This is an old revision of the document!


Lecture 09 - Encryption. Hashing. APIs

  • Keywords: encryption, symmetric encryption, public key encryption, digital signatures, hash, fingerprinting, certificate, RSA, MAC, openssl, gnutls, crypt, libgcrypt, botan, side channel attack, Heartbleed

Demos

For demos, we will use the demo archive. We will a Linux system to run the demos. We download the archive using the command

wget http://elf.cs.pub.ro/cns/res/lectures/lecture-09-demo.zip

and then we unpack the archive

unzip lecture-09-demo.zip

and then access the demo folder that resulted after the unpack operation

cd lecture-09-demo/

We will now pass through the demos below.

The demos show various ways of using the RSA algorithm: generating keys, encrypting a message and decrypting the message.

RSA in the Shell

We will first start using RSA inside the shell. We will do key generation, key inspection, encryption and decryptions using shell commands embedded in a shell script.

We will go to the shell/ subfolder in the lab archive folder:

student@mjolnir:~/lecture-09-demo$ cd shell/
student@mjolnir:~/lecture-09-demo/shell$ ls -F
rsa-ctl*

The rsa-ctl file is an executable shell script that allows us to do common RSA operations. We run it with no arguments to check what arguments we can pass to it:

student@mjolnir:~/lecture-09-demo/shell$ ./rsa-ctl 
Provide one argument.
Usage: ./rsa-ctl genkey | encrypt | decrypt | inspect

The arguments are quite clear: we can generate the RSA keys, we can encrypt messages, we can decrypt messages and we can inspect the keys.

First, use an editor or pager (such as vim or less) to explore the script. Check the four functions implementing the required functionality: rsa_genkey, rsa_encrypt, rsa_decrypt and rsa_inspect. All fuctions use the openssl command, the front-end command for the OpenSSL library.

First, let's generate the private and public keys:

student@mjolnir:~/lecture-09-demo/shell$ ./rsa-ctl genkey
Generate private key in rsa.private ...
Generate public key in rsa.public ...
student@mjolnir:~/lecture-09-demo/shell$ ls
rsa-ctl  rsa.private  rsa.public

The keys are generated in the rsa.private and rsa.public files. Two openssl commands are used in the rsa_genkey funciton in the rsa-ctl script. The first command generates all required parameters and saves them in the private key file (rsa.private). The second command extract the public key information (the modulus n and the public exponent e) and places the public key in the rsa.public file. Both keys are stored in PEM format:

student@mjolnir:~/lecture-09-demo/shell$ cat rsa.private 
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDfa9+gSRjtsHLNYo6fk4OHwp/ZkM2p7UQM9zMbQ3T8Ql+ST0li
/GWx02zGD085eqIzzofZYEEn8/qm2l3iH94QofrbArTrERre4QGrNwUxBehYJKwo
malJ0mvPJqY+rVt2lNYPXCgcnC4aDSMgFKsgf2UzGif9pI7sE9Xzlgo8WQIDAQAB
AoGAaQG4Xws8DirKKkHSKqoYPax5mLX4E4+SVk2w1XWE/DLt3EQrh7x8x3FJRGVZ
pPhAV/0P2FjnBrIi8lzblzXHFkUQyFGOH+oyizIwDhFznb/XBt6VpEJZXDe278PP
2Mtr0pGzmUMTYdzDXLxg267C4zPRJyqI3z1my9Vdljj03KkCQQD7vFTOdjkN+HZK
hJN90leDuGE9HhyFR0nErfPJFbMtXUXHXn7/MsB0N3R61FD0zSR0RcHRouYkAUwk
JEUx7S6vAkEA4zTBZK24V7iyHmpXMQPILQ7hVP3oggsT14bXZzVzHwNo/WvFTK4K
43Pqo6o27xNxMQkLSp0t7GG7S5ZCAllHdwJBALWyVqf6zu2Vg5P/oxFy6/XH9G+P
t1g/fzA1ujtOrVg19XKUcyexsxVvHWS2sIQxOXmvC9lLMb+VLCb+Au+pWUMCQDAN
x11o1JVRDfMa4KgQObU18XiNXzCp8R9jeIlup5OGoB0BPzBxmwHyUU0eQhIclZMe
a5HzXnQhU4CwHfPrOA8CQD9TTziWkpYAvcFQNhyvjeJIBVODkBKZx9d3qoSzq9bn
ei0hbY6VL+gCkIHLuv4oBWqCl4EuN319amxzv+bJCAk=
-----END RSA PRIVATE KEY-----

