2024/2025: Segurança da Informação (Information Security) - 1º MCI

8.Oct.2024

Practical work 3

Introduction to ciphering*

1. Google a bit for ciphering (or encryption) tools (and related conceptual information, if you want).
2. From your findings:
   • open for use some of the on-line tools;
   • if (somehow) you feel in trouble, try this suggestion:
     • The Cyber Swiss Army Knife, https://gchq.github.io/CyberChef/
3. Create a setup folder on your machine, with some text files for ciphering experimentation.
4. Run the ciphering software, trying different algorithms (AES, RSA...), with some plaintext content, and save the corresponding ciphertext. (Take care of the different formats, or representations, of data: Raw, Hex, Base64, ...)
5. Analyze the difference of data (plaintext and ciphertext) and the difference of parameters needed for the operation of the different algorithms.
6. Try to see what happens with ciphertext when the plaintext has blocks with same content (with ECB and with CBC).
7. Encipher some text and send the corresponding ciphertext to a colleague, by email. What information has to be known to your colleague, for her/him to be able to decipher the ciphertext? What items of that information are really sensitive?
8. Take some conclusions on the operational difference (keys, parameters...) of the different algorithms.

* cyphering, in British

.

(To be made after class and by oneself!)

(To be made after class and by oneself!)

(To be made after class and by oneself!)

Assessment 3

Assessment of Practical classes - ciphering

Using the (on-line) cryptographic tools that you have played with in your practical class on Introduction to ciphering, answer the following questions and send them in a short report, for evaluation.

1. Recover the original plaintext of the following ciphertexts (in hexadecimal)*, produced with the cryptographic algorithms and operational parameters shown:
   • AES, ECB, PKCS#5, 128-b key: "I am JohnDoe 007"
     ciphertext: "435aff6973853b7430427b620cb6c1fce17f928610ce97c63db9832a9756d668832c99622daf4acb64530c103d616701bcd27229cd02a96276a7d70b6718e5c3b1d9fff2500aa19e79a9b3ac8057f7a3bb8c6fd02b7686a0e1530861203967edd7b7c3a38e939787e2006b6059ea597e"
   • AES, CBC, PKCS#5, 128-b key: "I am JohnDoe 007", IV (hex): "25e6d984de740d14a205c42d5d9f9858"
     ciphertext: "f2cea2d9d8438c8a598a1b7f2a337a6e58a3fba95be9b4b97feb1f02f4c1729fe5c80a0f1d960704a2e2ac97f31c02aab2980e20b8dd1d309adfab5794eae47c05f67147a27fd939e2cf8d6268157bde12b283b20079db2707563521df6141f93d4b5794d6c1f0e2456285bca368ac85e7d246e53a9af22f61bebdfce5e18b1a7f733083cea3bd64fc42c28a0b8a89f625065fb30d7c891ed90844378e1fd04bab76ba590803f8788000827512d842ce0c4dbbf8dfbc1319047c065b30394432"

   (*) Note: quotes are not part of the data, just delimit it.
   Please, identify the cryptographic tool you used.

2. Recover the original plaintext of the ciphertexts in the named files (in binary, or "raw", format), produced with the cryptographic algorithm RSA with the public keys that match the private keys shown:
   • ciphertext in: "RSAcipher1024.dat"
     RSA , 1024-b private key (PEM): *
     

     -----BEGIN RSA PRIVATE KEY-----
     MIICXgIBAAKBgQCeN79yFboITNRnxLpUzxO+fnFysK8FqtE176e2CrqjSoyLldw2
     QD1LwV/AM3RL/T7/lUZYoxKEhiB4xb4nPrului+Vd336bQw48e6tGlPM9PmUNToc
     VWkhEpIaGiZym3ie1WIBgljsFIr605B2LBysEVV/+DOL+IOc/hi6owv2NwIDAQAB
     AoGALRH6YlhYFzczpp++6JvYpwJD9QTpxraDRFcRsmTaB9wbr0OwaG/iRis+yHSf
     42mvwYTXdjZ19vRyWZUS9wEC2N85TtwBHkg/uLRtPKjS8n7YOnytZTLXYLI68prD
     MobdkulmPYYXfR1ovjRnF9a2qQhtMvUWnRcYD9pnP0qaoDkCQQDP05c8HBZ8/WSo
     2LG2jFcg3EJaXcPYjgn2Dn4Nu5I2k+ktQqtryEeaeR2KjMNfQog6o4u0qINxou3r
     lywiNiMzAkEAwuRgj37f9L9hFYqGIfpX3pS87ImwHxvY7iSf9ed3CiDlqjDgLtKH
     T8S5BvT3w2y7GdCjO3jnIIZjJzJs810g7QJBAKK+5mqK8E1WvRHAB4KVadFwyoEr
     didKK6DE/o9QeJJGx83KrKSNxQzBlZGe44vgdP++fLOvVqeRWFEqI8RysqMCQQC4
     9Ov+wrXgHFASlWg+jssdXaL+CJ2wqEjzmKaGRKjgX+AV6FSZmwr3VQcT5x/Lw0C9
     exeutUsDvwYSiPSE8XjxAkEAgVQsoAwqkfSnvs+3tbZDs/GDdigYhJ5r7azOeGTK
     bVrmSdIJckU44mkMdQ7b8hLqTDxL4BQkRHagC9Ql7A/4Mw==
     -----END RSA PRIVATE KEY-----

