Purpose of the Lab:
To familiarize the use of hash functions for integrity checking. To explore the concept of encryption. To create keysets and use them for encryption. To demonstrate the use of encryption in passing a message by email
GPG4win program version 2.0.4 or later (32 or 64 bit). MD5sum.exe.
Assignment: Hash values: Using a file, verify which is correct by hash value. Generate a keyset. Use keys to exchange secured email with the lab instructor. (Look at the appendix A to get the public key of the lab instructor). Send email with a question and your public key. Attach response to your lab report.
3 page lab report One page description of GPG – what does it do and how, and the components of GPG4win. Answer the following questions:
o How do I know that the file I downloaded has not been tampered with? o Compare and contrast Private Key (symmetric) and Public Key (asymmetric) encryption. o Why do we need PKI for secure email? o In what ways can we share our public keys with others?
Attach response from lab instructor Due Date: As assigned in blackboard.
A hash function is a function that takes data or a message as input and returns a value which is usually an integer. This returned value is called a hash value. The other names used for the hash value are hash codes, checksums, hash sums etc. Hash functions can be used for indexing and searching the data in tables, datasets, etc.
A cryptographic hash function converts an input message string or data to a fixed length bit string. The data passed into the hash function is called the message and the bit string returned is called a hash value, message digest, or digest. A cryptographic function is such that if the data gets changed or modified then the function will generate a different hash value. It should not be possible to recreate the message corresponding to a given hash value. One of the applications of secure hashes is integrity checking or verification of the message integrity. MD5 (Message‐Digest Algorithm 5) is a cryptographic hash function with a 128 bit hash value. A MD5 hash is a 32 character hexadecimal number. To understand and familiarize you with the use of hash functions, such as MD5, for integrity checking, let us do the following exercises :‐ Exercise 1:
1. Restart Windows‐7 (Base Operating System) and Log in with: User name: “.\student” Password: “T202!2011” (Case Sensitive)
2. Once you are logged in, click on the Windows XP Pro icon on the desktop. This will launch the VMware screen.
Hash Value Data / Message Hash
3. Click on “Power on this Virtual Machine” text in the VMware window. This will start the Windows XP OS in the virtual machine.
4. Administrator password on WinXP VM is “T202!2011”
5. Make sure that the Virtual Machine is not in the Full Screen or maximized mode. Now, browse to the folder “C:\CISLabs\EncryptionLab” on the WinXP VM. Navigation Path on VM: Start Menu Computer Local Disk(C: ) CISLabs EncryptionLab
6. Next, Open a command prompt terminal by: Start Menu All Programs Accessories Command Prompt.
7. To set “C:\CISLabs\EncryptionLab” as the current directory at the command prompt type: ‘cd C:\CISLabs\EncryptionLab’
8. Next, type md5sum Calc1.exe at the command prompt and press enter. Look at the hash value
that is displayed on the next line. This is the computed hash value for Calc1.exe.
9. Repeat the above step for Calc2.exe (the entire step is the same except for the file name –
Calc2.exe instead of Calc1.exe).
10. Compare the two hash values to the following hash value.
4884da7754823b44ccc2b2106f21146e Which file do you think is the original copy of the Calculator and which one is the tampered with copy?
1. Create a text file with any test data in the Encryption Lab folder. 2. Type md5sum [Filename]. This will compute the hash value for the file. Next, change the data in
the file and again compute the hash value. What do you notice about the hash value computed after making the changes?
3. Now, change the text back to the original text.
What do you notice about the hash value now?
Encryption means changing the data into a format that is unreadable by others who are not supposed to read the message or to whom the message is not directed. A public key is not a secret key. It is available to everyone and anyone can use that key to send you an encrypted message. You will have to share your public key with other people if you want them to send you encrypted messages. A private key is a secret key. Do not share it with others. It is used to decrypt the message sent to you. GNU Privacy Assistant (GPA) is the Key Manager tool that is used to create and manage public‐ private key pairs.
1. Double click the GPA icon on the desktop of the VM. The following screen will appear.
2. Click on the ‘Generate key now’ button. (If the Generate key now message box does not appear, then click on KeysNew Key to generate the key). Enter your Name on the screen that appears. Make sure you enter both First and Last name separated by a space.
3. On the next screen enter your email address. (Yahoo, Gmail or any other).
4. Next, select the option ‘Do it later’. We will create a backup of the keys later.
(Currently the software has a bug – hence if you try creating a backup now you may get an error at the end of the key creation process.)
5. Next, enter a passphrase. A passphrase is used to protect the private key. It is used to make sure
that no one else has access to your private key. Make sure that the passphrase you enter is not easy to guess, yet it is easy for you to remember, since if you forget the passphrase, you will be unable to use your private key for decryption and hence you will not have access to the encrypted information.
6. You will be asked to reenter the passphrase again. Enter the same passphrase that you entered before.
7. Next, you will get a screen displaying a message that your key is being generated.
[You may receive an error message which says – ‘The private key you selected as default is no
longer available. GPA will try to choose a new default key automatically’ – Click the close button on the error window. ]
8. Once your key is generated, create a backup of the keys for storing it at a safer location. To create a backup, Click on Keys menu item on the menu bar, then select the Backup menu item. Next, select the path where you want the keys to be stored. Do not share this copy with others since it contains both the public and private keys. Select the folder where you want to store the key.
NOTE: You need to save this key on your own USB – if you lose your keys, you will not be able to finish the lab
Click the save button. The key will be saved to the location you specified. You can view the keys by opening the saved file in notepad. It will display both the public and private keys.