student@mjolnir:~/lecture-09-demo/shell$ cat rsa.public 
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfa9+gSRjtsHLNYo6fk4OHwp/Z
kM2p7UQM9zMbQ3T8Ql+ST0li/GWx02zGD085eqIzzofZYEEn8/qm2l3iH94Qofrb
ArTrERre4QGrNwUxBehYJKwomalJ0mvPJqY+rVt2lNYPXCgcnC4aDSMgFKsgf2Uz
Gif9pI7sE9Xzlgo8WQIDAQAB
-----END PUBLIC KEY-----

As the private key stores extensive information it is considerable larger than the public key.

Let's also inspect the keys using the inspect argument to the rsa-ctl script. We will be able to see the modulus (n), the prime numbers (p and q), the public exponent (e) and the private exponent (d)).

Click to view command output

Click to view command output

student@mjolnir:~/lecture-09-demo/shell$ ./rsa-ctl inspect

==== Showing private key


Private-Key: (1024 bit)
modulus:
    00:df:6b:df:a0:49:18:ed:b0:72:cd:62:8e:9f:93:
    83:87:c2:9f:d9:90:cd:a9:ed:44:0c:f7:33:1b:43:
    74:fc:42:5f:92:4f:49:62:fc:65:b1:d3:6c:c6:0f:
    4f:39:7a:a2:33:ce:87:d9:60:41:27:f3:fa:a6:da:
    5d:e2:1f:de:10:a1:fa:db:02:b4:eb:11:1a:de:e1:
    01:ab:37:05:31:05:e8:58:24:ac:28:99:a9:49:d2:
    6b:cf:26:a6:3e:ad:5b:76:94:d6:0f:5c:28:1c:9c:
    2e:1a:0d:23:20:14:ab:20:7f:65:33:1a:27:fd:a4:
    8e:ec:13:d5:f3:96:0a:3c:59
publicExponent: 65537 (0x10001)
privateExponent:
    69:01:b8:5f:0b:3c:0e:2a:ca:2a:41:d2:2a:aa:18:
    3d:ac:79:98:b5:f8:13:8f:92:56:4d:b0:d5:75:84:
    fc:32:ed:dc:44:2b:87:bc:7c:c7:71:49:44:65:59:
    a4:f8:40:57:fd:0f:d8:58:e7:06:b2:22:f2:5c:db:
    97:35:c7:16:45:10:c8:51:8e:1f:ea:32:8b:32:30:
    0e:11:73:9d:bf:d7:06:de:95:a4:42:59:5c:37:b6:
    ef:c3:cf:d8:cb:6b:d2:91:b3:99:43:13:61:dc:c3:
    5c:bc:60:db:ae:c2:e3:33:d1:27:2a:88:df:3d:66:
    cb:d5:5d:96:38:f4:dc:a9
prime1:
    00:fb:bc:54:ce:76:39:0d:f8:76:4a:84:93:7d:d2:
    57:83:b8:61:3d:1e:1c:85:47:49:c4:ad:f3:c9:15:
    b3:2d:5d:45:c7:5e:7e:ff:32:c0:74:37:74:7a:d4:
    50:f4:cd:24:74:45:c1:d1:a2:e6:24:01:4c:24:24:
    45:31:ed:2e:af
prime2:
    00:e3:34:c1:64:ad:b8:57:b8:b2:1e:6a:57:31:03:
    c8:2d:0e:e1:54:fd:e8:82:0b:13:d7:86:d7:67:35:
    73:1f:03:68:fd:6b:c5:4c:ae:0a:e3:73:ea:a3:aa:
    36:ef:13:71:31:09:0b:4a:9d:2d:ec:61:bb:4b:96:
    42:02:59:47:77
exponent1:
    00:b5:b2:56:a7:fa:ce:ed:95:83:93:ff:a3:11:72:
    eb:f5:c7:f4:6f:8f:b7:58:3f:7f:30:35:ba:3b:4e:
    ad:58:35:f5:72:94:73:27:b1:b3:15:6f:1d:64:b6:
    b0:84:31:39:79:af:0b:d9:4b:31:bf:95:2c:26:fe:
    02:ef:a9:59:43
exponent2:
    30:0d:c7:5d:68:d4:95:51:0d:f3:1a:e0:a8:10:39:
    b5:35:f1:78:8d:5f:30:a9:f1:1f:63:78:89:6e:a7:
    93:86:a0:1d:01:3f:30:71:9b:01:f2:51:4d:1e:42:
    12:1c:95:93:1e:6b:91:f3:5e:74:21:53:80:b0:1d:
    f3:eb:38:0f
coefficient:
    3f:53:4f:38:96:92:96:00:bd:c1:50:36:1c:af:8d:
    e2:48:05:53:83:90:12:99:c7:d7:77:aa:84:b3:ab:
    d6:e7:7a:2d:21:6d:8e:95:2f:e8:02:90:81:cb:ba:
    fe:28:05:6a:82:97:81:2e:37:7d:7d:6a:6c:73:bf:
    e6:c9:08:09
Modulus=DF6BDFA04918EDB072CD628E9F938387C29FD990CDA9ED440CF7331B4374FC425F924F4962FC65B1D36CC60F4F397AA233CE87D9604127F3FAA6DA5DE21FDE10A1FADB02B4EB111ADEE101AB37053105E85824AC2899A949D26BCF26A63EAD5B7694D60F5C281C9C2E1A0D232014AB207F65331A27FDA48EEC13D5F3960A3C59

