Asymmetric crypto algorithms

Innovative Technologies for Computer Security
Practice
Author

Andrei Biziuk

Published

February 29, 2024

Secure Communication Using Asymmetric Keys

Objective: The objective of this task is to understand the fundamentals of asymmetric key pairs, encryption, and secure communication. You will generate a pair of asymmetric keys (public and private keys) and use them to securely exchange messages with a fellow student.

Theoretical information

OpenSSL

OpenSSL is a widely used open-source software library and toolset that provides support for Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. It is primarily used for securing network communication and is a fundamental component of modern encryption and security infrastructure. Here’s some key information about OpenSSL:

  1. Security Protocols: OpenSSL provides implementation for various security protocols, including SSL and TLS. These protocols are essential for securing data transmission over the internet. OpenSSL is used in web servers, email servers, VPNs, and many other applications to enable encrypted communication.

  2. Cryptography Library: OpenSSL is a comprehensive cryptography library that supports a wide range of cryptographic algorithms and functions, including symmetric and asymmetric encryption, hashing, digital signatures, and certificate management. It supports popular algorithms like RSA, DSA, ECC, AES, and more.

  3. Open Source: OpenSSL is open-source software and is distributed under the OpenSSL License and the Apache License. This open-source nature makes it accessible for developers and organizations to use, modify, and distribute it freely.

  4. Cross-Platform: OpenSSL is available on various platforms, including Unix-like systems (e.g., Linux, BSD), Windows, macOS, and more. It can be used on a wide range of operating systems, making it versatile for different environments.

  5. Command-Line Tools: OpenSSL includes a set of command-line tools that allow users to perform various cryptographic operations, such as generating key pairs, encrypting and decrypting data, creating digital signatures, and certificate management. These tools are valuable for administrative tasks and debugging.

  6. APIs and Libraries: OpenSSL provides a library that developers can use in their applications to incorporate encryption and security features. APIs are available for various programming languages, including C, C++, and scripting languages through wrapper libraries.

  7. Certificate Management: OpenSSL includes tools for managing X.509 digital certificates, including creating self-signed certificates, certificate signing requests (CSRs), and working with certificate authorities.

  8. Heartbleed Vulnerability: OpenSSL gained significant attention due to the Heartbleed vulnerability in 2014. This security flaw allowed attackers to access sensitive information from the memory of servers using certain versions of OpenSSL. The vulnerability highlighted the importance of keeping software up to date and secure.

  9. Community Support: OpenSSL has a large and active community of users and developers who collaborate on its development and security. This helps in maintaining and improving the software.

  10. Licensing and Distribution: OpenSSL is available under a dual license, which includes the OpenSSL License and the Apache License. This licensing scheme ensures that OpenSSL can be used in both open-source and commercial software projects.

OpenSSL is a critical component of the modern internet, enabling secure communication and data protection. It is widely used in web servers like Apache and Nginx, email servers, VPNs, and many other applications that require encryption and secure network communication. It continues to evolve to address security concerns and adapt to changing cryptographic standards.

Usage of OpenSSL

Generate Key Pairs:

  • Create a key pair consisting of a private key and a corresponding public key using the openssl tool. For example, to create an RSA key pair, execute the following commands:

    openssl genpkey -algorithm RSA -out private_key.pem
openssl rsa -pubout -in private_key.pem -out public_key.pem

Sign and Verify Documents:

  • Create a text document (e.g., message.txt) and sign it using your private key:

    openssl dgst -sha256 -sign private_key.pem -out signature.bin message.txt

  • Then, verify the signature using the corresponding public key:

    openssl dgst -sha256 -verify public_key.pem -signature signature.bin message.txt

Encrypt and Decrypt:

  • Encrypt a file using the recipient’s public key:

    openssl rsautl -encrypt -inkey public_key.pem -pubin -in plaintext.txt -out encrypted.bin

  • Then, decrypt it using the corresponding private key:

    openssl rsautl -decrypt -inkey private_key.pem -in encrypted.bin -out decrypted.txt

GnuPG

GnuPG, which stands for “GNU Privacy Guard,” is a free and open-source encryption software program that provides cryptographic privacy and authentication for data communication. It is a versatile tool used for secure email communication, file encryption, and digital signatures. Here’s some key information about GnuPG:

  1. Open Source: GnuPG is distributed as free and open-source software, released under the GNU General Public License (GPL). This open-source nature encourages transparency, security, and community collaboration.

  2. Cryptographic Features: GnuPG provides a wide range of cryptographic features, including:

    • Data Encryption: GnuPG supports various encryption algorithms, such as RSA, DSA, Elgamal, and symmetric ciphers like AES. It can encrypt files, emails, and other data.

    • Digital Signatures: Users can create digital signatures to verify the authenticity and integrity of documents or messages. GnuPG employs asymmetric key pairs for creating and verifying signatures.

    • Key Management: GnuPG allows users to generate, import, export, and manage public and private keys. It supports key revocation, key expiration, and key signing by other users.

    • Secure Communication: GnuPG can be used for secure email communication (via email clients like Thunderbird with the Enigmail plugin), securing chat messages, and encrypting files.

  3. Compatibility: GnuPG is highly compatible with the OpenPGP standard, making it interoperable with other OpenPGP-compliant software and services.