9. Now if you open the GPA again by clicking the GPA shortcut on the desktop (if it is not already open), you will be able to see the newly created key in the Key manager screen that appears. You can see the details of the key by looking at the bottom of the screen.
Look at the ID of the key and the Fingerprint at the bottom of the screen where all the information about the key is displayed. What similarity do you notice about the ID and the Fingerprint? What do you note about the expiration date of the key pair? How can you change the expiration date?
10. Next, export the public key so that you can share it with the other students in the class so that they can send you encrypted messages. To export the public key, click the Export button on the GPA – Key Manager Screen. Enter any name for the file and select the folder where you want to store the key.
You can open the file using notepad and view the public key.
11. Now, you need to send the key to your fellow students who want to send you encrypted message. To send the key, you have two options :‐ i. Attach the public key file to the email as an attachment and send the email.
ii. Copy the public key (the text you saw when you opened the public key file in the notepad) in the email body and send it to the other students.
Exchange keys with only 3 students in the class. Think‐ what is the problem associated with sharing the key with everyone in the class?
12. Next, you will need to Import the Public keys of the fellow students and the Lab Instructor to be able to send them encrypted messages. (The public key for the lab instructor is in the Encryption Lab folder).
The file is called “Encryption Lab Key ‐ Public for students.asc”
First of all, you need to store the public keys on your system. If the other students send their key as an attachment, then download it and store it on your system. Otherwise, if they sent the key as an email text, then copy and paste the block of the public key text starting from ‐‐‐‐‐BEGIN PGP PUBLIC KEY BLOCK‐‐‐‐‐ to ‐‐‐‐‐END PGP PUBLIC KEY BLOCK‐‐‐‐‐ in a text editor and save the file with an .asc extension. The next step will be to import the public key. To do so, open GPA and click on the Import button on the screen. You will be prompted to select the file from which you want to import the public key. Select the file and click on the open button. You will receive a message about the keys read. Click the Close button on the message. The key will now be displayed on the Key Manager screen.
13. Next, create any text file with the message you want to send and encrypt. Now, click on the Files icon on the GPA screen. This will open the file manager.
Click the open button on the File Manager screen and select the file you created in the step above. The file will be listed on the screen.
[For an alternative method to encrypt and decrypt files, refer to Appendix B].
14. Select the file from the screen and click the Encrypt button. Select the public key of the person to whom you want to send the message. Check the Armor checkbox. Doing so will save the encrypted file with an .asc extension and this will allow the file to be opened with any text editor. You will however see only numbers and letters. If Armor box is unchecked, it will save the encrypted file as a .gpg file, which is a binary file and cannot be viewed with a text editor.
15. You can now email this encrypted file to the student to whom you wanted to send the message and whose public key you used to encrypt the file. Also, send an encrypted file with a message to the instructor.
16. Next, to decrypt the email attachments sent by other students, save the attachment/file on your system. Then, again open GPA (if it is not already open). Click the files icon on the screen. Click the open icon and select the file to be decrypted. Next you will need to enter the passphrase on the screen that appears. This is the same passphrase that you used to create your key pair. Private keys are always used to decrypt the encrypted files that others send to you using your public key. After you enter the passphrase you will see another file but without the .asc or .gpg extension. You can now view the contents of this file. This is the original file/message that the sender sent to you.
Open the folder “C:\CISLabs\EncryptionLab” on WinXP VM. Next, open the ‘Keys for Exercise’ folder and open the files in the folder using any text editor. Open the files in order so that you can notice the difference between them (Starting with the file called Art1024.asc). Notice how the key size is different in each file. We can create keys with different sizes and the larger the size, the stronger the encryption.
Shutdown WinXP VM and Log off Windows‐7:
1. Shutdown WinXP VM: i. Close GNU Privacy Assistant (GPA) window and any other open terminal/window on WinXP
VM. Then Shutdown WinXP VM. 2. Close VMware workstation window. 3. Log‐off Windows 7.
Appendix A Name:‐ Lab instructor Email ID of the lab Instructor: ‐ firstname.lastname@example.org The Public Key of the Lab Instructor:‐ (Also on blackboard) ‐‐‐‐‐BEGIN PGP PUBLIC KEY BLOCK‐‐‐‐‐
Version: PGP Desktop 10.0.3 (Build 1)
‐‐‐‐‐END PGP PUBLIC KEY BLOCK‐‐‐‐‐
Appendix B Alternative Method to encrypt and decrypt files (instead of using the File Manager in GPA):‐
1. Right Click on the file to be encrypted or decrypted and select the Sign and encrypt option
from the context menu when you want to encrypt the file and Decrypt and verify from the context menu when you want to decrypt the file.
2. When you click on Sign and encrypt menu option to encrypt the file, the following screen appears:‐
Select the Encrypt option to encrypt the file and click the next button. You can check the Text output (ASCII armor) checkbox if you want. Doing so will save the file with an .asc extension and this file can be viewed using any text editor. Not selecting that option will save the file with a .gpg extension, which is the binary file and cannot be viewed with a text editor. On the next screen that appears select the public key of the person to whom you want to send the encrypted message and click the add button. Next, click the Encrypt button. The following screen will appear. Click on the Finish button to close the window.
3. When you click on Decrypt and verify menu option, the following screen appears:‐
Click on the Decrypt/Verify button. You can change the folder where the decrypted file will be stored by clicking the browse button next to the ‘Output folder’ field. Next, you will be asked to enter the passphrase to be able to decrypt the file. Your file will be decrypted and stored at the location you specified.