Professional Documents
Culture Documents
Fall 2023
Step 1:
Downloading openssl for window and setting the environmental path in
settings.
Q1. Create a secure communication channel between two users, Alice and Bob using symmetric key
cryptography; openssl commands.
Answer:
On Alice side :
1) openssl rand -base64 32 > symmetric_key.txt
This command generates a random 32 byte or 256 bits with base 64 encoded key
and that is being stored in symmetric_key.txt
This is just to add the message that is "Hello Bob, this is Alice." In message.txt.
This command is encrypting the message file using the symmetric_key.txt and writing the
output in encrypted_message,.enc file.
Aes-256-cbc => this part is the algorithm used in the encryption i.e. AES with a 256-bit key and cbc is
the mode in which it is running.
-in => this specifies the input file that is written next to it.
-out => shows the output file that iss written next to it.
-pass file: => this specifies the password source as a file i.e. in this case is symmetric key file that is
being used for encryption.
type encrypted_message.enc
on Bob side :
-d => by adding this we specify that we are decrypting and not encrypting.
5) type decrypted_message.txt
Note: You are supposed to create a report detailing all your working in it such as code explanation,
images, resource links etc.
Potential Resources:
This command creates a private key for a certificate authority and it uses RSA algo
Req => this creates a certificate signing request (CSR) or a self signed certificate.
-x509 => specifies that the output should be a self signed x509 certificate.
This command creates a private key for a certificate authority and it uses RSA algo
on alice side :
This command is used to generate a Certificate Signing Request (CSR) for Alice,for the
purpose of obtaining a digital certificate from a Certificate Authority (CA).
Req => this creates a certificate signing request (CSR) or a self signed certificate.
5) openssl x509 -req -in alice.csr -CA ca_certificate.pem -CAkey ca_private.key -out
alice_certificate.pem –Cacreateserial
This command is used to sign a (CSR) with a Certificate Authority and generate a digital
certificate for Alice
-CAcreateserial => Specifies that a serial number file (.srl) should be created by the CA for the
certificate.
This is used to perform public key encryption on a message using bobs public key.
-inkey => Specifies Bob's public key file. As the input for the encryption.
8) type encrypted_message.enc
on bob side:
openssl x509 -req -in bob.csr -CA ca_certificate.pem -CAkey ca_private.key -out bob_certificate.pem
–Cacreateserial
same as alice explained above.just here the change is the keyword –decrypt because bob is
decrypting the file.
type decrypted_message.txt