CIS 458 Lab 1: OpenSSL Encryption


This lab is to be done individually. Although you may discuss with other students, your answers should be your own.


Part 1: Symmetric encryption with OpenSSL

What to turn in: For this part, turn in answers to the questions.

The openssl program can perform a wide variety of cryptographic operations. It is installed on all computers in the eos lab. Extensive documentation is available through the man pages, and through the program itself.

The openssl enc command is used for encryption and decryption. A full explanation of all of the options for this command is included in the enc man page.

First, let's encrypt a file. You will need to create a small text file to perform these commands on. It only needs to be a few lines of text, enough to be several aes blocks. Make the file more than ten but less than hundreds of lines, or try using the source code to a program you have written. I'll assume it is called testfile.txt.

To encrypt the file using 128 bit aes in electronic codebook mode (each block is encrypted independantly), the command is: openssl enc -aes-128-ecb -in testfile.txt -out testfile.txt.aes -K 'E33202510575DF98CD66D5F35A1915D0' -iv '582221FEB84119C54FC41FBED8E9D778'

While you are not yet expected to understand all the terms used, briefly this command is doing the following:

The key and IV can be any hex string of appropriate length. They are often randomly generated. Use the same key and IV for each command in this section.

  1. You should be able to decrypt the file with a similar command, but including the -d option to decrypt, and making a couple other small changes. What exact command did you use?

You can use the xxd command to get a hex dump of your encrypted file (you will have to pipe the output to another file). Modify one byte somewhere in the middle of the hex dump, then use xxd -r to convert the hex dump back to a binary file. Now, try to decrypt the modified encrypted file.

  1. What is the extent of the effect of the ciphertext modification on the plaintext? Explain your observations.
  2. Can you figure out a way to change the ciphertext to produce a desired (specific) modified plaintext on decryption? If so, explain how. If not, explain why this is difficult to do.

Now, make a copy of your plaintext, but try changing (replacing, not adding or deleting) a couple characters in the middle of it. Encrypt the modified version, and compare the result with the encrypted original version (it may be easier to compare hex dumps of each).

  1. How does the ciphertext (encrypted file) from this encrption differ from the ciphertext based on the original plaintext (what is the extent of the differences)?
  2. Repeat the above exercise, only this time encrypting and decrypting using aes-128-cbc. What differences do you observe in your results? Does this difference seem important for security? It will be explained in lecture.

Part 2: Public key encryption with OpenSSL

What to turn in: A listing of the exact commands you used to accomplish the tasks below.

Now that you have some experience with openssl, I will provide less details. It will be up to you to figure out the exact commands. This time we are using public key cryptography. This is only designed to operate on a small amount of data, so run it on a very small file.

Complete the following tasks:

  1. Generate a RSA private key and save it to a file. The command you should be using is openssl genrsa
  2. Generate and save a corresponding RSA public key. The command needed here is openssl rsa
  3. Encrypt a file using your RSA public key. The command needed is openssl rsautl
  4. Decrypt the file using your RSA private key. Verify that the output matches the original.