Tasks

This homework is assessed. You need to use OpenSSL to perform the following steps. I will test using OpenSSL version 1.0.1 14 Mar 2012 on a virtnet node. Therefore I suggest you perform the steps on a virtnet node. In files/text below, replace ID with your actual student ID.

Generate your own RSA 4096-bit key pair. Use the default public exponent (65537). View and save your key information (you will need it in later homeworks). (Example with RSA)
Extract your public key and submit it on Moodle as the file pubkey-ID.pem. Make sure your private key information is NOT included.
Create a Bash shell script that contains all OpenSSL commands you used on the terminal in the previous steps, as well as the following steps, and save them in a text file called commands-ID.bash. You should copy-and-paste the actual commands you used from the terminal as I may use the exact commands to test your submission. As this script contains commands from steps 1, 2, 4, 5, 6, and 7, you should run those commands first and then put them in your script file, then do them again using the final script. (Example below)
Sign your Bash shell script using SHA1, saving and submitting the signature as sign-ID.bin.
Generate a 256 bit random value to be used as a secret key. Store the key as a 64 hex digit string in a file key-ID.txt. (Example with 128-bit, 16-Byte random value)
Encrypt your Bash shell script using AES-256-CBC and the key generated in step 5. Use an IV of all 0's (i.e. 32 0's). Save and submit the ciphertext as ciphertext-ID.bin. (Example with AES-128-CTR)
Encrypt your key-ID.txt file using RSA to send confidentially to Steve (public key), saving and submitting the ciphertext as secretkey-ID.bin.

You must submit four files on Moodle: pubkey-ID.pem, sign-ID.bin, secretkey-ID.bin and ciphertext-ID.bin. In addition you must keep your own private key information (but do not submit it). After the homework deadline I will decrypt your ciphertext and verify your commands.

OpenSSL

There are examples of most of the commands you need to complete the tasks in my description of public key encryption with OpenSSL. Note however you may need to make small changes - you cannot necessarily copy-and-paste the exact commands. Examples of generating the random key and encrypting with AES are in my simple introduction to OpenSSL.

Bash Shell Scripts

A Bash shell script is just a text file containing a set of commands that you run on the command line. However the first line of the file must start with:

#!/bin/bash

Comments can be included by starting a line with #. The Bash script can be executed by typing:

$ bash scriptname.bash

executing all commands in the file. The following is a simple example:

network@node1:~$ cat randomkey.txt
d76fed4e2f464156
network@node1:~$ cat examplescript.bash 
#!/bin/bash
pwd
ls /
# This line is a comment
echo "hello"
myvariable=`cat randomkey.txt`
echo "My variable is: $myvariable"
network@node1:~$ bash examplescript.bash 
/home/network
bin   etc      lib          mnt   root  selinux  tmp    vmlinuz
boot  home      lost+found  opt   run   srv       usr
dev   initrd.img  media       proc  sbin  sys       var
hello
My variable is: d76fed4e2f46415

FAQ

OpenSSL version and Mac: I have a problem with openssl cause its version is lower than version 1. How can i fix this problem?

You can use OpenSSL direct on Mac OSX (instead of using Ubuntu in a virtual machine with virtnet). However be aware of minor differences across versions. I will use OpenSSL v1.0.1 to test. Last year, OpenSSL 0.9.8 on Mac OSX worked ok, and later versions should also be ok. Some differences are discussed here.

Base VM: I cannot add the base to the virtual box . Can you give me some advice for this?

If you have added Base VM in the past, and try to add it again then there may be an error if you didn't fully delete the old Base. Check the directory in which your VirtualBox virtual machines are installed and make sure there is no mention of a base directory or files before adding.

Accessing Nodes: How do I copy my files from the virtnet node to my desktop?

Some alternatives are described here. In particular, on Windows you can use WinSCP and then connect to the server where the Hostname is "localhost" and the port number is "2201" for node1 (and "2202" for node2, "2203" for node3, etc).

No computer: I don't have a computer or don't want to setup virtnet/VirtualBox on my computer. What can I do?

Virtualbox and the virtnet software is already install on all computers in the Network Lab (ground floor of IT/MT Building). The Ubuntu username is student and so is the password. Open a terminal, then "cd ~/svn/virtnet/bin/host" and you can then run "bash vn-createtopology 1". Note however that when you reboot the computer you will lose all files, so I recommended copying the VM image to a USB disk if needed .