(Crypto) DES And RSA Algorithms Overview


Published on

Best practice

  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

(Crypto) DES And RSA Algorithms Overview

  1. 1. DES & RSA Algorithms Overview Tutorial03/01/2013 NOUNI El Bachir 1
  2. 2. Comparison And UsesDES : Its a symmetric algorithm designed for encrypting data. Its advantage is that its fast for large data size, but it present one inconvenient is that of changing keys between the tow tiers.03/01/2013 NOUNI El Bachir 2
  3. 3. Comparison And UsesRSA : its an asymmetric algorithm designed for encrypting data also. Its inconvenience is that its too slow for large data size. It use tow keys instead of DES which uses one shared key. One of these keys is secret and the other is public. The Data that is encrypted by one is decrypted by the other but not by the same key.03/01/2013 NOUNI El Bachir 3
  4. 4. Tools  Through this tutorial we will use the Openssl tool. This tool is by default integrated in Linux. For Windows users they should download this tool by following this link : http://slproweb.com/products/Win32OpenSSL.html  After the installation of openssl; whether you add the path of openssl.exe to your system path, our each time at the command prompt you use the full path of openssl.exe.03/01/2013 NOUNI El Bachir 4
  5. 5. Parameters Of These Algorithms  DES : − Secret key (64 bits) − Initialization vector (64 bits)  RSA : − Secret key − Secret key length − Public key − The modulus03/01/2013 NOUNI El Bachir 5
  6. 6. TP : Test Each Algorithm (DES)  The instructions thereafter were tested under Linux system.  DES : To use this algorithm we have to generate first its parameters (secret key,initialization vector). To do so we will use /dev/urandom file and head command. The synopsis of each one is :03/01/2013 NOUNI El Bachir 6
  7. 7. TP : Test Each Algorithm (DES)  |> cat /dev/urandom | head -1 > random.bin  the result after using |> xxd random.bin to show file content in Hex format : 0000000: 95c3 e2d9 62c9 8d24 fa03 69e7 59aa aa11 ....b..$..i.Y...  So we choose 95C3E2D962C98D24 as secret Key and FA0369E759AAAA11 as initialization vector.  After that we can encrypt and decrypt a file. |> Openssl enc -e -des-cbc -in inputfile -out outputfile -nosalt -K 95C3E2D962C98D24 -iv FA0369E759AAAA11 -a03/01/2013 NOUNI El Bachir 7
  8. 8. TP : Test Each Algorithm (DES)  -des-cbc : DES algorithm using CBC mode  -e : for encryption  -in [inputfile] : to specify input file  -out [outputfile] : to specify output file  -K XX..XX : to specify secret key 64 bits  -iv XX..XX : to specify initialization vector 64 bits  -a : encoding output file in base64 format  -nosalt : no salt will be used03/01/2013 NOUNI El Bachir 8
  9. 9. TP : Test Each Algorithm (DES)  For decryption we use the same command line, we have to just change -e option by -d for decryption.03/01/2013 NOUNI El Bachir 9
  10. 10. TP : Test Each Algorithm (RSA)The implementation of RSA follow three steps : Generate a encrypted secret key of 1024 or 2048 length. Generate the public key from the secret one.To do so, we will use genrsa and rsa commands. Synopsis of these commands is :03/01/2013 NOUNI El Bachir 10
  11. 11. TP : Test Each Algorithm (RSA)  openssl genrsa [-out filename] [-passout arg] [-des] [-des3] [-idea] [-f4] [-3] [-rand file(s)] [-engine id] [numbits]  openssl rsa [-inform PEM|NET|DER] [-outform PEM|NET|DER] [-in filename] [-passin arg] [-out filename] [-passout arg] [-sgckey] [- des] [-des3] [-idea] [-text] [-noout] [-modulus] [-check] [-pubin] [-pubout] [-engine id] For encryption we will use rsautl command of following synopsis :  openssl rsautl [-in file] [-out file] [-inkey file] [-pubin] [- certin] [-sign] [-verify] [-encrypt] [-decrypt] [-pkcs] [d-ssl] [- raw] [-hexdump] [-asn1parse] Lets now try this algorithm :03/01/2013 NOUNI El Bachir 11
  12. 12. TP : Test Each Algorithm (RSA)To generate the secret key :|> openssl genrsa -des -out sckey.pem 2048-des : DES which will be used to encrypt the secret key.-out : to specify the output file.2048 : key length.After Enter Key press the prompt will demand to you to enter a phrase password.03/01/2013 NOUNI El Bachir 12
  13. 13. TP : Test Each Algorithm (RSA)To generate the public key :|> openssl rsa -pubout < sckey.pem > pkey.pem-pubout : to specify that wie want to generate a public key from the secret one sckey.pem.< : input flow redirection> : output flow redirection03/01/2013 NOUNI El Bachir 13
  14. 14. TP : Test Each Algorithm (RSA)To encrypt data with public key :|> openssl rsautl -encrypt -in inputfile -out outputfile -inkey pkey.pem -pubin -a-encrypt : for encryption.-in : to specify input file path.-out : to specify output file.-inkey : key file to use.-pubin : specify that the key specified with -inkey is a public key. Without this options secret key is used.03/01/2013 NOUNI El Bachir 14
  15. 15. Best practiceRSA : to exchange shared secret keyDES : to encrypt data using exchanged shared secret key.Scenario :Alice (sA,PA) and Bobe (sB,PB).Alice want send data to Bobe, but it is the first time. So they should define a shared key.03/01/2013 NOUNI El Bachir 15
  16. 16. Best practiceSo Alice had to generate a random 64 bits key (DES) and an initialization vector (64 bits) and encrypt it using the public key of Bobe P B. Then send it to Bobe.Bobe will receive encrypted key and will decrypt it. At this moment its ok but he should send an acknowledgment to Alice to tell him that he receive the key successfully. So he should encrypt the received key using public key of Alice and send it to him.03/01/2013 NOUNI El Bachir 16
  17. 17. Best practiceAfter this handshaking it is ok to exchange encrypted that using shared secret key (64 bits).It is recommended to use Tripe DES instead of DES because it is more secure. To use this algorithm in what we have seen, you can just change -des by -des3 in RSA section and for DES section you choose -des-ede-cbc instead of -des-cbc.03/01/2013 NOUNI El Bachir 17
  18. 18. Bibliographyhttp://www.openssl.org/docs/apps/enc.htmlhttp://www.openssl.org/docs/apps/genrsa.htmlhttp://www.openssl.org/docs/apps/rsautl.htmlhttp://www.openssl.org/docs/apps/rsa.html03/01/2013 NOUNI El Bachir 18
  19. 19. Thanks nouni.ebachir@gmail.com03/01/2013 NOUNI El Bachir 19