CS 426, Spring, 2008, HW 2. Due February 4 , 2007, 5:30 PM. 

In this PSO you will experiment with PGP (Pretty Good Privacy). Use lore.cs.purdue.edu

PGP is not there on your linux machine (B148). 
It is there in lore.cs.purdue.edu at /p/pgp/pgp. 

Tips: type "pgp -h" for a usage summary and “pgp -k" to see options for key management. 
A useful tutorial is "http://www.acm.org/crossroads/xrds6-5/pgptutorial.html.

Figure out how to use PGP. Then use PGP to generate both a signing and an encryption key via the "-kg" option. 
Set the validity of each to no more than 120 days. (Do not create a key that never expires.) 
Sign your own key. Find the TA's DSA PGP key via "http://www.cs.purdue.edu/homes/ashishk/TA08/cs426/pubring.pgp" 
and figure out how to import it into your keyring.

Next, print your key "fingerprint" and use that, together with email of your key, to get at least two other people in the class to sign your key. 
(This is one time when you are supposed to cooperate with other students to complete your class assignment.)

Then practice signing files and sending them (encoded with the "es" options or any other oprtion you ind appropriate) to the people who signed your key. 
Also try encrypting files with someone else's public key and sending it to them. Make sure they can decrypt what you sent them. 
Finally, try both signing and encrypting a text file and sending it to someone.

The assignment is same as that of HW 1.

  1. Collaborate with a friend (B) to finish this assignment. You should use the pgp to generate private and public keys. Write a program (A) for: encrypting a message using another party's (B) public key and sending the encrypted message to B. B then decrypts the message using his private key, signs the message with pgp's signing technique and after encrypting the signed message by the public key of A sends to A. A after receiving the message, decrypts using its private key and then verifies the signature of B by using pgp. A verifies by comparing the decrypted message to the message she sent to B, whether they are same. Program should interactive - messages should be keyed in by the user, whoever is running the program. Each step is displayed on screen with the result of comparison at the end.

  1. Turn in the following documents all together using "turnin" on B148/lore machines. key-pairs (files with the private/public keys) for both sender and receiver are stored in files: sender-public/private and receiver-public/private keys; listing of both sets of your send and receive programs, including a README file describing how to compile and run the program. NAMEs of the programs should be sender - "pgp-send.c" and receiver - "pgp-recv.c". Use C to implement the program. In README, add your friend's name and e-mail id (purdue), with whom you collaborated. ONLY ONE TURN IN REQUIRED PER GROUP. If you are turning in, then your friend does not have to turn it in.

In your README file add an answer to this.

3. Do you think there can be a man-in-the-middle attack possible here so that the confidentiality of the file being sent is breached? Yes/no and why? *********************************************************************************************************************