Coming up Today Public Private Key Example Dan

  • Slides: 8
Download presentation
Coming up: Today Public / Private Key Example Dan Fleck CS 469: Security Engineering

Coming up: Today Public / Private Key Example Dan Fleck CS 469: Security Engineering 1

Today • • Install Open. SSL Generate a Public / Private keypair Send a

Today • • Install Open. SSL Generate a Public / Private keypair Send a “confidential” message to someone else in class Send an “authenticated” message to someone else in class Coming up: Install Open. SSL Hands-on exploring Open. SSL 2

Install Open. SSL • Windows Users: • http: //www. openssl. org/related/binaries. html • Use

Install Open. SSL • Windows Users: • http: //www. openssl. org/related/binaries. html • Use Mac. Ports or Brew to install • Linux: • Use your package manager if you don’t already have it Coming up: Generating a Public/Private Key. Pair • Mac OSX: 3

Generating a Public/Private Key. Pair • Generates the keypair into a PEM formatted file

Generating a Public/Private Key. Pair • Generates the keypair into a PEM formatted file • Get the public key out: • openssl rsa –in fleck. pem –pubout > fleck. pub • You can see your private key if interested by: • openssl rsa -in fleck. pem Coming up: Encrypt a file with your public key • openssl genrsa -out fleck. pem 1024 4

Encrypt a file with your public key Now this file can be read only

Encrypt a file with your public key Now this file can be read only with the correct PRIVATE key. openssl rsautl -decrypt -inkey mykey. pem -in enc. txt -out plan. txt Did this preserve confidentiality or authenticity of the file? Coming up: Sign a file with your private key Encrypt dan. txt into an encrypted file: dan. enc: openssl rsautl -encrypt -pubin -inkey mykey. pub -in dan. txt -out dan. enc 5

Sign a file with your private key • Sign the file: • Now anyone

Sign a file with your private key • Sign the file: • Now anyone with your public key can verify that it was signed: • openssl rsautl -verify -inkey mykey. pub -pubin -in dan. sig • In reality we hash the file and only sign the hash: • openssl dgst -sha 256 dan. txt > hash • What are the remaining steps to send it? • What are the user’s step to verify the authenticity of the message? Coming up: Sending a signed file • openssl rsautl -sign -inkey mykey. pem -in dan. txt -out dan. sig 6

Sending a signed file Send the original plaintext file Send the signature algorithm (sha

Sending a signed file Send the original plaintext file Send the signature algorithm (sha 256 in our case) Send your public key (typically this isn’t emailed, it’s posted into a public location) (e. g. http: //pgp. mit. edu/ ) Receiver verification of the file • Retrieve the hash from the signature file (openssl –verify…) • Compute the hash yourself on the original file (openssl dgst …) • Ensure the two are the same Coming up: Lessons • • 7

Lessons • Public / Private key pairs can be used for signing any type

Lessons • Public / Private key pairs can be used for signing any type of file for authenticity End of presentation • They can also be used for privacy through encryption 8