Information Security Lab-3

Symmetric and Asymmetric Cryptography

Lab Objectives

• Understand the differences between symmetric and asymmetric encryption.

• Implement AES (Advanced Encryption Standard) and RSA (Rivest-Shamir-Adleman)

algorithms.

• Encrypt and decrypt data using OpenSSL.

Prerequisites

• Windows operating system

• OpenSSL installed on the system

• Basic understanding of command prompt usage

Step 1: Installation of OpenSSL

1. Download OpenSSL

To perform cryptographic operations, OpenSSL must be installed on the system. Follow these
steps:

• Visit the official OpenSSL website: https://slproweb.com/products/Win32OpenSSL.html

• Download the latest Win64 OpenSSL version suitable for your system.

• Choose the EXE installer (not the source code) for ease of installation.

2. Install OpenSSL

Once the installer is downloaded, follow these steps:

• Double-click the downloaded .exe file to launch the installation wizard.

• Accept the license agreement.

• Select the installation directory (default is C:\Program Files\OpenSSL-Win64).

• Choose The Windows system directory when prompted for OpenSSL DLL placement.

• Click Install and wait for the process to complete.

• Click Finish after installation is done.

3. Configure Environment Variables

To use OpenSSL from the command prompt, the installation path must be added to the system’s
environment variables:

1. Open Control Panel > System > Advanced system settings.

2. Click Environment Variables.

3. Under System Variables, find and select Path, then click Edit.

4. Click New and add the OpenSSL binary path:

C:\Program Files\OpenSSL-Win64\bin

5. Click OK to save changes.

6. Restart your computer to apply the changes.

4. Verify Installation

To ensure OpenSSL is installed correctly, open Command Prompt and run:

openssl version

Explanation: This command checks the installed version of OpenSSL and confirms that it is
properly configured. If the installation is successful, you should see an output similar to:

OpenSSL 3.0.0 (Library: OpenSSL 3.0.0)

If you receive an error, check that OpenSSL is installed in the correct directory and that the
system environment variables are correctly set.

Step 2: Understanding Symmetric vs. Asymmetric Encryption

Symmetric Encryption (AES)

• Uses a single key for both encryption and decryption.

• Faster than asymmetric encryption.

Asymmetric Encryption (RSA)

• Uses a pair of keys (public and private).

• The public key encrypts data, and the private key decrypts it.

Step 3: Implementing AES Encryption (Symmetric)

1. Create a sample text file:

echo This is a secret message. > message.txt

Explanation: This command creates a text file named message.txt and writes "This is a secret
message." into it.

2. Generate a random key and IV (Initialization Vector) for AES:

openssl enc -aes-256-cbc -k secretpassword -P

Explanation: This command generates a random key and IV using AES-256-CBC encryption,
based on the given password.

Example Output:

kek = 5F8C76AB87...

iv = ADFE456789...

3. Encrypt the file:

openssl enc -aes-256-cbc -pbkdf2 -in plaintext.txt -out encrypted.txt -k secretpassword

Explanation: Encrypts message.txt using AES-256-CBC encryption and saves the encrypted data
in encrypted.txt.

4. Decrypt the file:

openssl enc -aes-256-cbc -d -in encrypted.txt -out decrypted.txt -k secretpassword

Explanation: Decrypts encrypted.txt using the same password and outputs the decrypted
content into decrypted.txt.

5. View the decrypted file:

type decrypted.txt

Explanation: Displays the content of decrypted.txt to verify successful decryption.

Step 4: Implementing RSA Encryption (Asymmetric)

1. Generate an RSA key pair (private and public keys):

openssl genpkey -algorithm RSA -out private_key.pem

Explanation: Generates a private RSA key and saves it in private_key.pem.

openssl rsa -in private_key.pem -pubout -out public_key.pem

Explanation: Extracts the public key from the private key and saves it in public_key.pem.

2. Encrypt the message using the public key:

openssl pkeyutl -encrypt -pubin -inkey public_key.pem -in message.txt -out encrypted_rsa.txt

Explanation: Encrypts message.txt using the public key and saves the encrypted content in
encrypted_rsa.txt.

3. Decrypt the message using the private key:

openssl pkeyutl -decrypt -inkey private_key.pem -in encrypted_rsa.txt -out decrypted_rsa.txt

Explanation: Decrypts encrypted_rsa.txt using the private key and stores the decrypted
message in decrypted_rsa.txt.

4. View the decrypted file:

type decrypted_rsa.txt

Explanation: Displays the content of decrypted_rsa.txt to verify successful decryption.

Expected Output

• After AES decryption, decrypted.txt should contain:

This is a secret message.

• After RSA decryption, decrypted_rsa.txt should contain:

This is a secret message.

Conclusion

• AES encryption is faster but requires a shared key.

• RSA provides better security for key exchange but is slower.

• OpenSSL provides a simple way to implement both encryption methods.

Additional Exercises

• Try encrypting a larger file.

• Use a different encryption mode such as AES-GCM.

• Generate stronger RSA keys (e.g., 4096 bits).