   • ciphertext in: "RSAcipher4096.dat"
     RSA , 4096-b private key (PEM):
     

     -----BEGIN RSA PRIVATE KEY-----
     MIIJJwIBAAKCAgEAy7aY0JgsgXc5+Dx/fJqlr/yt9n5wirIJUuDRSEi+GUQv2IQL
     BlPR1UKXRmg90JApgOkNUmSvJC2TVTV9TlkgY07ccSYr4x1Lf8PglbzshwNmdxSc
     NnYu9J85lkBqB563NSaahty9Kq91RHeh3F80oalIMoPi63zmbpL9KjJYw7zIfbba
     ilPhth1SwOFixErT1/6gbupOWFBwtzss7+HkzBPL1OatGfs0Zm3i+K4mWaahUd33
     WBn3sWXH8iBLFo8S21ho3rWoIieQCEte5LbgLXrWyyS6sRrwJhXJ3NO+I4fcJN9W
     +MSnmlrEQvQtNdnPDsMSoMIuOVx8Fc97jJZ3hIzeQx1CdQ18dlCvp60yXHuuEcAw
     vN66ul0kDQwWVjdMjcN4MxMOnFjlTguZXtMP4M2S5QpTPCPCyB9vGHEoVt7exko9
     3WZ1Wlo0AFOrals4O7rL39NpLacMkegcT+G7m7qjOci1dTfsx2olqi1tboXslvEz
     HG8NM/x6ja0EpkCMIxr1y5Mw3c938yT8qUK97EVoQOPMZv9Xi9m3ZRAstqxJE4vt
     XtVk+3cnw4zAjSe131iUs0dfU9CmL47Ar9VSodAie7T/XhxaLC8+QllGqTnOGNa5
     X4XJNS2IV05HWJEKRPPFCgG1UJqgOfTvEHno+/2OA4Xk4ZK/Url6KeHfgzsCAwEA
     AQKCAgAWAKpfuVfxQdXmjG4+oJttty549a4lJNah93tTQdwacYVzbsucCtianp8l
     MSQgDzoUXNeeAxbxouSLawQWPsUjRMTFidhqpuLdMWRj9+xaJtFd4kF/FmO68ymu
     o1VwbkGegYVmNJhP8HSLiRpX6YaPQW/1WM5dHffrkH+8m4R/27eR8HqJP0cdOuyR
     vaZDyks4RJ3CbRc6LbIG8GLJpA3oxuiYnbOrnzjJKWw+7NxiiX9aDs3k26UnqXUf
     n0JM9PYV7+Yfy+IVkk1Zv/5HWMM81kw108lAUMcIbgkIC2y5fLaX2vGTW/Y4Uz5o
     duQdMWHOV95+s4p3kpgqaOcQx72vxzsST+i3GSRxMWFrDPuclJRKq4WyBm1yyOWT
     5TiaBQJI88BCLN+Jc+IoeUNtkaAuN1ekDDocWV6ljXpAd9MAo6yHTWtHsf6Ca1qH
     84Nlc/dmxRW/2WghXbqREJ452GimkLaqBqHzgsfBjTtHkxY3o7AQwyFkL7JS2PCK
     Ob8+5FYpM+sjXBJvxT+hF7QgiqU9eGLhqh5Lq9NkJFZO10hL60vkIZwL4O9DbVEv
     pfk9VrpXcOun6bW/DvxCoGZygX/9LJuc6M91Gz5HxNRQSxVT+3uIUM6jTNTnmHBl
     qLdO8fo+irWLocWVbSuoYGBQ3k767TtcongV28RuGdNiV7F2iQKCAQEA/9C3RGjH
     QZHedNSC2TMaiAV3qbBWNqZkpYDkidGzGFoHJTBVXdJCl83954uTXCIqAz2DWFO8
     0GJzoFBtp7JHnUmdhehrZipvQlRgCBxeav5nEQOtP0DSOavfljMYOu8OhSveHsHA
     SPOVwwfZcHOiMX29IDTRLrlppQSgo1L1FJ2vUJ5u1CYTenkmq72Bxw0NOmiNml6a
     AHboAna6SS6bycu6lgzDSkk0kCHZUSscvB36/FX6dUnrjU6YF2XkpavQg0EsQseg
