Jordan University of Science and Technology

Network Engineering and Security Department

NETWORK SECURITY LABORATORY NES553

Encryption Algorithms and Modes

_____________________________________________________

In this task, we will use various encryption algorithms and modes. You can use the
following openssl enc command to encrypt/decrypt a file. To see the manuals, you can
type man openssl and man enc.

Please replace the ciphertype with a specific cipher type, such as -aes-128-cbc, -aes-
128-ecb, etc. You can find the meaning of the command-line options and all the
supported cipher types by typing "man enc".

We include some common options for the openssl enc command in the following:

Using PSCP command : the PuTTY Secure Copy client, is a tool for transferring files
securely between computers using an SSH connection.(use this command from
windows)

pscp source [user@]host:destenation

example:
pscp C:\Users\ram\Desktop\test.txt [email protected]:/home/justcbuser/test.txt
Task 1: Encryption Mode — Corrupted Cipher Text

To understand the properties of various encryption modes, we would like to do the

following exercise:

1. Download the file plain.txt from E-learning .

2. Upload it to your node using pscp.
3. Encrypt the file using the AES-128 ECB mode.
4. Unfortunately, a single bit of the 30th byte in the encrypted file got corrupted.
You can achieve this corruption using shed, modifying the 30th byte in this
file.
5. Decrypt the corrupted file using the correct key.
6. Encrypt the original file plain.txt using the AES-128 CBC mode.
7. Unfortunately, a single bit of the 30th byte in the encrypted file got corrupted.
You can achieve this corruption using shed, modifying the 30th byte in this
file.
8. Decrypt the corrupted file using the correct key and initialization vector (IV).
Answer the following questions:
1. How much information can you recover by decrypting the corrupted file, if
the encryption mode is
ECB:
CBC:

Task 2: Signatures.

1. You have a test1.txt and test2.txt files with its signatures signatur1 and
signature2.
2. signatur1 and signature2 were signed using my private key using the
following command :
openssl rsautl -sign -in hash -inkey private-key -out signature
3. Upload all of them to your node using pscp.
4. determine which file was modified using the following commands
hash a file : openssl dgst -md5 -out hash file
verify a file : openssl rsautl -verify -in signature -pubin -inkey public-key
-out hash2
 Note1: you should use my public key.

Note2: commands used to generate RSA public/private keys:

generate private rsa key 1024: openssl genrsa -out private-key 1024
generate public rsa key :openssl rsa -in private-key -pubout -out public-
key

Task 3: Known-plaintext attack

Now, download the plainknown.txt ,cipherknown.txt and keys.txt [upload them to

your node using pscp].You know that aes-128-cbc was used to generate the ciphertext
from the plaintext. You also know that the numbers in the initialization vector (IV) are all
zeros Another clue is that the key, used to encrypt this plaintext, is one of keys in
keys.txt. Your goal is to write a script to find out this key.

Note : you can use the command line tools provided by openssl to encrypt and decrypt
messages inside your script .