Lab – Asymmetric Encryption

Important: To receive full credit, you must complete Part 1 of the lab by the day marked in the calendar, which entails generating a PGP keypair, uploading your public key to a keyserver, and submitting your key's fingerprint on Canvas. This is required for the PGP key signing class activity.
I recommend using the tools in the Windows VM for Part 1, although you are free to install GPG on your own machine.

Part 1. Install PGP and Create a Public-Private Key Pair

On the Windows 10 VM, open the app Kleopatra. This is an app that interfaces with gpg, allowing you to create and manage gpg public/private keypairs.

Do the following:

It is important that both your identikey and first.last email variants are tied to your key, so that you can get credit for this part of the lab. If you forget, you can add and then re-export, and your key will be updated on the keyserver... eventually.

Part 1 deliverable

In summary, using Kleopatra,

Q: Why do we need a 4096-bit key? Isn’t that overkill?

A: To better future-proof your key, Generate a 4096-bit key, not the default 2048-bit one.

History Lesson: Edward Snowden originally reached out directly to Glen Greenwald, seeking to leak the NSA documents. However, Greenwald didn’t have a secure communication method such as PGP. So, Snowden made him a voice-obfuscated how-to video, for doing the same things that you are doing. Greenwald blew it off, because seriously who has time for the usability mess that is PGP. Eventually, Greenwald’s friend and journalist, Laura Poitras, arranged for Greenwald to meet Snowden anyway. Watch Snowden’s tutorial video to Greenwald here!

Part 2. Understanding Asymmetric Cryptography

  1. Key Exchange Problem. Imagine 200 people wish to communicate securely using symmetric keys, one symmetric key for each pair of people. (See Metcalf’s Law).

    Question: How many symmetric keys would this system use in total?
  2. RSA keys vs AES keys

    Question: Does a 256-bit RSA key (a key with a 256-bit modulus) provide strength similar to that of a 256-bit AES key? Explain.

    Note: www.keylength.com gives estimates for good key lengths. Here’s a tip for interpreting that site: If you were to select “Compare all methods”, and then enter the year “2030”, the “Method” column means “group that makes recommendations using their method” (recall that NIST held the competition that resulted in the AES winner being selected). “Date” means how long you’ll be secure until. “Symmetric” means the minimum keysize you would need to be secure for that long using a symmetric method such as AES. “Factoring Modulus” means the minimum keysize you would need to be secure for that long using an asymmetric method such as RSA.

Note: To help you answer the following questions, view this “RSA Algorithm” video. Also, you can review the RSA wikipedia page example
  1. Complete encryption and decryption using the RSA algorithm, for the following data (show all work): p = 5, q = 11, e = 3, M = 9. Also:

    Question: What is the ciphertext when performing RSA encryption with p=5, q=11, e=3, M=9?
    Question: Show all work for encryption and decryption
  2. You are Eve. In a public-key system using RSA, you intercept the ciphertext, C=10, sent to a user whose public key is e=5, n=35. You grin – an evil, knowing grin.

    Question: What is the plaintext `M`?