This is an old revision of the document!
openssl
, gnutls
, crypt
, libgcrypt
, botan
, side channel attack, Heartbleed
For demos, we will use the demo archive. We will a Linux system to run the demos. We download the archive using the command
wget http://elf.cs.pub.ro/cns/res/lectures/lecture-09-demo.zip
and then we unpack the archive
unzip lecture-09-demo.zip
and then access the demo folder that resulted after the unpack operation
cd lecture-09-demo/
We will now pass through the demos below.
The demos show various ways of using the RSA algorithm: generating keys, encrypting a message and decrypting the message.
We will first start using RSA inside the shell. We will do key generation, key inspection, encryption and decryptions using shell commands embedded in a shell script.
We will go to the shell/
subfolder in the lab archive folder:
student@mjolnir:~/lecture-09-demo$ cd shell/ student@mjolnir:~/lecture-09-demo/shell$ ls -F rsa-ctl*
The rsa-ctl
file is an executable shell script that allows us to do common RSA operations. We run it with no arguments to check what arguments we can pass to it:
student@mjolnir:~/lecture-09-demo/shell$ ./rsa-ctl Provide one argument. Usage: ./rsa-ctl genkey | encrypt | decrypt | inspect
The arguments are quite clear: we can generate the RSA keys, we can encrypt messages, we can decrypt messages and we can inspect the keys.
First, use an editor or pager (such as vim
or less
) to explore the script. Check the four functions implementing the required functionality: rsa_genkey
, rsa_encrypt
, rsa_decrypt
and rsa_inspect
. All fuctions use the openssl
command, the front-end command for the OpenSSL library.
First, let's generate the private and public keys:
student@mjolnir:~/lecture-09-demo/shell$ ./rsa-ctl genkey Generate private key in rsa.private ... Generate public key in rsa.public ... student@mjolnir:~/lecture-09-demo/shell$ ls rsa-ctl rsa.private rsa.public
The keys are generated in the rsa.private
and rsa.public
files. Two openssl
commands are used in the rsa_genkey
funciton in the rsa-ctl
script. The first command generates all required parameters and saves them in the private key file (rsa.private
). The second command extract the public key information (the modulus n
and the public exponent e
) and places the public key in the rsa.public
file. Both keys are stored in PEM format:
student@mjolnir:~/lecture-09-demo/shell$ cat rsa.private -----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQDfa9+gSRjtsHLNYo6fk4OHwp/ZkM2p7UQM9zMbQ3T8Ql+ST0li /GWx02zGD085eqIzzofZYEEn8/qm2l3iH94QofrbArTrERre4QGrNwUxBehYJKwo malJ0mvPJqY+rVt2lNYPXCgcnC4aDSMgFKsgf2UzGif9pI7sE9Xzlgo8WQIDAQAB AoGAaQG4Xws8DirKKkHSKqoYPax5mLX4E4+SVk2w1XWE/DLt3EQrh7x8x3FJRGVZ pPhAV/0P2FjnBrIi8lzblzXHFkUQyFGOH+oyizIwDhFznb/XBt6VpEJZXDe278PP 2Mtr0pGzmUMTYdzDXLxg267C4zPRJyqI3z1my9Vdljj03KkCQQD7vFTOdjkN+HZK hJN90leDuGE9HhyFR0nErfPJFbMtXUXHXn7/MsB0N3R61FD0zSR0RcHRouYkAUwk JEUx7S6vAkEA4zTBZK24V7iyHmpXMQPILQ7hVP3oggsT14bXZzVzHwNo/WvFTK4K 43Pqo6o27xNxMQkLSp0t7GG7S5ZCAllHdwJBALWyVqf6zu2Vg5P/oxFy6/XH9G+P t1g/fzA1ujtOrVg19XKUcyexsxVvHWS2sIQxOXmvC9lLMb+VLCb+Au+pWUMCQDAN x11o1JVRDfMa4KgQObU18XiNXzCp8R9jeIlup5OGoB0BPzBxmwHyUU0eQhIclZMe a5HzXnQhU4CwHfPrOA8CQD9TTziWkpYAvcFQNhyvjeJIBVODkBKZx9d3qoSzq9bn ei0hbY6VL+gCkIHLuv4oBWqCl4EuN319amxzv+bJCAk= -----END RSA PRIVATE KEY----- student@mjolnir:~/lecture-09-demo/shell$ cat rsa.public -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfa9+gSRjtsHLNYo6fk4OHwp/Z kM2p7UQM9zMbQ3T8Ql+ST0li/GWx02zGD085eqIzzofZYEEn8/qm2l3iH94Qofrb ArTrERre4QGrNwUxBehYJKwomalJ0mvPJqY+rVt2lNYPXCgcnC4aDSMgFKsgf2Uz Gif9pI7sE9Xzlgo8WQIDAQAB -----END PUBLIC KEY-----
As the private key stores extensive information it is considerable larger than the public key.
Let's also inspect the keys using the inspect
argument to the rsa-ctl
script. We will be able to see the modulus (n
), the prime numbers (p
and q
), the public exponent (e
) and the private exponent (d
)).
You can see the large modulus and prime numbers. We generated the key for 1024 bits, so the modulus uses 256 hexadecimal digits (each digit ocuppies 4 bits, for a total or 256 * 4 = 1024
bits). We know we have a valid key pair since both the private and public key are using the same modulus.
student@mjolnir:~/lecture-09-demo/shell$ echo "anaaremere" | ./rsa-ctl encrypt > encrypted.msg student@mjolnir:~/lecture-09-demo/shell$ ./rsa-ctl decrypt < encrypted.msg anaaremere
TODO
TODO