Hello, dear friend, you can consult us at any time if you have any questions, add WeChat: daixieit

Crypto Lab 3

ECE 576

Objectives:

1.   To understand and use symmetric and asymmetric key cryptography

2.   To securely exchange a file over an unsecure channel

Task 0: Install python (v3), python IDE, python cryptography

For this lab, you are going to need to have python installed on your laptop. If you already have this then you can skip this step.

1.    Download the latest python (v3) fromwww.python.orgfor your operating system

a.    Your SEEDs systems have python 2 but not python 3

b.    Your Kali has both, but you may need to update

2.    Follow the installation instructions for your system

a.    See:https://wiki.python.org/moin/BeginnersGuide

3.    For programming information:

a. https://wiki.python.org/moin/HowToEditPythonCode

4.    Install the python cryptography module

a.    Open a Terminal window (or Command shell)

b.   Type: pip install cryptography

i.   checkhttps://cryptography.iofor installation issues

5.    Download and install an IDE:

a.    IDLE: python ships with a standard IDE, IDLE, written in pure python

b.    PyCharm: www.jetbrains.com/pycharm

c.    Eclipse with PyDev:www.eclipse.org(my personal preference)

d.   Xcode on the Mac also supports python

6.    Familiarize yourself with the platform

7.    For this lab you also need openSSL for the backend to get access to the PK algorithms

8.   The python documentation is at:

a.    Main documents:https://docs.python.org/3/

b.   Tutorial:https://docs.python.org/3/tutorial/index.html

Task 2: Create and use Elliptic Curve public/private key pair

Now you will create a EC key pair.

1.    Create a python file

2. Import

a. from cryptography.hazmat.backends import default_backend

b. from cryptography.hazmat.primitives.asymmetric import ec

c. from cryptography.hazmat.primitives import serialization

3.    Set the backend

a. backend = default_backend()

4.    Generate a private key/public key pair for EC

a. private_key = ec.generate_private_key(ec.SECP384R1)

i.    Using the P384 curve

5.    Get the public key part

a. public_key = private_key.public_key()

6.    Encode the keys for serialization and saving, first the private key (which should be kept encrypted for security)

a. password = ‘hello’

b. pem_kr = private_key.private_bytes(

c.            encoding=serialization.Encoding.PEM,

d. format=serialization.PrivateFormat.PKCS8,

e.            encryption_algorithm=serialization.BestAvailableEncryption(password.encode())

i.    Encoding is PEM (Privacy Enhanced Mail), base64 encoded DER (Distinguished Encoding Rules) data

ii.    Format is PKCS#8  - private key serialization format (see RFC5208)

iii.    Encryption is provided by a built-in algorithm

7.    Now the public key (is not encrypted)

a. pem_ku = public_key.public_bytes(

b. encoding=serialization.Encoding.PEM,

c. format=serialization.PublicFormat.SubjectPublicKeyInfo)

8.    Save the results to two separate files (these will act as your keyring)

a.    Save pem_kr to ec_kr.pem

b. Save pem_ku to ec_ku.pem

9.    Make sure that you can reload these keys

a.    with open(kr_fname,'rb') as file:

b. private_key = serialization.load_pem_private_key(

c. data=file.read(),

d. password=password.encode(),

e.                backend=backend)

f. with open(ku_fname,'rb') as file:

g. public_key = serialization.load_pem_public_key(

h. data=file.read(),

i.                 backend=backend)

Task 3.2

Now we need to verify the signature.

1.    Create a new python file

2. Import

a. from cryptography.hazmat.backends import default_backend

b. from cryptography.hazmat.primitives.asymmetric import rsa

c. from cryptography.hazmat.primitives import serialization

d. from cryptography.hazmat.primitives import hashes

e. from cryptography.hazmat.primitives.asymmetric import utils

f. from cryptography.exceptions import InvalidSignature

g. from encodings.base64_codec import base64_encode

3.    Load and hash the data to be signed, from Task 1

4.    Load the public key from Task 2

5.    Load the signature from the signature file

a.    Remember to remove the start and end lines

b. Also decode the data from base64 back to raw bytes

6. Verify the signature

a. public_key.verify(

b. sig_data,

c. digest,

d. ec.ECDSA(utils.Prehashed(myhash)))

i.   The verify will raise a cryotpgraphy.exceptions.InvalidSignature if the signature is not valid

ii.   You can put the verify into a try to handle the exception

1. try:

a. <code to try>

2. except <exception to catch>:

a. <code when exception happens>

b. <except clauses may be repeated for more exceptions>

c. <or collected into one if effect is same for all>

3. else:

a. <code to execute is no exception happened>

Task 3.3

Now try to verify the signature for the alice2.txt provided using the provided public key.

Task 4: Combine the symmetric encryption of a file with a signed message digest

Combine your file encryption code from Crypto Lab 1 and Crypto Lab 2 with the code from Task 3 to create an encrypted and signed file. Note it’s better to encrypt and then sign as you can verify before having to decrypt.

Report

1. Statement of what was done for each task

2. All source code for each task

3. Screen shots of all operations for each task

Reference:

Python reference: https://docs.python.org/3/

Cryptography module reference: https://cryptography.io/en/latest/