Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security: Lab#2 J. H. Wang Oct. 9, 2013. Objectives To learn to use message digests –MD5 To learn to use secure hash functions –SHA-1, SHA-2 To.

Published byTimothy Richardson Modified over 8 years ago

Similar presentations

Presentation on theme: "Network Security: Lab#2 J. H. Wang Oct. 9, 2013. Objectives To learn to use message digests –MD5 To learn to use secure hash functions –SHA-1, SHA-2 To."— Presentation transcript:

1 Network Security: Lab#2 J. H. Wang Oct. 9, 2013

2 Objectives To learn to use message digests –MD5 To learn to use secure hash functions –SHA-1, SHA-2 To learn to use one of the public-key cryptography standards –RSA To learn to use digital signatures

3 Libraries Used in this Lab OpenSSL: an open source implementation of SSL and TLS protocols –Widely used on various platforms UNIX-like: Linux, Solaris, Mac OS X, BSD Windows –Cryptographic algorithms supported MD5, SHA-1, SHA-2 RSA –(Installation skipped: the same as in Lab#1)

4 OpenSSL Command-Line Tools OpenSSL command-line tool –MD5: openssl md5 –SHA: (-224, -256, -384, -512) SHA: openssl sha SHA-1: openssl dgst -sha1

5 OpenSSL Command-Line Tools Alternative commands –MD5: openssl dgst -md5 –SHA: SHA: openssl dgst -sha SHA-1: openssl dgst -sha1

6 Experiment Scenario - Encryption Prepare a file to be encrypted, say “original.txt” First, we encrypt the file into encrypted file “enc.txt” (using receiver’s public key) Then, we decrypt it and get another file “dec.txt” (using receiver’s private key) Finally, we check if the decrypted file is the same as the original file

7 Another Scenario – Digital Signature Prepare a file to be signed, say “original.txt” First, we encrypt the file into encrypted file “sig.txt” (using sender’s private key) Then, we decrypt it and get another file “des.txt” (using sender’s public key) Finally, we verify if the decrypted file is the same as the original file

8 Yet Another Scenario – both Prepare a file to be signed and encrypted, say “original.txt” First, we encrypt the file into encrypted file “sign.txt” (using sender’s private key) Then, we encrypt the file into encrypted file “enc.txt” (using receiver’s public key) Third, we decrypt it and get another file “dec.txt” (using receiver’s private key) Four, we decrypt it and get another file “des.txt” (using sender’s public key) Finally, we verify if the decrypted file is the same as the original file

9 Limitations of the Tool File size: cannot be larger than 64 bytes –It depends on the key size (default: 512 bits) –We can set a larger key size E.g. for generating private key of 1024 bits: –openssl genrsa -out key.s 1024 –Still a serious limitation

10 Real Application Scenario For each person, a pair of keys is first generated To send a large file, it can be encrypted in two possible ways –The file must be first divided into pieces and encrypted by RSA –The file can also be encrypted by a session key using AES, in which the session key is encrypted by RSA The decryption process is also followed by a merge of decrypted pieces or by session key

11 OpenSSL Command-Line Tools OpenSSL command-line tool for RSA –Notation: : secret key : public key –Key management: Private key generation: openssl genrsa -out To output public key: openssl rsa -in -pubout -out –Encryption/decryption: Encrypt with public key: openssl rsautl -encrypt -pubin -inkey -in -out Decrypt with private key: openssl rsautl -decrypt -inkey -in -out

12 OpenSSL Command-Line Tools Alternative commands for RSA: (using pkeyutl) –Encryption/decryption: Encrypt with public key: openssl pkeyutl -encrypt -pubin -inkey -in -out Decrypt with private key: openssl pkeyutl -decrypt -inkey -in -out

13 OpenSSL command-line tool for Digital Signature –Notation: : original file : signature file –Digital signature: Sign: openssl rsautl -sign -inkey -in -out Verify: openssl rsautl -verify -pubin -inkey -in –Alternative commands: Sign: openssl pkeyutl -sign -inkey -in -out Verify: openssl pkeyutl -verify -inkey -sigfile -in Recover: openssl pkeyutl -verifyrecover -pubin -inkey - in

14 OpenSSL Libraries for Message Digests OpenSSL crypto library –MD5: 128-bit #include Initialize a MD5_CTX structure: MD5_Init() MD5_Update() MD5_Final() Computes the message digest: MD5()

15 OpenSSL Libraries for Secure Hash Functions –SHA1: 160-bit #include Initialize a SHA_CTX structure: SHA1_Init() SHA1_Update() SHA1_Final() Computes the message digest: SHA1() –EVP: high-level interface to cryptographic functions #include EVP_Digest…() functions: message digests

16 OpenSSL Libraries for Public-Key Cryptography –RSA: #include RSA structure RSA_...() functions –EVP: high-level interface to cryptographic functions #include EVP_Seal…(), EVP_Open…(): public key encryption/decryption EVP_PKEY…() functions: asymmetric algorithms

17 OpenSSL Libraries for Digital Signature –EVP: high-level interface to cryptographic functions #include EVP_Sign…(), EVP_Verify…(): digital signature

18 Summary Key generation Encrypting a file (using public-key cryptography) Decrypting a file (using public-key cryptography) Signing a file Verifying a file Generating and verifying message digests

Download ppt "Network Security: Lab#2 J. H. Wang Oct. 9, 2013. Objectives To learn to use message digests –MD5 To learn to use secure hash functions –SHA-1, SHA-2 To."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Network Security: Lab#2 J. H. Wang Apr. 28, 2011.

Network Security: Lab#2 J. H. Wang Apr. 28, 2011.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.

Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.

Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
Security Chapters 14,15. The Security Environment Threats Security goals and threats.

Security Chapters 14,15. The Security Environment Threats Security goals and threats.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Chapter 3 Encryption Algorithms & Systems (Part C)

Chapter 3 Encryption Algorithms & Systems (Part C)
Electronic mail security -- Pretty Good Privacy.

Electronic mail security -- Pretty Good Privacy.
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Feb 19, 2002Mårten Trolin1 Previous lecture Practical things about the course. Example of cryptosystem — substitution cipher. Symmetric vs. asymmetric.

Feb 19, 2002Mårten Trolin1 Previous lecture Practical things about the course. Example of cryptosystem — substitution cipher. Symmetric vs. asymmetric.
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.

Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
Linux Cryptography overview and How-to’s using OpenSSL

Linux Cryptography overview and How-to’s using OpenSSL

Similar presentations

Ads by Google