Cryptography

Symmetric vs. Public

• Cryptography
• Standard Encryption Methods
• Algorithm and Key

Symmetric-key Cryptography

• Data Encryption Standard (DES)
• Advanced Encryption Standard (AES)
• Triple-DES
• International Data Encryption Algorithm (IDEA)
• Blowfish, Twofish, CAST5, TIGER

DES

• 1977 National Security Agency, USA
• 56 bit key (8 ASCII characters)
• 64 bit block
• 16 rounds Feistel function (F function)
  • see

Unix Password and DES

• (Password + Salt)==(key&text) -> Encrypted Password
• see (Basc Authentication)
• PUxTsbPmLPw5s -> salt="PU":

     >>> import crypt
     >>> crypt.crypt('12345678', 'PU')
     'PUxTsbPmLPw5s'
  

How to use DES encryption on Mac OS X

• Use openssl
• Which is installed in /usr/bin/openssl
• Create some plain text (plain.txt)
• openssl enc -des -in plain.txt -out des.dat
  • Prompted for the symmetric key (password)
• openssl enc -des -d -in des.dat

Try Other Symmetric encryption

• Issue unknown command for openssl and get cipher commands
• aes128, aes192, aes256, bf, cast, cast5, des3, rc2, rc5

Message Digest / Hash

• Like DES password, one-way encryption
• For long message, short and (almost) uniq value
• MD5
• SHA1
• MD4, MD6, SHA0, SHA2(family) etc.

Try Hash

• MD5:

     $ md5 plain.txt
     MD5 (plain.txt) = 37dc0b726db8aba5c32f256719894fa5
  
     $ openssl dgst -md5 plain.txt 
     MD5(plain.txt)= 37dc0b726db8aba5c32f256719894fa5
  

• SHA1:

     $ openssl dgst -sha1 plain.txt 
     SHA1(plain.txt)= 03172a67a9770f970e7d74af06cdb6903d5a91f2
  

Public-key Cryptography

• RSA
• Modular Arithmetic
• Fermat's little theorem

RSA

• two primes (p, q)
• n = p q
• d e = 1 (mod {(p-1)(q-1)})
  • Extended Eucleidean algorithm
• Encryption : c = m^e mod n
• Decryption : m = c^d mod n

RSA Key by OpenSSL

• Key generation:

     $ openssl genrsa -out key.pem
  

• Public key extract:

     $ openssl rsa -in key.pem -pubout -out pubkey.pem
  

Encrypt/Decrypt

• Encryption:

     $ openssl rsautl -encrypt -pubin -inkey pubkey.pem -in plain.txt -out rsa.dat
  

• Decrypton:

     $ openssl rsautl -decrypt -inkey key.pem -in rsa.dat
  

Sign

• Sign:

     $ openssl rsautl -sign -inkey key.pem -in plain.txt -out sign.dat
  

• Verify:

     $ openssl rsautl -verify -pubin -inkey pubkey.pem -in sign.dat
  

Pretty Good Privacy (PGP/OpenPGP/GnuPG)

• Easier operation for personal use
• See here
• Or, here

Quiz of the Day

• Which key do you use to do followings, private key or public key ?
• Encrypt a message
• Decrypt the encrypted message
• Sign a message
• Verify the signature