From 5f865513f7e3e1b2b14dab3e8a693f106303f9c3 Mon Sep 17 00:00:00 2001 From: Rick Sprague Date: Mon, 26 Aug 2024 21:21:46 -0400 Subject: [PATCH] encryption demo --- encryption_demo/README.txt | 9 +++++ encryption_demo/dec/message_dec.txt | 1 + encryption_demo/dec/signature_dec.sig | 3 ++ encryption_demo/dec/symmetric_dec.key | 1 + encryption_demo/enc/message_enc.txt | 2 + encryption_demo/enc/signature_enc.txt | Bin 0 -> 288 bytes encryption_demo/enc/symmetric_enc.key | Bin 0 -> 256 bytes encryption_demo/keys/alice_private.pem | 27 +++++++++++++ encryption_demo/keys/alice_public.pem | 9 +++++ encryption_demo/keys/bob_private.pem | 27 +++++++++++++ encryption_demo/keys/bob_public.pem | 9 +++++ encryption_demo/keys/ken_private.pem | 27 +++++++++++++ encryption_demo/keys/ken_public.pem | 9 +++++ encryption_demo/msg/message.sig | 3 ++ encryption_demo/msg/message.txt | 1 + encryption_demo/msg/symmetric.key | 1 + encryption_demo/test.bash | 53 +++++++++++++++++++++++++ 17 files changed, 182 insertions(+) create mode 100644 encryption_demo/README.txt create mode 100644 encryption_demo/dec/message_dec.txt create mode 100644 encryption_demo/dec/signature_dec.sig create mode 100644 encryption_demo/dec/symmetric_dec.key create mode 100644 encryption_demo/enc/message_enc.txt create mode 100644 encryption_demo/enc/signature_enc.txt create mode 100644 encryption_demo/enc/symmetric_enc.key create mode 100644 encryption_demo/keys/alice_private.pem create mode 100644 encryption_demo/keys/alice_public.pem create mode 100644 encryption_demo/keys/bob_private.pem create mode 100644 encryption_demo/keys/bob_public.pem create mode 100644 encryption_demo/keys/ken_private.pem create mode 100644 encryption_demo/keys/ken_public.pem create mode 100644 encryption_demo/msg/message.sig create mode 100644 encryption_demo/msg/message.txt create mode 100644 encryption_demo/msg/symmetric.key create mode 100755 encryption_demo/test.bash diff --git a/encryption_demo/README.txt b/encryption_demo/README.txt new file mode 100644 index 0000000..5a639c6 --- /dev/null +++ b/encryption_demo/README.txt @@ -0,0 +1,9 @@ +1. This simply generates keys for alice bob and ken. +2. encrypt a simple message bob to alice. +3. include bob's signature +4. to send a larger message use AES. Generate a symmetric key using RSA keys +5. encrpyt using AES +6. alice decrypts +7. alice verifies it's from bob - which it should +8. alice verifies it's from ken - which isn't shouldn't. + diff --git a/encryption_demo/dec/message_dec.txt b/encryption_demo/dec/message_dec.txt new file mode 100644 index 0000000..5858951 --- /dev/null +++ b/encryption_demo/dec/message_dec.txt @@ -0,0 +1 @@ +Hello, Alice! This is a secure message from Bob. diff --git a/encryption_demo/dec/signature_dec.sig b/encryption_demo/dec/signature_dec.sig new file mode 100644 index 0000000..f478631 --- /dev/null +++ b/encryption_demo/dec/signature_dec.sig @@ -0,0 +1,3 @@ + M#}obڲzE)@SUf.:Z7Mss~RHeq)Roՙ4{!fր6u`eBVւ-cǰm53ChuQ^a7Y'.ʐ>>FM-nFR_c7^-`%C11cY2/9b,ހc`hf +bdeEɠW"rݚLcbwܴ3h x%{K +F$C( \ No newline at end of file diff --git a/encryption_demo/dec/symmetric_dec.key b/encryption_demo/dec/symmetric_dec.key new file mode 100644 index 0000000..2e5ff21 --- /dev/null +++ b/encryption_demo/dec/symmetric_dec.key @@ -0,0 +1 @@ +aJR0q9lCufbOArmSxaz2HrzN0lkKbhv3oUSXfcWzEeA= diff --git a/encryption_demo/enc/message_enc.txt b/encryption_demo/enc/message_enc.txt new file mode 100644 index 0000000..2187a14 --- /dev/null +++ b/encryption_demo/enc/message_enc.txt @@ -0,0 +1,2 @@ +Salted__  +~6yKaQ rk8tk9H5dU:!&+n <zz*R@$ҨeWH[~=̝ \ No newline at end of file diff --git a/encryption_demo/enc/signature_enc.txt b/encryption_demo/enc/signature_enc.txt new file mode 100644 index 0000000000000000000000000000000000000000..0c56deef70d0a36f83da13681ed666bb610df739 GIT binary patch literal 288 zcmV+*0pI>pVQh3|WM5w^DOG7nf7pA;**DCwX`@;-Qh?%k3W8DS9%JOReS`}(h?vWR z+w|(Tkabl_r^WbhOS4qfr#}F*M6@Ebp^!