Task 1: Encryption and decryption – Secgroup Ca' Foscari

As studied in class, symmetric ciphers provide two functions to encrypt and decrypt data. In this lab we use openssl command-line tools to perform encryption and decryption using the Advanced Encryption Standard (AES) cipher.

The first argument of openssl is a command that specifies what cryptographic action we are going to perform. For example, rand manages random numbers and enc performs cryptographic operations, as we will see below.

The first step is to generate a random AES (symmetric) key:

$ openssl rand -hex 16
090f93176b110bcc72e8c7461bb09de1

We are asking openssl to generate a random number (command rand) of 16 bytes (parameter 16), written in hexadecimal format (option -hex). The result is 090f93176b110bcc72e8c7461bb09de1. Of course, running this command different times will generate different, random output. In the following, we will use this key but feel free of replacing it with your own freshly generated one!

Exercise: try running the command multiple times to observe that it generates different random numbers.

It is easy to encrypt a message from the linux shell using openssl:

$ echo 'Security course is great!!' | openssl enc -e -aes-128-ecb -K 090f93176b110bcc72e8c7461bb09de1
U<?w?g??%?h?-???

?t??^?	?4T?

Explanation:

echo 'Security course is great!!' prints Security course is great!!;
| openssl enc -e -aes-128-ecb -K 090f93176b110bcc72e8c7461bb09de1 takes the output of previous command and computes the aes-128-ecb encryption on it. ecb stands for Electronic Code Book. It is a mode of operation that splits the plaintext into blocks (of 128 bits) and encrypt them independently;
option -e stands for encrypt, in order to decrypt it is enough to use option -d instead of -e.

Notice that the output is unreadable as it is pure bytes, with no hex formatting. Add | hexdump at the end of the command to see the output as hexadecimal numbers. Do not use hexdump for solving the following exercise.

Exercise

Add another | openssl enc... command on the same line that decrypts the ciphertext using the same symmetric key. You should re-obtain the plaintext sentence:

$ echo 'Security course is great!!' | openssl enc -e -aes-128-ecb -K 090f93176b110bcc72e8c7461bb09de1 | openssl ... (complete this part ...)

Security course is great!!

The full | openssl enc... -K command up to -K (i.e., without the actual key value) is the password for task 2!