INTE2625 Introduction to Cyber Security

Week 4 Lab Manual

Objectives
In this Lab, you are going to learn symmetric key encryption using an open-source tool called
GnuPG. The GnuPG (also known as GNU Privacy Guard or simply GPG) is GNU’s tool used
to encrypt data and create digital signatures that contribute to overall information security. It is a
complete and free implementation of the OpenPGP Internet standard that provides an advanced
key management solution. For more information, please visit: https://www.gnupg.org/

At the end of the Lab, we will learn the followings:

 Sharing files between two users in Kali Linux
 Symmetric Key Encryption using GPG

Task-1: Sharing a file between two users using Shared Folder

Task-1.1: Check if the user exists

To explore file sharing between two users, "alice" and "bob," through a shared folder using Kali
Linux, requiring the setup and verification of user accounts for Alice and Bob. As discussed in
the Week -2 Lab, you can add a user “bob” using “sudo adduser username” command and
check it with “id username”.

If the user exists, you should the see the user’s uid, gid, groups information as below:

Task-1.2: Setting Up the Shared Folder

In this step, we'll set up a shared folder in the /tmp directory to facilitate file sharing between
Alice and Bob. To create the shared folder in the /tmp directory, type the following command
“mkdir /tmp/shared_folder”
Now, let’s switch user to Alice (“su username”) and access the shared folder.
“cd /tmp/shared_folder/”.

We have successfully navigated to the shared folder, now we try to create a text file there using
a text editor nano. You may also use any other text editor.
As we can see the “shared_folder” is not writable. Since the other user doesn’t have
permission to write anything on the “shared_folder”.

Now, let's ensure that both Alice and Bob have appropriate permissions to access the shared
folder. We'll set permissions using the command “chmod 777 /tmp/shared_folder”.

Here is what each part of the command does:

 "chmod": Stands for "change mode". It is the command used to change the permissions
of files and directories.
 "777": This is the permission setting. In octal notation, each digit represents the
permissions for different groups of users: the owner, the group, and others. "777"
means that the owner, group, and others have full permissions, which are read, write,
and execute. We will discuss more about directory/files access control in a later lab.
 The first digit (7) represents the permissions for the owner of the file/directory.
 The second digit (7) represents the permissions for the group that the
file/directory belongs to.
 The third digit (7) represents the permissions for all other users.
 "/tmp/shared_folder": This is the path to the directory whose permissions are being
changed. In this case, it's "/tmp/shared_folder".

To set the permission we need to switch user to kali and become root user.

Once we have changed the permission of the “shared_folder”, now let’s switch to Alice and try
to create a test file called “test.txt”
We can see now Alice can create a .txt file and save the text file in the shared folder

Let’s switch to user Bob and copy the “test.txt” on the “shared_folder” to Bob home directory.

As we can see we have successfully created a shared folder that can be accessed by all the
user.
You can use this chmod calculator to see which permission you want to give depending on the
level of the user https://chmod-calculator.com/
Task-2: Sharing a file between two users using SCP
Task-2.1: Start the SSH Port
In this task before we start you need to become the root user and activate the ssh port / port 22
with this command “sudo systemctl start ssh” and to check whether its running or not you can
use this command “sudo systemctl status ssh”. If you see the message “active (running)” it
mean your SHH port is already activated

Task-2.2: Send file thorugh SCP

In this scenario Alice want to use SCP to securely copy the test.txt file from /tmp/shared_folder
to Bob's home directory. We need to login as Alice and run this command “scp
/tmp/shared_folder/test.txt bob@localhost:~” to send it to Bob. At the end of this step it
required to put Bob's password before sending the text file

When the prompt shows 100% it means the file has already been successfully sent securely to
Bob. To check we need to log in as Bob and check in the home directory.
Task-3: Symmetric Key Encryption using GPG

In this task, we will learn how to perform Advanced Encryption Standard (AES) based file
encryption and decryption using GPD. As you have already learned the model of the Symmetric
Key Encryption in the lecture, you should be able to perform the task. However, AES will be
discussed in Week 5 Lecture.

Task-3.1: Create text file.

Login as a Kali user and create a file “test.txt” in the Desktop directory and put any text in the
file. For example, put the text “This is my first encryption”. We are skipping the details as we it
is already discussed previously.

Check if the file has been created:

Task-3.2: Encrypt file with GPG

Check the GPG version with “gpg --version”
For the sake of simplicity, we are using root user in this example. You should try with other
users.
To encrypt the file, use the following command:

“sudo gpg --no-symkey-cache -a -o test.txt.gpg -c --cipher-algo AES256 test.txt && rm

test.txt”

Here are the details of the command:

 sudo: This command is used to execute the subsequent command with superuser
privileges.

 gpg: This is the GnuPG command-line tool used for encryption and decryption.

 --no-symkey-cache: This option disables the symmetric key cache, which is a feature
that temporarily stores passphrase-derived symmetric keys. Disabling it ensures that the
passphrase is always required for encryption.

 -a: This option tells GPG to create ASCII-armored output, which means the encrypted
output will be in a text format rather than binary. This can be useful for transferring
encrypted files via text-based mediums such as email.

 -o test.txt.gpg: This option specifies the output file name for the encrypted data. In this
case, the encrypted file will be named "test.txt.gpg".

 -c: This option tells GPG to encrypt the input file.

 --cipher-algo AES256: This option specifies the cipher algorithm to be used for
encryption. In this case, AES256 is chosen, which indicates the Advanced Encryption
Standard with a 256-bit key size.

 test.txt: This is the input file that will be encrypted.

 &&: This is a command-line operator used to execute the next command only if the
preceding command succeeds.

 rm test.txt: This command deletes the original plaintext file named "test.txt" after it has
been successfully encrypted. This is often done to ensure that only the encrypted
version remains, reducing the risk of unauthorized access to the plaintext data.
A passphrase will be asked to encrypt the file. Please provide any passphrase that you can
remember. At least 8 character long passphrase is recommended. Hit <OK>. You need to
confirm it as well.

Once you have put the passphrase, an encrypted file will be created with the name test.txt.gpg.
Check it with ls command and show the content of the file using cat command:

Task-3.2: Decrypt the text file

Decrypt the encrypted test.txt.gpg file using GPG and the same passphrase used for encryption
with the following command “sudo gpg --no-symkey-cache -o decrypted_test.txt -d
test.txt.gpg && rm test.txt.gpg”.
Here are the details of the new keywords of the command:

 -o decrypted_test.txt: This option specifies the output file name for the decrypted
data. In this case, the decrypted file will be named "decrypted_test.txt".

 -d: This option tells GPG to decrypt the input file.

 test.txt.gpg: This is the input file that will be decrypted.

After the description process now you can see the original message

Congratulations! You have successfully encrypted and decrypted files using GPG.

Note: Now, try to perform the encryption and decryption considering two users: Alice
and Bob. Alice should encrypt and Bob should decrypt. It will help you to understand
one of the Assignment-1 problems.