Assignment -4

Information Security G3,G5

Fall 2023

Name : Hassan Jamshaid

Registration number: L1F20BSCS0138
Section : G5

Step 1:
Downloading openssl for window and setting the environmental path in
settings.
Q1. Create a secure communication channel between two users, Alice and Bob using symmetric key
cryptography; openssl commands.
Answer:

Commands used and there explaiantion:

On Alice side :
1) openssl rand -base64 32 > symmetric_key.txt

This command generates a random 32 byte or 256 bits with base 64 encoded key
and that is being stored in symmetric_key.txt

Rand => keyword for random.

> => this is storing that random key in the file.

2) echo "Hello Bob, this is Alice." > message.txt

This is just to add the message that is "Hello Bob, this is Alice." In message.txt.

Echo=> this means writing something in this case the file.

3) openssl enc -aes-256-cbc -salt -in message.txt -out encrypted_message.enc -pass

file:symmetric_key.txt

This command is encrypting the message file using the symmetric_key.txt and writing the
output in encrypted_message,.enc file.

Openssl enc => this indicates openssl encryption command.

Aes-256-cbc => this part is the algorithm used in the encryption i.e. AES with a 256-bit key and cbc is
the mode in which it is running.

-salt => adding this adds additional security to the encryption.

-in => this specifies the input file that is written next to it.

-out => shows the output file that iss written next to it.

-pass file: => this specifies the password source as a file i.e. in this case is symmetric key file that is
being used for encryption.

type encrypted_message.enc

on Bob side :

4) openssl enc -d -aes-256-cbc -in encrypted_message.enc -out decrypted_message.txt -pass

file:symmetric_key.txt

this command is used by bob to decrypt the encrypted file.

-d => by adding this we specify that we are decrypting and not encrypting.

Else are same as explained in 3rd point.

5) type decrypted_message.txt

This is used to show the decrypted message on cmd.

Q2. Create a secure communication channel between two users, Alice and Bob using Asymmetric
key cryptography ; use openssl commands. Create CA, users Alice and Bob. CA will issues certificates
to Alice and Bob which will exchanged later between Alice and Bob to share their public with
another; and then they establish secure communication to send and receiver encrypted messages

Note: You are supposed to create a report detailing all your working in it such as code explanation,
images, resource links etc.

Potential Resources:

BIBLIOGRAPHY Dancuk, M. (2022, May 24). Retrieved from https://phoenixnap.com:

https://phoenixnap.com/kb/nc-command#:~:text=The%20Netcat%20(%20nc
%20)%20command%20is,%2C%20ncat%20%2C%20and%20others).

Gordon, D. S. (2014, Nov 3). https://sandilands.info. Retrieved from

https://sandilands.info/sgordon/diffie-hellman-secret-key-exchange-with-openssl

Ramanujam, S. (2023, Sept 4). Retrieved from https://www.baeldung.com:

https://www.baeldung.com/linux/netcat-file-sharing#:~:text=Now%2C%20in%20order
%20to%20receive,to%20send%20the%20desired%20file.&text=Likewise%2C%20the%20%3E
%20operator%20is%20used,ve%20successfully%20transferred%20the
%20sample_file_transfer.
Answer:
Commands used:

1) openssl genpkey -algorithm RSA -out ca_private.key

This command creates a private key for a certificate authority and it uses RSA algo

Genpkey => this keyword is to generate private key

RSA =>algo used

-out => specifies output file.

2) openssl req -new -x509 -key ca_private.key -out ca_certificate.pem

This command generates a self-signed certificate for a certificate authority.

Req => this creates a certificate signing request (CSR) or a self signed certificate.

-new => specifies that a new CSR is created.

-x509 => specifies that the output should be a self signed x509 certificate.

3) openssl genpkey -algorithm RSA -out alice_private.key

This command creates a private key for a certificate authority and it uses RSA algo

Genpkey => this keyword is to generate private key

RSA =>algo used

-out => specifies output file.

on alice side :

4) openssl req -new -key alice_private.key -out alice.csr

This command is used to generate a Certificate Signing Request (CSR) for Alice,for the
purpose of obtaining a digital certificate from a Certificate Authority (CA).

Req => this creates a certificate signing request (CSR) or a self signed certificate.

-new => specifies that a new CSR is created

-out => specifies output file.

5) openssl x509 -req -in alice.csr -CA ca_certificate.pem -CAkey ca_private.key -out
alice_certificate.pem –Cacreateserial

This command is used to sign a (CSR) with a Certificate Authority and generate a digital
certificate for Alice
-CAcreateserial => Specifies that a serial number file (.srl) should be created by the CA for the
certificate.

6) echo "hi there from alice">plaintext.txt

THIS IS USED TO WRITE MESSAGE INTO MESSAGE FILE

7) openssl pkeyutl -encrypt -pubin -inkey bob_private.key -in plaintext.txt -out

encrypted_message.enc

This is used to perform public key encryption on a message using bobs public key.

Pkeyutl => initiates the command for public key operation.

-encrypt => states that we are encrypting.

-inkey => Specifies Bob's public key file. As the input for the encryption.

-in => specifies input

-out => specifies output

8) type encrypted_message.enc

This displays the content of encrypted message file on cmd.

on bob side:

openssl genpkey -algorithm RSA -out bob_private.key

same as alice explained above.

openssl req -new -key bob_private.key -out bob.csr

same as alice explained above.

openssl x509 -req -in bob.csr -CA ca_certificate.pem -CAkey ca_private.key -out bob_certificate.pem
–Cacreateserial

same as alice explained above.

openssl pkeyutl -decrypt -inkey bob_private.key -in encrypted_message.enc -out

decrypted_message.txt

same as alice explained above.just here the change is the keyword –decrypt because bob is
decrypting the file.

type decrypted_message.txt

used to show output on screen .