(Crypto) DES And RSA Algorithms Overview

DES & RSA Algorithms Overview
Tutorial

03/01/2013 NOUNI El Bachir 1

Comparison And Uses

DES : It's a symmetric algorithm designed for
encrypting data. Its advantage is that it's fast for
large data size, but it present one inconvenient
is that of changing keys between the tow tiers.


Comparison And Uses

RSA : it's an asymmetric algorithm designed for
encrypting data also. Its inconvenience is that
it's too slow for large data size. It use tow keys
instead of DES which uses one shared key. One
of these keys is secret and the other is public.
The Data that is encrypted by one is decrypted
by the other but not by the same key.


Tools


Through this tutorial we will use the Openssl
tool. This tool is by default integrated in Linux.
For Windows users they should download this
tool by following this link :
http://slproweb.com/products/Win32OpenSSL.html

After the installation of openssl; whether you
add the path of openssl.exe to your system
path, our each time at the command prompt
you use the full path of openssl.exe.


Parameters Of These Algorithms


DES :
− Secret key (64 bits)
− Initialization vector (64 bits)

RSA :
− Secret key
− Secret key length
− Public key
− The modulus

TP : Test Each Algorithm (DES)


The instructions thereafter were tested under
Linux system.

DES :
To use this algorithm we have to generate first
its parameters (secret key,initialization vector).
To do so we will use /dev/urandom file and
head command.
The synopsis of each one is :




|> cat /dev/urandom | head -1 > random.bin


the result after using |> xxd random.bin to show file
content in Hex format :
0000000: 95c3 e2d9 62c9 8d24 fa03 69e7 59aa aa11 ....b..$..i.Y...


So we choose 95C3E2D962C98D24 as secret Key
and FA0369E759AAAA11 as initialization vector.

After that we can encrypt and decrypt a file.
|> Openssl enc -e -des-cbc -in inputfile -out outputfile -nosalt -K
95C3E2D962C98D24 -iv FA0369E759AAAA11 -a




-des-cbc : DES algorithm using CBC mode

-e : for encryption

-in [inputfile] : to specify input file

-out [outputfile] : to specify output file

-K XX..XX : to specify secret key 64 bits

-iv XX..XX : to specify initialization vector 64 bits

-a : encoding output file in base64 format

-nosalt : no salt will be used



For decryption we use the same command line,
we have to just change -e option by -d for
decryption.


TP : Test Each Algorithm (RSA)

The implementation of RSA follow three steps :
Generate a encrypted secret key of 1024 or
2048 length.
Generate the public key from the secret one.
To do so, we will use genrsa and rsa commands.
Synopsis of these commands is :




openssl genrsa [-out filename] [-passout arg] [-des] [-des3] [-idea]
[-f4] [-3] [-rand file(s)] [-engine id] [numbits]

openssl rsa [-inform PEM|NET|DER] [-outform PEM|NET|DER] [-in
filename] [-passin arg] [-out filename] [-passout arg] [-sgckey] [-
des] [-des3] [-idea] [-text] [-noout] [-modulus] [-check] [-pubin]
[-pubout] [-engine id]

For encryption we will use rsautl command of
following synopsis :

openssl rsautl [-in file] [-out file] [-inkey file] [-pubin] [-
certin] [-sign] [-verify] [-encrypt] [-decrypt] [-pkcs] [d-ssl] [-
raw] [-hexdump] [-asn1parse]

Lets now try this algorithm :



To generate the secret key :
|> openssl genrsa -des -out sckey.pem 2048

-des : DES which will be used to encrypt the
secret key.
-out : to specify the output file.
2048 : key length.
After Enter Key press the prompt will demand to
you to enter a phrase password.


To generate the public key :
|> openssl rsa -pubout < sckey.pem > pkey.pem

-pubout : to specify that wie want to generate a
public key from the secret one sckey.pem.
< : input flow redirection
> : output flow redirection



To encrypt data with public key :
|> openssl rsautl -encrypt -in inputfile -out outputfile -inkey pkey.pem
-pubin -a

-encrypt : for encryption.
-in : to specify input file path.
-out : to specify output file.
-inkey : key file to use.
-pubin : specify that the key specified with -inkey
is a public key. Without this options secret key
is used.

Best practice

RSA : to exchange shared secret key
DES : to encrypt data using exchanged shared
secret key.
Scenario :
Alice (sA,PA) and Bobe (sB,PB).
Alice want send data to Bobe, but it is the first
time. So they should define a shared key.


Best practice

So Alice had to generate a random 64 bits key
(DES) and an initialization vector (64 bits) and
encrypt it using the public key of Bobe P B. Then
send it to Bobe.
Bobe will receive encrypted key and will decrypt it.
At this moment its ok but he should send an
acknowledgment to Alice to tell him that he
receive the key successfully. So he should
encrypt the received key using public key of
Alice and send it to him.

Best practice

After this handshaking it is ok to exchange
encrypted that using shared secret key (64 bits).
It is recommended to use Tripe DES instead of
DES because it is more secure. To use this
algorithm in what we have seen, you can just
change -des by -des3 in RSA section and for
DES section you choose -des-ede-cbc instead
of -des-cbc.


Bibliography

http://www.openssl.org/docs/apps/enc.html
http://www.openssl.org/docs/apps/genrsa.html
http://www.openssl.org/docs/apps/rsautl.html
http://www.openssl.org/docs/apps/rsa.html


Thanks
nouni.ebachir@gmail.com


(Crypto) DES And RSA Algorithms Overview

More Related Content

What's hot

Viewers also liked

Similar to (Crypto) DES And RSA Algorithms Overview

(Crypto) DES And RSA Algorithms Overview