Cryptography
Lab 2: Secret Key Encryption Lab
Lab 2 Secret Key Encryption Lab
In this lab, students will understand
• The concepts in the secret-key encryption and some common attacks on encryption.
• Learn encryption algorithms, encryption modes, paddings, and initial vector (IV)
This lab particularly exposes students to some of the mistakes done by developer in using
encryption algorithm, and to launch attacks to exploit those vulnerabilities.
Table of Contents
Overview......................................................................................................................................2
Task 1: Installing OpenSSL package..............................................................................................2
Task 2: OpenSSL for encryption and decryption of images and text..............................................2
Task 2a: Encryption using different ciphers and modes..........................................................................2
Task 2b: Encryption Mode ECB vs CBC...................................................................................................3
Task 2c: Padding...................................................................................................................................4
Task 2d: Error propagation – corrupted Ciphertext................................................................................5
Task 2e: Initialization Vector.................................................................................................................6
Task 3: Programming Using the crypto Library.............................................................................6
Submission...................................................................................................................................8
1
BNM Institute of Technology Department of CSE
�Cryptography
Lab 2: Secret Key Encryption Lab
Overview
The learning objective of this lab is for students to get familiar with the concepts in the
secret-key encryption and some common attacks on encryption. From this lab, students will
gain a first-hand experience on encryption algorithms, encryption modes, paddings, and
initial vector (IV). Moreover, students will be able to use tools and write programs to
encrypt/decrypt messages. Many common mistakes have been made by developers in using
the encryption algorithms and modes. These mistakes weaken the strength of the
encryption, and eventually lead to vulnerabilities. This lab exposes students to some of
these mistakes, and ask students to launch attacks to exploit those vulnerabilities.
This lab covers the following topics:
• Installation of OpenSSL package
• Secret-key encryption
• Encryption modes, IV, and paddings
• Common mistakes in using encryption algorithms
• Programming using the crypto libraryLab environment:
This lab has been tested on our pre-built Ubuntu 16.04 VM, which can be downloaded from the
SEED website. https://seedsecuritylabs.org/lab_env.html. Download the June 2019 version of
ubuntu 16.04
Lab Tasks
Task 1: Installing OpenSSL package
Step 1: install OpenSSL using following commands
sudo apt-get install openssl
or
sudo yum install openssl
Task 2: OpenSSL for encryption and decryption of images and text
Task 2a: Encryption using different ciphers and modes.
Step 1: create a plain Text File
The commands used to achieve this are shown below.
Commands:
$touch plain.txt
$gedit plain.txt
$cat plain.txt
2
BNM Institute of Technology Department of CSE
�Cryptography
Lab 2: Secret Key Encryption Lab
Give your observation with screen shot
Step2: Encrypt the file using different ciphers and modes
The command used to encrypt the file is:
$openssl enc -cipehertype -in infile -out outfile -k key -iv initial_vector
In the command above
Cipehertype: stands for the cipher and mode to be used. Examples are aes-128-cbc, aes-
128-ofb,bf-ecb, rc4
Infile: is the input file which is to be encrypted
Outfile: is the output file which contains the encrypted data
Key is the key used for encryption
Initial_vector: is the initialization vector to be used
Command:
$openssl enc -aes-128-cbc -e -in plain.txt -out cipher1.bin -k
00112233445566778899aabbccddeeff -iv 0102030405060708090a0b0c0e0f
Execute the above command for different modes
Give your observation with screen shot
Step 3: verify the output
Once the files are encrypted as shown in the previous step, most of data in the file will not
be printable. To observe the contents of the output files, the command line hex viewing tool
“xxd” is used. This allows us to observe the encrypted contents of the file in hexadecimal
format.
Command:
$xxd cipher1.bin
Execute the above command for different modes of ciphertext.
Give your observation with screen shot
Task 2b: Encryption Mode ECB vs CBC
Step1: Download and encrypt the Image file
Download pic_original.bmp from website.
Encrypt the picture using AES in ECB mode and AES in CBC mode
Command:
$ openssl enc -aes-128-ecb -e -in pic_original.bmp -out pic_ecb.bmp -k
00112233445566778899aabbccddeeff -iv 0102030405060708090a0b0c0d0e0f
$ openssl enc -aes-128-cbc -e -in pic_original.bmp -out pic_cbc.bmp -k
00112233445566778899aabbccddeeff -iv 0102030405060708090a0b0c0d0e0f
3
BNM Institute of Technology Department of CSE
�Cryptography
Lab 2: Secret Key Encryption Lab
Give your observation with screen shot
Step 2:
Once the two encrypted files are generated appropriate headers need to be added so that
image viewing s/w recognise the image
$ head -c 54 pic_original .bmp > header
$ tail -c +55 pic_ecb.bmp > body_ecb
$ cat header body_ecb > new_ecb.bmp
$ tail -c +55 pic_cbc.bmp > body_cbc
$ cat header body_cbc > new_cbc.bmp
Step 3:
View the encrypted images and draw conclusion
$eog filename
Give your observation with screen shot.
