1 / 8

Public / Private Key Example

Public / Private Key Example. Dan Fleck CS 469: Security Engineering. 1. Today. Hands-on exploring OpenSSL Install OpenSSL Generate a Public / Private keypair Send a “confidential” message to someone else in class Send an “authenticated” message to someone else in class. 2.

kane
Download Presentation

Public / Private Key Example

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Public / Private Key Example Coming up: Today Dan Fleck CS 469: Security Engineering 1

  2. Today Hands-on exploring OpenSSL • Install OpenSSL • Generate a Public / Private keypair • Send a “confidential” message to someone else in class • Send an “authenticated” message to someone else in class Coming up: Install OpenSSL 2

  3. Install OpenSSL • Windows Users: • http://www.openssl.org/related/binaries.html • Mac OSX: • Use MacPorts or Brew to install • Linux: • Use your package manager if you don’t already have it Coming up: Generating a Public/Private KeyPair 3

  4. Generating a Public/Private KeyPair • Generates the keypair into a PEM formatted file • opensslgenrsa -out fleck.pem 1024 • Get the public key out: • opensslrsa –in fleck.pem –pubout > fleck.pub • You can see your private key if interested by: • opensslrsa -in fleck.pem Coming up: Encrypt a file with your public key 4

  5. Encrypt a file with your public key Encrypt dan.txt into an encrypted file: dan.enc: opensslrsautl -encrypt -pubin -inkeymykey.pub -in dan.txt -out dan.enc Now this file can be read only with the correct PRIVATE key. opensslrsautl -decrypt -inkeymykey.pem -in enc.txt -out plan.txt Did this preserve confidentiality or authenticity of the file? Coming up: Sign a file with your private key 5

  6. Sign a file with your private key • Sign the file: • opensslrsautl -sign -inkeymykey.pem -in dan.txt -out dan.sig • Now anyone with your public key can verify that it was signed: • opensslrsautl -verify -inkeymykey.pub -pubin -in dan.sig • In reality we hash the file and only sign the hash: • openssldgst -sha256 dan.txt > hash • What are the remaining steps to send it? • What are the user’s step to verify the authenticity of the message? Coming up: Sending a signed file 6

  7. Sending a signed file • Send the original plaintext file • Send the signature • Send the signature algorithm (sha256 in our case) • Send your public key (typically this isn’t emailed, it’s posted into a public location) (e.g. http://pgp.mit.edu/ ) Receiver verification of the file • Retrieve the hash from the signature file (openssl –verify…) • Compute the hash yourself on the original file (openssldgst …) • Ensure the two are the same Coming up: Lessons 7

  8. Lessons • Public / Private key pairs can be used for signing any type of file for authenticity • They can also be used for privacy through encryption End of presentation 8

More Related