Skip navigation
The Australian National University

Laboratory 4 - Cryptography

Aim

The aim of this lab is to discuss the material covered in the lectures on the Professional Ethics and Social Issues and on encryption schemes. It also gives you some hands on experience with encryption using applications available on the lab machines.

Discussion

Preparation

Please go through the slides and reading material for Tom's lecture, and the slides for the first three lectures on security. As well, go through pages 128-130 of the text book (Chapter 3, Network Security). Note down any questions that you may have and bring it up at the end of the discussion session.

  1. Do Question 1 of Tom's Study Questions.
  2. Bob wants to send a signed, confidential message to Alice. Discuss how he could go about doing this using cryptographic techniques? What are the pros and cons of your suggested approach?

Exercises

You will use two applications, md5sum and gpg in the lab session. You will need to run these from command line, so open up an xterm. Read the manual pages for these commands (use the command man) to find out about their usage. This online manual on gpg is also quite useful.

  1. Create a plain text file with some message in it. Use md5sum to generate a hash for this. Generate the hash again and make sure the two hashes are identical. Now change the file a little by, say, adding an extra space. Generate the hash again. Compare the two hashes.

  2. Use gpg to do the following (read the GNU Privacy Handbook for information about gpg):

    1. Encrypt the file using symmetric key encryption. Decrypt the file and make sure the two are identical (you can use the diff command for this purpose).

    2. Generate a public/private key pair. Keys can be saved to a key ring. Add this to your key ring. List information about this key and see what it contains.

    3. Encrypt the file using public-key cryptography. Decrypt this and check that the two are identical.

    4. Sign your file. Verify that the signature is correct.

    5. Exchange public keys with your friend. Encryt a message with his/her public key, send it and ask him/her to decrypt it. And vice versa. Do the same now, except that you encrypt the message with your private key.

    6. Send a signed message, generated using a hash function, to your friend and get him/her to verify it. Your friend will need both the message and the signature.

    7. Note that the message was being sent unencrypted, so that anyone who intercepts the message can read its contents. Now encrypt the message and the signature with your friend's public key and send it to your friend. He/she can then decrypt the message with his/her private key and then verify the message.

    8. You can play around with removing a key from the key ring, adding new keys, changing the level of trust and revoking keys. Note that revoke permanently revokes the specified key and that there is no way to undo this.

Updated:  Fri May 10 15:41:10 EST 2013 / Responsible Officer:   JavaScript must be enabled to display this email address. / Page Contact:   JavaScript must be enabled to display this email address.