrypted
touch doc1
b. verify that the document has been created

ls
c. Insert text into the document

echo This is the first secret message! > doc1
d. View the content of the document

cat doc1
e. Encrypt using symmetric encryption, enter your password if needed:

gpg --symmetric doc1
f. Use the command ls to view the output file, which should be titled doc1.gpg
g. View the contents of the encrypted file using the below command
cat doc1.gpg
- If you want to send the above encrypted message to a friend. What does your friend need
to decrypt the file? what is the problem that rises when using symmetric encryption?
2. Next, encrypt using asymmetric encryption. You can encrypt a message for a single specific
recipient. You do this by encrypting asymmetrically with the recipient’s public key. By doing this,
only the recipient's private key will decrypt the message. You will need the recipient's public key
in order to do this. They can share their public key with you directly, or you can search public
key servers. For this exercise you will encrypt using your own public key.
a. create the document that is going to be encrypted
touch doc2
b. verify that the document has been created

ls
c. Insert text into the document

echo This is the second secret message! > doc2
d. View the content of the document

cat doc2
Spring 2021
e. Encrypt using asymmetric encryption:

gpg --output encrypted --encrypt --recipient InsertIdentifierEmailHere doc2
For example:
gpg --output encrypted --encrypt --recipient [email protected] doc2
f. Use the command ls to view the output file.
g. View the contents of the encrypted file using the below command.
cat encrypted
h. Now you will decrypt the file using the following command:
gpg --output decrypted --decrypt encrypted
i. Use the command ls to view the output file.
j. View the contents of the encrypted file using the below command.
cat decrypted
- If Alice wants to send a message to bob using asymmetric cryptography. Which key should
she use to encrypt the message? And which key will be used to decrypt the message?
- What are the advantages and disadvantages of symmetric cryptography?
- What are the advantages and disadvantages of asymmetric cryptography?
Task 5: Sign documents

You can use the following commands in order to sign and verify the signature of a documents.
1. Generating the signature:
gpg --output signed --sign doc2
2. Verifying the signature

gpg --verify signed
- What is the purpose of digital signatures?

Cryptography v2

Uploaded by

Copyright:

Available Formats

Cryptography v2

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cryptography v2

Uploaded by

Copyright:

Available Formats

SEC 336: Information Security Technologies

Outcome: Introduction to symmetric and asymmetric encryption

4. Encrypt and decrypt documents

Task 1: Install GPG

1. Start Alpine Docker image

2. Install the gpg package using the following command:

- what are the supported encryption algorithms?

Task 2: Generate Keypairs

- what are the other three choices?

2. Type 1 to select choice 1 and press Enter

- What does option 0 mean?

- Provide a screenshot your result.

- What was created in addition to the keypair?

Task 3: Manage keys

- Provide a screenshot of the output

3. View the private key using the following command:

- Provide a screenshot of the output.

b. Enter the command:

c. Specify the type of the key, select: RSA (encrypt only)

- Provide a screenshot of the output

b. Select the wanted key using the command:

c. Enter the command, and type y to confirm:

a. Enter the edit mode:

c. Revoke the key using the below command:

d. Select a reason for revocation and confirm.

a. use the command: gpg --list-keys

b. copy your public key id that is shown in the screenshot below

c. send your public key:

- provide a screenshot of the output

Task 4: Encrypt and Decrypt documents

b. verify that the document has been created

c. Insert text into the document

d. View the content of the document

e. Encrypt using symmetric encryption, enter your password if needed:

b. verify that the document has been created

c. Insert text into the document

d. View the content of the document

e. Encrypt using asymmetric encryption:

f. Use the command ls to view the output file.

i. Use the command ls to view the output file.

- What are the advantages and disadvantages of symmetric cryptography?

- What are the advantages and disadvantages of asymmetric cryptography?

Task 5: Sign documents

2. Verifying the signature

- What is the purpose of digital signatures?

You might also like