  4. Multiple Platforms: GnuPG is available on various platforms, including Unix-like systems (Linux, BSD, macOS), Windows, and more, making it accessible to a wide range of users.

  5. Command-Line and GUI: GnuPG provides both command-line tools and graphical user interfaces (GUIs) for users with varying levels of technical expertise. The command-line interface is powerful and is often used for scripting and automation.

  6. Plugin Integration: GnuPG can be integrated with popular email clients and other software applications, allowing for the seamless encryption and signing of messages and files.

  7. Web of Trust: GnuPG uses a concept called the “web of trust” for key verification. This system allows users to sign each other’s keys, establishing trust relationships within the GnuPG community.

  8. Security: GnuPG is designed with security in mind, and the project actively addresses vulnerabilities and security issues. Regular updates and audits help maintain its integrity.

  9. Community Support: GnuPG benefits from a strong and active community of users and developers who contribute to its development and documentation.

  10. Public Key Servers: GnuPG supports key servers where users can publish and retrieve public keys. This is essential for sharing public keys and verifying the authenticity of others’ keys.

GnuPG is a fundamental tool for ensuring data privacy and security in various applications, including email encryption, secure file storage, and code signing. It is widely used by individuals, organizations, and activists to protect sensitive information and maintain the confidentiality and integrity of data. GnuPG’s commitment to open-source principles and strong cryptography principles has made it a respected choice for secure communication and digital signatures.

Usage of GnuPG

Encrypting Messages or Files:

  1. Generate or Import Keys:
    • If you haven’t already, generate a key pair using the gpg --gen-key command or import public keys of your communication partners.
  2. Encrypt a Message or File:

    • To encrypt a message, use the following command:

      gpg --encrypt --recipient recipient@example.com --output encrypted_message.gpg message.txt

      Replace recipient@example.com with the recipient’s email or key ID and message.txt with the file you want to encrypt.

Decrypting Messages or Files:

  1. Import Keys:
    • Ensure you have your private key available for decryption. You can import it using the gpg --import private_key.asc command if you haven’t already.
  2. Decrypt a Message or File:

    • To decrypt a message, use the following command:

      gpg --decrypt --output decrypted_message.txt encrypted_message.gpg

      Replace decrypted_message.txt with the desired output file name and encrypted_message.gpg with the encrypted file you want to decrypt.

Signing Messages or Files:

  1. Generate or Import Keys:
    • If you haven’t already, generate a key pair using the gpg --gen-key command or import the recipient’s public key.
  2. Sign a Message or File:

    • To sign a message, use the following command:

      gpg --sign --output signed_message.gpg message.txt

      Replace signed_message.gpg with the desired output file name and message.txt with the file you want to sign.

Verifying Signatures:

  1. Import Keys:
    • Ensure you have the sender’s public key imported. You can import it using the gpg --import sender_public_key.asc command.
  2. Verify a Signature:

    • To verify a signature, use the following command:

      gpg --verify signed_message.gpg

      GnuPG will check the signature and display the result, indicating whether it’s valid or not.

Remember to exchange keys securely with your communication partners to ensure the integrity and authenticity of your encrypted and signed messages. You can use key servers or direct key sharing to obtain and verify public keys. GnuPG also supports key signing, where you vouch for the authenticity of others’ keys within your “web of trust.”

GnuPG is a powerful tool for cryptographic operations, and it offers various options and configurations for advanced usage. For specific use cases and more advanced features, you can refer to the GnuPG documentation and manuals or explore the available command-line options using gpg --help.

Instructions

  1. You and your fellow student should each have a pair of asymmetric keys.

  2. Compose a message that you want to send securely to your fellow student.

  3. Encrypt the message using your fellow student’s public key. Your fellow student will do the same with your public key.

  4. Share the encrypted messages with each other. These encrypted messages can be safely transmitted over untrusted communication channels.

  5. Decrypt the received message using your private key, and ask your fellow student to do the same. This decryption process should reveal the original message.

  6. Verify that the decrypted message matches the original message, ensuring secure communication using asymmetric keys.

Using OpenSSL:

  1. Generate RSA Key Pair:
    • Task: Generate an RSA key pair using OpenSSL and provide a brief description of the process.
    • Expected Outcome: Private key file and a corresponding public key file.
  2. Encrypt and Decrypt a File:
    • Task: Create a text file, encrypt it using the public key, and then decrypt it using the private key.
    • Expected Outcome: Encrypted and decrypted files, demonstrating the basic principles of asymmetric encryption.

Using GnuPG:

  1. Generate a Key Pair:
    • Task: Generate a GnuPG key pair, including a public and private key. Explain the purpose of each key.
    • Expected Outcome: A GnuPG key pair in their keyring.
  2. Encrypt and Decrypt a Message:
    • Task: Compose a simple email message, encrypt it for a peer’s public key, and then decrypt a message encrypted for them.
    • Expected Outcome: Encrypted and decrypted messages, demonstrating email encryption.
  3. Sign and Verify a Message:
    • Task: Sign a text message with private key and then verify a signed message from a peer.
    • Expected Outcome: Signed and verified messages, demonstrating the concept of digital signatures.
Back to top