Data Integrity

Innovative Technologies for Computer Security
Practice
Author

Andrei Biziuk

Published

February 29, 2024

Laboratory Assignment: Command Tools For Data Integrity

Objective

  1. Understand the concept of hashing and electronic signatures.
  2. Learn to use command line programs for creating and checking hash values.
  3. Gain hands-on experience in creating and verifying electronic signatures.

Tools Required

  1. Command line interface (e.g., Terminal on Unix/Linux, Command Prompt on Windows)
  2. OpenSSL (for electronic signatures)

Part 1: Hashing

Task 1: Introduction to Hashing

Task 2: Generating Hash Values

  1. Use the command line to create a text file with some sample content (e.g., sample.txt).
  2. Use a hashing algorithm (e.g., SHA-256) to generate a hash value for the contents of the file.
  3. Save the hash value in a separate file (e.g., hash.txt).

Creating a Text File with Sample Content:

echo "This is some sample content." > sample.txt

This command uses echo to write the specified text into a file named sample.txt.

Generating a Hash Value (SHA-256) for the Contents of the File:

sha256sum sample.txt > hash.txt

This command uses the sha256sum command to generate the SHA-256 hash value for the contents of sample.txt and redirects the output to a file named hash.txt.

Verifying Hash Value:

sha256sum -c hash.txt

This command checks the integrity of the file by verifying its hash value against the one stored in hash.txt. If the file has been modified, this command will indicate a mismatch.

Task 3: Verifying Hash Values

  1. Modify the content of the sample.txt file.
  2. Use the hashing algorithm to generate a new hash value for the modified content.
  3. Compare the new hash value with the one stored in hash.txt to verify the integrity of the file.

Modifying the Content of sample.txt:

echo "This is some modified content." > sample.txt

This command modifies the content of sample.txt with a new text.

Generating a New Hash Value for the Modified Content:

sha256sum sample.txt > new_hash.txt

This command uses the sha256sum command to generate the SHA-256 hash value for the modified contents of sample.txt and redirects the output to a new file named new_hash.txt.

Comparing the New Hash Value with the Original Hash Value:

diff -s hash.txt new_hash.txt

This command uses the diff command with the -s option to show the differences between the two hash files (hash.txt and new_hash.txt). If the content of sample.txt was modified, this command should indicate a mismatch between the original hash and the new hash.

Alternatively, you can also use the following command to directly compare the hash values:

cmp -s hash.txt new_hash.txt && echo "File integrity verified" || echo "File has been modified"

This command uses cmp to compare the contents of hash.txt and new_hash.txt. If they match, it prints “File integrity verified”; otherwise, it prints “File has been modified.”

Part 2: Electronic Signatures

Task 4: Introduction to Digital Signatures

Task 5: Creating Electronic Signatures

  1. Use OpenSSL to generate a private key (private.pem) and a corresponding public key (public.pem).
  2. Create a digital signature for the sample.txt file using the private key.
  3. Save the digital signature in a separate file (e.g., signature.txt).

Generating a Private Key and Corresponding Public Key:

openssl genpkey -algorithm RSA -out private.pem
openssl rsa -pubout -in private.pem -out public.pem

The first command generates a private key (private.pem) using the RSA algorithm, and the second command extracts the corresponding public key (public.pem) from the private key.

Creating a Digital Signature for sample.txt using the Private Key:

openssl dgst -sha256 -sign private.pem -out signature.txt sample.txt

This command uses the openssl dgst command to create a digital signature (signature.txt) for the contents of sample.txt using the SHA-256 hash algorithm and the private key (private.pem).

Now, you have a digital signature saved in the signature.txt file.

Task 6: Verifying Electronic Signatures

  1. Modify the content of the sample.txt file.
  2. Use OpenSSL to verify the digital signature using the public key and the modified content.
  3. Document the results and ensure that the verification fails for the modified file.

Modifying the Content of sample.txt:

echo "This is some modified content." > sample.txt

This command modifies the content of sample.txt with a new text.

Verifying the Digital Signature using the Public Key and Modified Content:

openssl dgst -sha256 -verify public.pem -signature signature.txt sample.txt

This command uses the openssl dgst command with the -verify option to verify the digital signature (signature.txt) against the modified contents of sample.txt using the public key (public.pem). If the verification fails (which it should after modifying the file), OpenSSL will output a message indicating the failure.

After running the verification command, document the results and confirm that the verification fails for the modified file. The output should indicate that the signature is not valid for the given data.

This process simulates the scenario where the content of the file has been tampered with, and the digital signature verification fails as a result.

Submission Guidelines

  • Submit a report that includes:
    • A detailed explanation of the tasks performed.
    • Screenshots or command line snippets for each task.
    • Reflection on the importance of hashing and digital signatures in ensuring data integrity and authenticity.
Back to top