CS 314: Applied Cryptography

Lab 2: Secret Key Encryption Lab

RSA Public-Key Encryption and Signature Lab

In this lab, students will
• gain hands-on experiences on the RSA algorithm.
• Understand RSA by requiring them to go through every essential step of the RSA
algorithm on actual numbers
This lab particularly aims at implementing the RSA algorithm using the C program language.

Table of Contents
Overview................................................................................................................ 2
Task 1: A Complete Example of BIGNUM............................................................................2
Task 2: Deriving the Private Key...........................................................................................3
Task 3: Encrypting a Message...............................................................................................5
Task 4: Decrypting a Message..............................................................................................6
Task 5: Signing a Message.....................................................................................................6
Task 6: Verifying a Signature..................................................................................8
Task 7: Manually Verifying an X.509 Certificate...............................................................9
Submission .............................................................................................................................10

1
PES University Department of CSE
CS 314: Applied Cryptography
Lab 2: Secret Key Encryption Lab

Overview

RSA (Rivest–Shamir–Adleman) is one of the first public-key cryptosystems and is widely

used for secure communication. The RSA algorithm first generates two large random prime
numbers, and then use them to generate public and private key pairs, which can be used to
do encryption, decryption, digital signature generation, and digital signature verification.
The RSA algorithm is built upon number theories, and it can be quite easily implemented
with the support of libraries.
The learning objective of this lab is for students to gain hands-on experiences on the
RSA algorithm. From lectures, students should have learned the theoretic part of the RSA
algorithm, so they know mathematically how to generate public/private keys and how to
perform encryption/decryption and signature generation/verification. This lab enhances
student’s understanding of RSA by requiring them to go through every essential step of the
RSA algorithm on actual numbers, so they can apply the theories learned from the class.
Essentially, students will be implementing the RSA algorithm using the C program language.
The lab covers the following security-related topics:
• Public-key cryptography
• The RSA algorithm and key generation
• Big number calculation
• Encryption and Decryption using RSA
• Digital signature
• X.509 certificate
Readings and videos. Detailed coverage of the public-key cryptography can be found in the
following:
• Chapter 23 of the SEED Book, Computer & Internet Security: A Hands-on Approach, 2nd
Edition, by Wenliang Du. See details at https://www.handsonsecurity.net.

Lab Tasks
Task 1: A Complete Example of BIGNUM
The program below shows a complete example of BIGNUM. This program uses three
BIGNUM variables, a, b, and n; and then compute a ∗ b and (a b mod n).

2
PES University Department of CSE
CS 314: Applied Cryptography
Lab 2: Secret Key Encryption Lab

Commands
Execute the following command to compile the above program
$gcc -o task1 task1.c -lcrypto
$./task1

Give your observation with screen shot along with full plaintext.

Task 2: Deriving the private key

The objective of this task is to derive private key. Given are the hexadecimal values of p, q,
e, and public key pair (e,n).

3
PES University Department of CSE
CS 314: Applied Cryptography
Lab 2: Secret Key Encryption Lab

Commands:
$gcc -o task2 task2_derivepk.c -lcrypto
$./task2

Give your observation with screen shot

4
PES University Department of CSE
CS 314: Applied Cryptography
Lab 2: Secret Key Encryption Lab

Task 3: Encrypting a message

The objective of this task is to encrypt a given message. Given are the hexadecimal values of
n, e, M. the value of “d” is also given to verify the result.

Step1: convert the ASCII string to a hex string

Command:
$python -c ‘print(“A top secret!”.encode(“hex”))’

Give your observation with screen shot.

Step2: Execute the below program to encrypt the message M and verify it by decrypting it.

Commands
$gcc -o task3 task3.c -lcrypto
$./task3

Step 3: convert the hex value to ASCII code

5
PES University Department of CSE
CS 314: Applied Cryptography
Lab 2: Secret Key Encryption Lab

$python -c print(“//task 3 output hex value”.decode(“hex”))’

Give your observation with screen shot.

Task 4: Decrypting a message

The objective of this task is to decrypt a given ciphertext. given are the hexadecimal values of n, e, d
from the above task

Commands
$gcc -o task4 task4.c -lcrypto
$./task4
Give your observation with screen shot.

