CS 426, Spring, 2008, HW 1. Due January 28, 2007, 5:30 PM .

There is an aes command on the machines in LWSN B148. To use the command, type "openssl" and then you can run aes commands like "aes-128-cbc", or "aes-128-ecb". Use them to practice encrypting and decrypting files. Try the -e, -d, -in, and -out options. Note that for decryption, the input file ("-in" option) should be the ciphertext. Study the "rsa" command in "openssl". How to generate public and private keys. "genrsa" is used to generate private key and then using the private key, "rsa" is used to generate the public key.

Encrypt a file using a hexadecimal key. Examine the ciphertext with a program like "od" (octal dump). DO NOT TRY TO PRINT this file or any other ciphertext file. Encrypt the same file with the same key, but in ECB mode and compare the two ciphertexts.

Try decrypting the encrypted files with correct and incorrect keys. (Write the output into a file and examine it with "od" before trying to display it on your screen.) See what the output looks like.

Turn in the following documents all together using "turnin".

  1. You should use the openssl to generate private and public keys. Use triple DES. Store them in pso1.public and pso1.private files, with the former being world-readable. Write a program (A) for: encrypting a message using another party's (B) public key and sending the encrypted message to B. B then decrypts the message using his private key, signs the message with his private key - by encrypting it using his private key and after encrypting the signed message by the public key of A sends to A. A after receiving the message, decrypts using its private key and then verifies the signature of B by decrypting the message using B's public key. A verifies by comparing the decrypted message to the message she sent to B, whether they are same. Program should interactive - messages should be keyed in by the user, whoever is running the program. Each step is displayed on screen with the result of comparison at the end.

  1. RSA key-pairs (files with the private/public keys) for both sender and receiver are stored in files: sender-public/private and receiver-public/private keys; listing of both sets of your send and receive programs, including a README file describing how to compile and run the program. NAMEs of the programs should be sender - "rsa-send.c" and receiver - "rsa-recv.c". Use C to implement the program.

Submit the following to Prof. Wagstaff printed, with your name and email address mentioned.

    3. Is any attack possible on the confidentiality or integrity of the message? Could a man-in-the-middle attack (passive/active) be carried out? Mention an attack, if any.

***********************************************************************************