Scribd
Upload
7 views7 pages

Paul&Evan Lab05

Uploaded by

deadku14
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
7 views7 pages

Paul&Evan Lab05

Uploaded by

deadku14
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

Part 1.

Using Public Key Algorithms


In this Lab, you will take 3 different roles, i.e., the sender, the receiver and the attacker. In each
role, you need to figure out which key(s) you need to use. Use the PGP tool that you have
worked with in “Public Key Repository” discussion to encrypt and decrypt your messages. Note
that classmate you send to and you receive from are same. The keys you need are posted in the
Public Key Repository discussion.

1) Role 1: You are the Sender

Encrypt a message for the receiver assigned to you (you need to choose your teammate). Note
that you are the sender. In the “Public Key Repository Discussion” reply to the receiver’s post
and attach the encrypted file in your reply. Please make sure that your message is appropriate.
Insert your message to the receiver in plaintext here (in the report).
hello world

2) Role 2: You are the Receiver

Decrypt the message that was sent you (attached by the sender in the reply to your post in
“Public Key Repository Discussion”).

Take screenshots of the verification window and the decrypted message that was sent to you
and insert them here in the report.
3) Role 3: You are the attacker

Pick an encrypted message that was not intended for you. Try to figure out what the message
is. Explain your experience attempting to break the code.
Explanation: Once I downloaded the unintended encrypted file I tried to Decrypt the message
but was unsuccessful due to not having/knowing the keys attached to the message.
Part 2. Verifying Integrity of a Download
In this assignment you will verify that a file you download has not been changed during
download.

Go to the site https://www.openoffice.org/download/index.html.

Note that there two download options: “Download full installation” and “Download language
pack.” Download the language pack only and do NOT install it.

Note that two hash values are given for the language pack on the site: SHA 256 and SHA512.
Copy and paste these values in this document.
256:

4fbd521458fd6257a670c51fcde35221a0f736702f8a51e8ed7983f3c5a2f8c1
*Apache_OpenOffice_4.1.15_Win_x86_langpack_en-US.exe

512:

c9089c360563e210d59d12d83316244d58875de7529989b897c1172226a3e9e258b64083418bd
ea45ac706f4f7aa70b24475627540bd0447a502a955771f8532
*Apache_OpenOffice_4.1.15_Win_x86_langpack_en-US.exe

Use an online hash calculator to calculate the SHA256 and SHA512 hashes for the downloaded
file. You can use https://md5file.com/calculator.
Insert screenshots of these values in this document as well.

SHA256: 8352a06708b8ba439745ee86bf6a789e459cb3dd5d4832f752b696479b6fe289

SHA512:70d8b9e72e32a3daffff533e3c9b86aca1e3b9eb8697a5515b57758597df24143d8bdf23
117e6e437cdd036f733db043aba55c515569256f5d9eb4ca0bd0d7fa
What to submit

Insert screenshots from above steps.


In the Word file, include your answers to the following questions with a different color:
1. Compare these hash values on the site with the hash values you have
calculated. Are they the same? Explain. The hash values are not the same, if
we look at the compared values they are vastly different
2. What is your conclusion if the SHA256 hash value provided on the site is the
same as the one you calculated? The conclusion would be that both the files
are the same.
3. What is your conclusion if the SHA256 hash value provided on the site is
different from the one you calculated? The conclusion would be that the files
are not the same / corrupted.
4. If the provided hash value is the same as the one you calculated, does that
mean that this is absolutely the right file that delivers what it promises, or
could it be malicious? Explain. It does not guarantee that it is fine/ delivers
what is promised. Both file versions can be malicious and thus the same hash
value would be bad in this case.
5. How could a second hash value (such as SHA512, in this case) help to verify
the integrity of the download? Explain. SHA512 is a more secure hash
function so it is good to include that kind of security, but also it is good in
general to have multiple hash functions as it is harder to replicate multiple.
Grading Rubric

Grading Rubric:
Criteria Points
Public key in “Public Key Repository” Discussion 1
Complete the task for Role 1 3
Part 1
Complete the task for Role 2 3
Complete the task for Role 3 3
Screenshots of four hash values 2
Part 2 Answers to questions about hash functions 7
Grammer/Spells 1
Total 20

You might also like