Public Key Encryption

Class Lab 8-1: Part 1 - Public Key Encryption

COUNTERMEASURES AGAINST CYBERATTACKS

ASYMMETRIC CRYPTOGRAPHY

PUBLIC KEY ENCRYPTION

Lab Description: For this lab you will work with a partner to implement asymmetric encryption using Gnu Privacy Guard (gpg), an open-source implementation of Pretty-Good Privacy (pgp).

There are two parts to this lab. You’ll first practice encrypting and decrypting messages independently, and then you’ll be asked to apply that skill to sending/receiving messages with another group.

Below we will take basic steps to:

1) create a public/private key pair

2) encrypt a file using our own public key

3) decrypt it using our own private key

In Part 2 you will practice sending and receiving secret messages with another group

Gpg has many more features and options than are covered in this lab. Review the manual (gpg --help) page for the gpg utility for more details.

Lab Environment: This Partner Lab uses Kali Live from the bootable Thumbdrives

ENVIRONMENT SETUP

On one of your PC’s - plug the thumbdrive into the USB port. Reboot the computer - and press F10 as the Intel NUC screen appears

• Select UEFI Vendor Product Code

• Then Select ”Live Kali (amd64)” to boot to Kali

EXERCISE 1: CREATING ASYMMETRIC KEYS

In this first part of the lab you will use the gpg tool to encrypt and decrypt your own message using your own public and private keys. Gpg is included in Kali Linux, so nothing needs to be installed.

First, we have to create an encryption key

$ gpg –-gen-key

Depending on your system, follow the steps below, adapting as needed.

● You may be prompted for a key type (this is used to select the encryption algorithm for the keys). The default is RSA, simply press enter to accept the default.

● Next you may be prompted for a key length. 2048 bits is the default and is generally accepted to be sufficiently long (although if you need your data to stay secret well into the future you can select 4096). Press enter to accept the default key length of 2048.

● Next you may be prompted for your key expiration. Press enter to accept the default (key never expires). When asked ‘are you sure’, enter ‘y’ and press enter.

● You will be prompted for a real name. Use any name you want, but remember it (must be at least 5 characters).

● Enter an email address (and remember what you entered, you’ll need it later on - using your mymail account is probably best).

● You may add a comment or press enter to skip.

● The final prompt gives an opportunity to make any changes you would like to make. Enter ‘o’ (Okay) and press enter.

● You can enter a passphrase for your key or you can leave the passphrase blank and press enter. If you enter a passphrase, be sure to remember it for later. It is recommended to use a password.

If you decide not to use a password, you will have to navigate through the warning and confirm that “Yes, protection is not needed.”

· You might need to move your mouse around, open up a web browser or perform some other action to help generate random numbers through entropy.

Once complete, you should get output listing a public key fingerprint (next to the pub tag) and some other data.

EXERCISE 2: ENCRYPTING A MESSAGE

We’re now going to encrypt a file. We need a text file to encrypt, so that’s the first step.

1. Create a text file.

To create a file:

Launch TextEditor from the Kali start menu (dragon icon in upper left)

Enter in some text. Then save the file and exit TextEditor (make sure to pay attention to where you save the file).

2. Now we’ll encrypt the file using our public key. Be sure you are in the same directory as your new text file and encrypt it as follows. Use the same email address used above when you created the keys.

$ gpg –e –r your-email-address textfile2.txt

A new file will be added with a .gpg extension. Use ‘cat’ to examine the file. It should be unreadable.

EXERCISE 3: DECRYPTING A MESSAGE

Use gpg to decrypt the file using your private key (delete the old file first).

$ rm textfile2.txt

$ gpg -o textfile2-decrypt.txt -d textfile2.txt.gpg

If you used a password to protect your key (recommended!), you will have to enter it now.

Then your unencrypted file should be restored! This file is stored in the filename that you passed as a parameter after the -o (for output) flag. In this case, it was textfile2-decrypt.txt.

$ cat textfile2-decrypt.txt

SUBMISSION: Take a screenshot of your terminal window to this point for your submission demonstrating that you have encrypted AND decrypted the message.