CSCIx250-F15 Assignment 3

Assignment 3: Public Key Crypto

Narrative:
You live in a country where freedom of speech is not always granted. As such you need to learn how to send emails securely. Unfortunately, you email provider does not provide you with ready-to-use tools to encrypt your emails, so you will have to do this "by hand."

Assignment Goals:
In this assignment, the goal is to learn how to use public key cryptography to secure network communications.

Description:
You will need to interact and exchange secure emails with our TA using GPG. You need to do everything on your VM's command line, by following the steps below:

Step 1: Generate your own 4096 bits RSA key pair, with an expiration date of Jan 1, 2016; use your UGA email as ID. Submit your (ASCII armored) public key.

Step 2: You are given a course public key (see link below), for which you need to verify its fingerprint, trust fully, and sign. Export and submit the resulting signed public key (ASCII armored).

Step 3: You will be given a message encrypted with your own pub key; you need to decrypt the message, "detach-sign" the resulting plaintext, and submit both the original plaintext message and the signature (ASCII armored) in two separate files.

Step 4: Concatenate the message derived in Step 3 with your name; encrypt the result with the course pub key, and submit the (ASCII armored) ciphertext.

Step 5: Use the plaintext message obtained in Step 4; Encrypt the message using 3DES with the following symmetric key "Email Security"; Detach-sign the resulting ciphertext and submit both the ciphertext and signature files (both ASCII armored).

Hints:
GPG should already be installed in your VM.
Use sudo apt-get install haveged to help with increasing entropy for key generation.

Grading:
This Assignment is worth 10 points (two points per step).

Course key:
The course public key fingerprint is: 2D7F F441 4CBA 70B6 C7B2 3AA6 F003 A60A 476D FB05
Download the course public key from here.

Solution Submission::

1) Name all files using the following format, and submit it via nike, under a directory called "Assignment3"

Plaintext files: YOUUSERNAME_stepX.txt
Pub-key ciphertext files: YOUUSERNAME_stepX.gpg
Signatures files: YOUUSERNAME_stepX.sig
Symmetric-key ciphertext files: YOUUSERNAME_stepX.sym
README files: YOUUSERNAME_stepX.readme

2) For every step, create a README file (named as indicated above) that contains the sequence of GPG commends you used to complete the task at hand. For example, for Step 4, I would create a text file called perdisci_step4.readme that contains the list of commands I used to encrypt the plaintext using 3DES and to detach-sign it.

3) ONLY FOR STEP 1: besides submitting the necessary files via nike, also send your (ASCII armored) public key to <abbas@uga.edu>. This will allow you to receive the encrypted message for Step 3.