Laboratory work №8. Use of hardware and software for generating keys.

Application of EDS and encryption for the exchange of messages by E- mail

Methodological guidelines for performing the work

PGP operates on the basis of a public key encryption method, which consists in
creating a user key pair in a small text file. One key is closed and stored in a safe place. The
other - open, on the contrary, is laid out for everyone to see. When someone wants to encrypt
a written letter, he does it with a public key. Since the moment the message is encrypted with
a public key, only the owner of the private key can read it. Note: even the author, after
encrypting the message with a public key, will not be able to read it. This encryption principle
is very reliable. Its most subtle place is the problem of authenticity of the public key.
The PGP program installed on the computer starts automatically when the operating
system starts up (figure 8.1).
There are following windows:
1) PGP Keys.
2) PGP Messaging.
3) PGP Zip.
4) PGP Netshare.

Figure 8.1 – Program interface

Creation of keys.
Click the PGP tray icon in the display panel with the right mouse button and select
PGP keys from the shortcut menu. The PGP keys utility window opens. To do this, move the
cursor to File - New PGP Keys.
Click the Generate new keypair button. The «KeyGenerationAssistant» will start.
Click the «Next» button.
Enter your full name in the Fullname field and your e-mail address in the E- mail
address field. «Public keys» that do not contain complete and accurate information are not
taken seriously. To fully configure the keys, click Advanced.
The Advancedkeysettings window will appear.
Set the Diffie-Hellman/DSS switch. This is a more modern algorithm for generating a
pair of keys.
Set the switch 2048 bits (2048 bits), which determines the length of the key (for
reliability, a key of this length corresponds to approximately 128-bit key for symmetric
encryption).
In this case, set the Key pairnev erexpires switch («The key pair acts permanently»).
In practice, it is recommended that you specify a limited period for the keys. Click «OK»,
«Next» buttons.
Double-enter the random Passphrase in the appropriate fields.

Figure 8.2 – Creation of keys pair

Since in this case, the real secrecy is not significant, you can reset the HideTyping
check box to make the text you type appear on the screen. It is recommended that the
password phrase is easily remembered, but it contains spaces, letters of different case,
numbers, special symbols. Quality (difficulty finding) of the key phrase is displayed using
the indicator PassphraseQuality. After the passphrase is entered twice, click the «Next»
button.
Watch over the process of generating a key pair, which can take up to several minutes.
After the message «Continue» appears, click the «Next» button. Then, you may need a few
more clicks on the «Next» buttons and, at the end, Done, to complete the creation of
the keys (you do not need to publish the key on the server).
See how the newly created key is displayed in the AllKeys list. Make sure that its
creator, who is supposed to absolutely trust himself, automatically signs this key.
To view the key properties, right-click the key and select Key Properties from the
shortcut menu. Read the key properties, including the «fingerprint», designed to confirm the
correctness of the key, for example, by phone. Make sure that the ImplicitTrust checkbox is
selected, indicating that you trust the owner of this key,
i.e. to yourself.
 Figure 8.3 – List of created keys

Public key transfer.

Switch to the PGPkeys program. Click the PGPtray icon in the display panel with the
right mouse button and select PGPkeys from the shortcut menu. The PGPkeys service tool
window opens.
Select the key to be sent to the correspondent in the list and give the command Edit /
Copy (Edit / Copy).
Place the cursor at the end of the message and click the «Paste» button on the toolbar.
Make sure that a symbol block describing the public key has been inserted into the
message text. Save the message (do not send it). Check if the key can be moved to an e-mail
message by dragging.

Keys import and export.

Highlight the key's text, including special lines describing its start and end. Copy the
key to the clipboard using the CTRL + C key combination. Switch to the PGPkeys program.
Press CTRL + V. In the dialog that appears, click on the «SelectAll» button, and then
on the «Import» button.
In the PGPkeys window, you will not see any changes after that, because the
corresponding key is already stored on this computer. To export a key to a file, select it and
give the command Keys / Export.
 Figure 8.4 – Key import/export

Select the catalog and specify the file name. Click the Save button to save the key to a
text file. On your own, import the key stored in the file in at least two different ways.

8.3 Control questions

1. What key is used when encrypting messages?

2. What key is used while creating the digital signature?
3. What systems of EDS creation and encrypting are used in Russia?
4. What is EDS used for? What are the features of EDS (electronic digital
signature)?
5. What is EDS legal support?
6. What programs are used for creation EDS in Russia and abroad?
7. How is it more preferable to transfer the PGP open keys to our
correspondents?
8. What is an EDS compromise?
9. What influences EDS cryptographic strength?