==== Showing public key


Public-Key: (1024 bit)
Modulus:
    00:df:6b:df:a0:49:18:ed:b0:72:cd:62:8e:9f:93:
    83:87:c2:9f:d9:90:cd:a9:ed:44:0c:f7:33:1b:43:
    74:fc:42:5f:92:4f:49:62:fc:65:b1:d3:6c:c6:0f:
    4f:39:7a:a2:33:ce:87:d9:60:41:27:f3:fa:a6:da:
    5d:e2:1f:de:10:a1:fa:db:02:b4:eb:11:1a:de:e1:
    01:ab:37:05:31:05:e8:58:24:ac:28:99:a9:49:d2:
    6b:cf:26:a6:3e:ad:5b:76:94:d6:0f:5c:28:1c:9c:
    2e:1a:0d:23:20:14:ab:20:7f:65:33:1a:27:fd:a4:
    8e:ec:13:d5:f3:96:0a:3c:59
Exponent: 65537 (0x10001)
Modulus=DF6BDFA04918EDB072CD628E9F938387C29FD990CDA9ED440CF7331B4374FC425F924F4962FC65B1D36CC60F4F397AA233CE87D9604127F3FAA6DA5DE21FDE10A1FADB02B4EB111ADEE101AB37053105E85824AC2899A949D26BCF26A63EAD5B7694D60F5C281C9C2E1A0D232014AB207F65331A27FDA48EEC13D5F3960A3C59

You can see the large modulus and prime numbers. We generated the key for 1024 bits, so the modulus uses 256 hexadecimal digits (each digit ocuppies 4 bits, for a total or 256 * 4 = 1024 bits). We know we have a valid key pair since both the private and public key are using the same modulus.

student@mjolnir:~/lecture-09-demo/shell$ echo "anaaremere" | ./rsa-ctl encrypt > encrypted.msg
student@mjolnir:~/lecture-09-demo/shell$ ./rsa-ctl decrypt < encrypted.msg
anaaremere

RSA in C

TODO

RSA in Python

TODO

cns/lectures/lecture-09.1417367808.txt.gz ยท Last modified: 2014/11/30 19:16 by razvan.deaconescu
CC Attribution-Share Alike 3.0 Unported
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0