     cOGnVe2CkI0kVglfroAiuBjC0IQlWDimW4n2b12R3ZJeeqx0CDmLFCjm1VLtFMst
     0T86mU+8V1+qQwKCAQEAy9xAK7SN6+dTfmGhCxcELHGRCPr7w5ECSc5+EQPNGv6I
     yXSD9Sa2LdHX9uwmBZyna0bYz/SptniLwOT8DIODvXHTeL6Aw9WCTsHL35dUcBPU
     dvyDjGabVmDwaPlrx56j1ePBrVD0inV3RcObTtcWvpco1OlqMB/orN7RqwNQOd8Z
     Ncu3QwTK4smDmv/kKyzvHTa07rCydqy0/kcB/O3Stl/I1um4yL+BOdtd+c1XGvke
     KXbyovjKViMJ46Hvcb6y5j/GYV6IIxfrZKjTn/F7vyHEaRa2nHXJ0WqdAgwtQMKP
     1ZyHxXuQJG8K8inEcrikXcOQeLSSEpwlR+BaqN4fqQKCAQAvRhPICZDg9iLk9iyk
     FMSPZGtDqXmVKdSpnRMewOjW1DRD1BXCe8ugoAmO04VM3mdjJ+fw17Cp1bfGZXaO
     Ke0ADQ2WJGhMfgUHfe4tMYjlPtQvGb3XVZRD4hY0fIa6xViqlXu7tVRiZtlDLF0r
     YcMUYEcl/3y0pMD4JM3GwNrXj3hJbq3OeKba2C6kSCYGccwDAjVA1MCi21ZutiAg
     zAMwHH0Do6InRTX4eLjfPhdWUDgEj6L0L8/e0ipbEJJbZ0/mIZIbWSa2FY1F3Nlm
     +x4+5AaRic5gtPqza+g20Gk1u14WIHWHO7hH9TyQFIo2FITr4SI82HtEEuoyUMDe
     aKhfAoIBABi3iahC6foyP/NQzv/TOJRS6KzYEXJywH5GZQ6XEWU2e0tBr0Yn/Wqs
     yKyNkUaY6cud+WetWG5hS0CGAvFZeL2dcXBwWJhl6Li30oo3hOtZ3CbZEvIQ9sCQ
     XFW9+A1p9J9YUAE9kYjAGUgCIXB7r6xIE5FNA6z2EXX0RiOf8TgzDpFxM7USfa7l
     k+lVIUsC1bMLEQDnt5uf8Qnrfhg2lZe7IVS9XcQpQ/fJ2ykQdoE0ty172Itd8tpi
     wS4yUh/OaU51aQ4hMgxfOBEqTw5TbxeLdo7vTBDIT0Hu1T6MT2hMrrfNlMCi7KUe
     OYuG+OSX8oXT0k5wRk2vVO3UC+nxlJECggEACiqbMvJyT5Y+ouwmK+qm0s8wYPax
     4Xn6hdHrH5n5//Ep9dXohgxJoB70gEYpt0q02NHG4PucSRIzq6ZSSk9kocqOpQJT
     21qKbnQ/KdoDAhaa6/o8QnAOh3Z8hMjzOL1UPbvUotsdnkpFtS0SvDFQzW+Zmy3G
     kT2tiAkbMXhkxF0O1/4lPmkwQK2cRCvjZFs6NYxzf0g+IeDqUKjMNwhC7NrSLwI5
     ahd17JrVjuAhxEgeWAQJe3hWmKntWk7N4shnBFIlX8FTWSeU4bO6VG8neVGtzEi2
     5x4x0Yb9H2a70l+pvHRSDrMH00/eXQOFM/WXO82g6xl1J4nEIsB8PtNU4Q==
     -----END RSA PRIVATE KEY-----

   Please, identify the cryptographic tool you used.

3. Do you have some comments, about what you have done and noticed?

* The "numeric" format of RSA keys as shown in cryptography class (e,n) or (exponent, modulus), can be seen with specific tools.
For instance, with openSSL: openssl rsa -in RSAkey.pem -text -noout .