1

The University of Bamenda Université de Bamenda

College of Technology
Course Code : CENP
Ecole de Technologie
Department of Computer Engineering
Practicals Academic Year : 2020/2021
4104 Course Title : Computer Network Security Duration : 2 weeks
Lecturer : Dr. Emmanuel Fouotsa

Submission date : 07 January 2021

Crypto Labs -Part 1 : Presentation of OpenSSL

The objective of this project is to describe openSSL. The following steps will be considered
1. History/Author of OpenSSL
2. OpenSSL webpage
3. Libraries and main documentation of openSSL
4. Installation of OpenSSL ( platform consideration)
5. Features of OpenSSL
6. OpenSSL interfaces
7. Standard openSSL commands with examples
8. Encoding and decoding ( Bases, ASCIII,....) with OpenSSL
9. Introduction to programming with openSSL

Crypto Labs -Part 2 :Symmetric key cryptography Practicals

0.1 Overview-Objectives

The learning objective of this lab is for students to get familiar with the concepts in the secret-
key encryption. After nishing the lab, students should be able to gain a rst-hand experience on
encryption algorithms, encryption modes, paddings, and initial vector (IV). Moreover, students will
be able to use tools and write programs to encrypt/decrypt messages.

0.2 Lab Tasks

0.2.1 Task 1 : Encryption using dierent ciphers and modes

In this task, we will play with various encryption algorithms and modes. You can use the following
openssl enc command to encrypt/decrypt a le. To see the manuals, you can type man openssl
and man enc.

[frame=single]
% openssl enc ciphertype -e -in plain.txt -out cipher.bin \
-K 00112233445566778889aabbccddeeff \
-iv 0102030405060708

The University of Bamenda: Higher Teacher Training College Lecturer: www.emmanuelfouotsa-prmais.org

 2

Please replace the ciphertype with a specic cipher type, such as -aes-128-cbc, -aes-128-cfb,
-bf-cbc, etc. In this task, you should try at least 3 dierent ciphers and three dierent modes. You
can nd the meaning of the command-line options and all the supported cipher types by typing "man
enc". We include some common options for the openssl enc command in the following :

[frame=single]
-in <file> input file
-out <file> output file
-e encrypt
-d decrypt
-K/-iv key/iv in hex is the next argument
-[pP] print the iv/key (then exit if -P)

0.2.2 Task 2 : Encryption Mode  ECB vs. CBC

The le pic_original.bmp contains a simple picture. We would like to encrypt this picture,
so people without the encryption keys cannot know what is in the picture. Please encrypt the le
using the ECB (Electronic Code Book) and CBC (Cipher Block Chaining) modes, and then do the
following :
1. Let us treat the encrypted picture as a picture, and use a picture viewing software to display
it. However, For the .bmp le, the rst 54 bytes contain the header information about the
picture, we have to set it correctly, so the encrypted le can be treated as a legitimate .bmp
le. We will replace the header of the encrypted picture with that of the original picture. You
can use a hex editor tool (e.g. ghex or Bless) to directly modify binary les.
2. Display the encrypted picture using any picture viewing software. Can you derive any use-
ful information about the original picture from the encrypted picture ? Please explain your
observations.

0.2.3 Task 3 : Encryption Mode  Corrupted Cipher Text

To understand the properties of various encryption modes, we would like to do the following
exercise :
1. Create a text le that is at least 64 bytes long.
2. Encrypt the le using the AES-128 cipher.
3. Unfortunately, a single bit of the 30th byte in the encrypted le got corrupted. You can
achieve this corruption using a hex editor.
4. Decrypt the corrupted le (encrypted) using the correct key and IV.
Please answer the following questions : (1) How much information can you recover by decrypting
the corrupted le, if the encryption mode is ECB, CBC, CFB, or OFB, respectively ? Please answer
this question before you conduct this task, and then nd out whether your answer is correct or wrong
after you nish this task. (2) Please explain why. (3) What are the implication of these dierences ?

0.2.4 Task4 : Padding

For block ciphers, when the size of the plaintex is not the multiple of the block size, padding
may be required. In this task, we will study the padding schemes. Please do the following exercises :

The University of Bamenda: Higher Teacher Training College Lecturer: www.emmanuelfouotsa-prmais.org

 3

1. The openssl manual says that openssl uses PKCS5 standard for its padding. Please design
an experiment to verify this. In particular, use your experiment to gure out the paddings in
the AES encryption when the length of the plaintext is 20 octets and 32 octets.
2. Please use ECB, CBC, CFB, and OFB modes to encrypt a le (you can pick any cipher).
Please report which modes have paddings and which ones do not. For those that do not need
paddings, please explain why.

0.2.5 Task 5 : Programming using the Crypto Library

So far, we have learned how to use the tools provided by openssl to encrypt and decrypt mes-
sages. In this task, we will learn how to use openssl's crypto library to encrypt/descrypt messages
in programs.
OpenSSL provides an API called EVP, which is a high-level interface to cryptographic functions.
Although OpenSSL also has direct interfaces for each individual encryption algorithm, the EVP
library provides a common interface for various encryption algorithms. To ask EVP to use a specic
algorithm, we simply need to pass our choice to the EVP interface. A sample code is given in
http://www.openssl.org/docs/crypto/EVP_EncryptInit.html. Please get yourself familiar with
this program, and then do the following exercise.
You are given a plaintext and a ciphertext, and you know that aes-128-cbc is used to generate
the ciphertext from the plaintext, and you also know that the numbers in the IV are all zeros
(not the ASCII character `0'). Another clue that you have learned is that the key used to encrypt
this plaintext is an English word shorter than 16 characters ; the word that can be found from a
typical English dictionary. Since the word has less than 16 characters (i.e. 128 bits), space characters
(hexadecimal value 0x20) are appended to the end of the word to form a key of 128 bits. Your goal is
to write a program to nd out this key. You can download a English word list from the Internet. We
have also linked one on the web page of this lab. The plaintext and ciphertext is in the following :
[frame=single]
Plaintext (total 21 characters): This is a top secret.
Ciphertext (in hex format): 8d20e5056a8d24d0462ce74e4904c1b5
13e10d1df4a2ef2ad4540fae1ca0aaf9

Note 1 : If you choose to store the plaintex message in a le, and feed the le to your program,
you need to check whether the le length is 21. Some editors may add a special character to the end
of the le. If that happens, you can use a hex editor tool to remove the special character.

Note 2 : In this task, you are supposed to write your own program to invoke the crypto library.
No credit will be given if you simply use the openssl commands to do this task.

Note 3 : To compile your code, you may need to include the header les in openssl, and link to
openssl libraries. To do that, you need to tell your compiler where those les are. In your Makefile,
you may want to specify the following :
[frame=single]
INC=/usr/local/ssl/include/
LIB=/usr/local/ssl/lib/

all:
gcc -I$(INC) -L$(LIB) -o enc yourcode.c -lcrypto -ldl

The University of Bamenda: Higher Teacher Training College Lecturer: www.emmanuelfouotsa-prmais.org

 4

0.3 Submission

You need to submit a detailed lab report to describe what you have done and what you have
observed ; you also need to provide explanation to the observations that are interesting or surprising.
In your report, you need to answer all the questions listed in this lab.

0.4 Ressources

Please visit
http://www.cis.syr.edu/~wedu/seed/
for more information and additional les for this project.

The University of Bamenda: Higher Teacher Training College Lecturer: www.emmanuelfouotsa-prmais.org