<^Ilpj)9lJ22dfd?hdIJ!#HA@>F9o4-j zz){^lnMD+L}PEc=nM!|`U# zh*UY02!NG6oFHmCn zDw3rPn|@G=H4lam)|Zf{ZM-xrS!G^x2DEA0Nh?5AsB>!dr>qz^l+t+k7bie mg9+Ol?6vUlSg-M|EFcBOG+a+!IqUgXyb3x*A(^F;fcSd}xsUb$ literal 0 HcmV?d00001 diff --git a/encryption_demo/enc/symmetric_enc.key b/encryption_demo/enc/symmetric_enc.key new file mode 100644 index 0000000000000000000000000000000000000000..e1f739edf220269641696801d409a68ba144829e GIT binary patch literal 256 zcmV+b0ssDfxZ~LaubAY4#Ba-6%nhSu@hUMZ4aWu+#}yDMyr6rg7=|JWl(o*Rq4z4$klw0`vu4*NJH3`r`o%z2LXUoV47$Q`r968Ee6@>N4I&)4 z%!(b*0IunTJkAMb_?7=^OG_%!tPX0e)>AM8yWBQNA}T8v{+bXyLPkx#K&7?h6lTDD zlCrAb<}gw~lJ)dP;I@X-sw|N5Db1)|=(x_uhodOEK-N!@36tU!%{bGC0qyFl@3BMM zEt)lPi9r|C(*OKt)&?eP)!G=tB3ve5l#<`#(B|JhB7ulL2zOk=+{71I7}>FM-nFR_c7^-`%C11cY2/9b,ހc`hf +bdeEɠW"rݚLcbwܴ3h x%{K +F$C( \ No newline at end of file diff --git a/encryption_demo/msg/message.txt b/encryption_demo/msg/message.txt new file mode 100644 index 0000000..5858951 --- /dev/null +++ b/encryption_demo/msg/message.txt @@ -0,0 +1 @@ +Hello, Alice! This is a secure message from Bob. diff --git a/encryption_demo/msg/symmetric.key b/encryption_demo/msg/symmetric.key new file mode 100644 index 0000000..2e5ff21 --- /dev/null +++ b/encryption_demo/msg/symmetric.key @@ -0,0 +1 @@ +aJR0q9lCufbOArmSxaz2HrzN0lkKbhv3oUSXfcWzEeA= diff --git a/encryption_demo/test.bash b/encryption_demo/test.bash new file mode 100755 index 0000000..9eaec22 --- /dev/null +++ b/encryption_demo/test.bash @@ -0,0 +1,53 @@ +#!/bin/bash + +# Generate RSA key pairs for Alice, Bob, and Ken +echo "Generate keys" +openssl genrsa -out keys/alice_private.pem 2048 +openssl rsa -in keys/alice_private.pem -pubout -out keys/alice_public.pem + +openssl genrsa -out keys/bob_private.pem 2048 +openssl rsa -in keys/bob_private.pem -pubout -out keys/bob_public.pem + +openssl genrsa -out keys/ken_private.pem 2048 +openssl rsa -in keys/ken_private.pem -pubout -out keys/ken_public.pem + +# Create a simple message file +echo "Hello, Alice! This is a secure message from Bob." > msg/message.txt + +echo "Signing" +# Bob signs the message +openssl dgst -sha256 -sign keys/bob_private.pem -out msg/message.sig msg/message.txt + +echo "Encrypt" +# Generate a symmetric AES key +openssl rand -base64 32 > msg/symmetric.key + +# Encrypt the message and the signature with the symmetric key +openssl enc -aes-256-cbc -salt -pbkdf2 -iter 100000 -in msg/message.txt -out enc/message_enc.txt -pass file:msg/symmetric.key +openssl enc -aes-256-cbc -salt -pbkdf2 -iter 100000 -in msg/message.sig -out enc/signature_enc.txt -pass file:msg/symmetric.key + +# Encrypt the symmetric key with Alice's public RSA key +openssl rsautl -encrypt -inkey keys/alice_public.pem -pubin -in msg/symmetric.key -out enc/symmetric_enc.key + +echo "Decrypt" +# Alice decrypts the symmetric key with her private RSA key +openssl rsautl -decrypt -inkey keys/alice_private.pem -in enc/symmetric_enc.key -out dec/symmetric_dec.key + +# Alice decrypts the message and the signature with the symmetric key +openssl enc -d -aes-256-cbc -pbkdf2 -iter 100000 -in enc/message_enc.txt -out dec/message_dec.txt -pass file:dec/symmetric_dec.key +openssl enc -d -aes-256-cbc -pbkdf2 -iter 100000 -in enc/signature_enc.txt -out dec/signature_dec.sig -pass file:dec/symmetric_dec.key + +echo "Verify" +# Alice verifies the signature from Bob +if openssl dgst -sha256 -verify keys/bob_public.pem -signature dec/signature_dec.sig dec/message_dec.txt; then + echo "Signature verification successful: The message is from Bob." +else + echo "Signature verification failed: The message is not from Bob." +fi + +# Attempt to verify the message as if it came from Ken +if openssl dgst -sha256 -verify keys/ken_public.pem -signature dec/signature_dec.sig dec/message_dec.txt; then + echo "Signature verification false positive: The message is from Ken." +else + echo "Signature verification correctly failed: The message is not from Ken." +fi