Task 5: Signing a Message

The objective of this task is to generate a signature for the following message. Use the
public/private key set from task3
M= “I owe you $2000.”

6
PES University Department of CSE
CS 314: Applied Cryptography
Lab 2: Secret Key Encryption Lab

step1: generate hex for M

Commands
$python -c ‘print(“I owe you $2000.”.encode(“hex”)’

step2: Execute the following program to generate signature of the given message. Using the
signing algorithm M^d mod n

Commands:
$gcc -o task5 task5.c -lcrypto
$./task5

Step3: execute the step 1 and 2 for message “I owe $3000”

Give your observation with screen shot.

Task 6: Verifying a Signature

The objective of this task is to verify if the signature received by Bob is Allice’s or not. Given
are the Message M, signature S, Allice public key e and n.

7
PES University Department of CSE
CS 314: Applied Cryptography
Lab 2: Secret Key Encryption Lab

Commands
$gcc -o task6 task6.c -lcrypto
$./task6
$python -c ‘print(“//output of task6”.decode(“hex”))’

Give your observation with screen shot.

Task 7: Manually verifying an X.509 Certificate

The objective of this task is to verify the signature of a public key certificate from a server
and show that the signature matches.
To verify that a certificate was signed by a specific certificate authority we need the
following details
1. public key of the certificate authority (issuer).
2. signature and algorithm used to generate signature from the server’s certificate.

Step 1: download the certificate

Command:
$ openssl s_client -connect www.example.org:443 -showcerts

8
PES University Department of CSE
CS 314: Applied Cryptography
Lab 2: Secret Key Encryption Lab

Copy server certificate to c0.pem file and root certificate of the issuer to c1.pem
Give your observation with screen shot.

Step 2: Extract the public key (e, n) from the issuer’s certificate. Openssl provides commands
to extract certain attributes from the x509 certificates. We can extract the value of n using -
modulus. There is no specific command to extract e, but we can print out all the fields and
can easily find the value of e.

Commands
For modulus (n):
$ openssl x509 -in c1.pem -noout -modulus
Print out all the fields, find the exponent (e):
$ openssl x509 -in c1.pem -text -noout |grep "Exponent"
Give your observation with screen shot.

Step 3: Extract the signature from the server’s certificate. There is no specific
opensslcommand to extract the signature field. However, we can print out all the fields and
then copy and paste the signature block into a file (note: if the signature algorithm used in
the certificate is not based on RSA, you can find another certificate).
Commands
$openssl x509 -in c0.pem -text -noout
//extract only the signature part and paste it in signature file
$ cat signature | tr -d ’[:space:]:’

Give your observation with screen shot.

Step 4: Extract the body of the server’s certificate.
A Certificate Authority (CA) generates the signature for a server certificate by first
computing the hash of the certificate, and then sign the hash. To verify the signature, we
also need to generate the hash from a certificate. Since the hash is generated before the
signature is computed, we need to exclude the signature block of a certificate when
computing the hash. Finding out what part of the certificate is used to generate the hash is
quite challenging without a good understanding of the format of the certificate. X.509
certificates are encoded using the ASN.1 (Abstract Syntax Notation.One) standard, so if we
can parse the ASN.1 structure, we can easily extract any field from a certificate. Openssl has
a command called asn1parse, which can be used to parse a X.509 certificate.

Commands:
$ openssl asn1parse -i -in c0.pem -strparse 4 -out c0_body.bin -noout
$ sha256sum c0_body.bin

Give your observation with screen shot.

9
PES University Department of CSE
CS 314: Applied Cryptography
Lab 2: Secret Key Encryption Lab

step 5: Verify the signature. Now we have all the information, including the CA’s public key,
the CA’s signature, and the body of the server’s certificate. We can run our own program to
verify whether the signature is valid or not. Openssl does provide a command to verify the
certificate for us, but students are required to use their own programs to do so, otherwise,
they get zero credit for this task.

$gcc task6_verify_sig_example.c -lcrypto

$ ./a.out
Submission

You need to submit a detailed lab report to describe what you have done and what you have
observed, including screenshots and code snippets. You also need to provide explanation to the
observations that are interesting or surprising. You are encouraged to pursue further investigation,
beyond what is required by the lab description. Please submit in word or PDF format only.

10
PES University Department of CSE