Task 2c: Padding
For block ciphers, when the size of the plain text is not the multiple of the block size,
padding may be required. In this task, we will study the padding schemes
Step 1: create 3 files of size 5,10,15 bytes respectively (create text file)
Commands:
$ echo -n “12345”>f1.txt
$ echo -n “1234567890”>f2.txt
$ echo -n “1234567890abcdef”>f3.txt
$ ls – l f*.txt
Give your observation with screen shot.
Step 2:Encrypt the files using cbc mode of operation and Decrypt while disabling padding
$ openssl enc -aes-128-cbc -e -in f1.txt -out f1.bin -k 001122334455667788899aabbccddeeff
-iv 0102030405060708090a0b0c0d0e0f
$ openssl enc -aes-128-cbc -e -in f2.txt -out f2.bin -k 001122334455667788899aabbccddeeff
-iv 0102030405060708090a0b0c0d0e0f
4
BNM Institute of Technology Department of CSE
�Cryptography
Lab 2: Secret Key Encryption Lab
$ openssl enc -aes-128-cbc -e -in f3.txt -out f3.bin -k 001122334455667788899aabbccddeeff
-iv 0102030405060708090a0b0c0d0e0f
$openssl enc -aes-128-cbc -d -in f1.bin -out p1.txt -nopad -k
001122334455667788899aabbccddeeff -iv 0102030405060708090a0b0c0d0e0f
$openssl enc -aes-128-cbc -d -in f2.bin -out p2.txt -nopad -k
001122334455667788899aabbccddeeff -iv 0102030405060708090a0b0c0d0e0f
$openssl enc -aes-128-cbc -d -in f3.bin -out p3.txt -nopad -k
001122334455667788899aabbccddeeff -iv 0102030405060708090a0b0c0d0e0f
Give your observation with screen shot.
$ls -l f*bin
Give your observation with screen shot.
Step 3: study the padding
$ xxd p1.txt
$ xxd p2.txt
$ xxd p3.txt
Repeat this task with ecb and other modes for more marks.
Task 2d: Error propagation – corrupted Ciphertext
In this task you will study how a corruption in the value of one bit in the ciphertext affects
the decryption process
Step 1: create a file which is atleast 1000 bytes big using touch and gedit command
Commands:
$ touch plain.txt
$ gedit plain.txt
$ ls -l plain.txt
Give your observation with screen shot.
Step 2: Encrypt the file using AES-128 cipher and manually corrupt one bit
Commands:
$openssl enc -aes-128-ecb -e -in plain.txt -out cipher1.bin -k
00112233445566778899aabbccddeeff -iv 0102030405060708090a0b0c0e0f
5
BNM Institute of Technology Department of CSE
�Cryptography
Lab 2: Secret Key Encryption Lab
$ ghex cipher.bin
Use hex editor ghex to change one bit.
Give your observation with screen shot.
Step 3: Decrypt the corrupted ciphertext and view the results
Give your observation with screen shot.
Step 4: Perform the same experiment for other modes of operation.
Give your observation with screen shot.
Task 2e: Initialization Vector
In this task you will see how improper use and selection of IV can lead to degradation of
security in the encryption performed
Task 6.1: Uniqueness of IV
Step 1: encrypt the same plaintext using different IV
Commands:
$openssl enc -aes-128-cbc -e -in plain.txt -out cipher1.bin -k
00112233445566778899aabbccddeeff -iv 0102030405060708090a0b0c0e0f
$openssl enc -aes-128-cbc -e -in plain.txt -out cipher2.bin -k
00112233445566778899aabbccddeeff -iv 102030405060708090a0b0c0d0e0f0
Give your observation with screen shot.
Compare two output files
Commands:
$xxd cipher1.bin
$xxd cipher2.bin
Give your observation with screen shot.
Step 2: Encrypt the same plaintext using same IV
6
BNM Institute of Technology Department of CSE
�Cryptography
Lab 2: Secret Key Encryption Lab
Give your observation with screen shot.
Task 3: Programming Using the crypto Library
Write a simple program to find a key from a wordlist, given a plaintext, an IV and the
corresponding ciphertext.
7
BNM Institute of Technology Department of CSE
�Cryptography
Lab 2: Secret Key Encryption Lab
$gcc secret.c -o secret -lcrypto
$./secret
Give your observation with screen shot.
Submission
You need to submit a detailed lab report to describe what you have done and what you have
observed, including screenshots and code snippets. You also need to provide explanation to the
observations that are interesting or surprising. You are encouraged to pursue further investigation,
beyond what is required by the lab description. Please submit in word or PDF format only.
8
BNM Institute of Technology Department of CSE
