Master Cybersecurity | Next Step Group

Workshop1: Cryptography with OpenSSL

Basic Principles of Information Security
─

Realized By
Rayhane Gouissem
=> Please note that I worked on an online kali environment to realize this workshop because I
have trouble opening the Virtual machine.
Here is the link for the online environment just for integrity measures:
https://www.onworks.net/os-distributions/debian-based/free-kali-linux-online

Objectives
The objective of this lab is to acquaint you with the basic services of security, particularly
symmetric and asymmetric encryption. These practical exercises are based on the OpenSSL
software suite. OpenSSL is a cryptographic toolkit implementing the SSL and TLS protocols,
providing a C programming library to create secure client/server applications relying on
SSL/TLS.

1.Symmetric Encryption
Symmetric encryption is a method of encryption where the same key is used for both
encrypting and decrypting the data. It's like using the same secret code to lock and unlock a
message.

1.1. RC4 Algorithm

● What is the RC4 algorithm?
RC4 (Rivest Cipher 4) is a stream cipher algorithm designed by Ron Rivest in 1987. It is
known for its simplicity and speed in generating a pseudorandom key stream, which is then
XORed with the plaintext to produce the ciphertext. RC4 has been widely used in various
cryptographic protocols and applications, including TLS (Transport Layer Security) for
securing internet communication.
The key stream generation involves a permutation of a fixed set of values in the algorithm,
creating a stream of pseudo random bytes. The simplicity and speed of RC4 make it
 Master Cybersecurity | Next Step Group

efficient for certain applications, but vulnerabilities have led to its deprecation in favor of
more secure encryption algorithms.

● Working with RC4 on Kali Linux

A. Creating a file with plain text to encrypt later. We will use the “gedit”
command

B. Encrypting the plain text contained in the file created earlier using the RC4
algorithm.
Here is the general command to encrypt.
#openssl enc encalgo –in input_file –out output_file
Everything in the previous command written in italic, bold and green are the things
we will replace with our own needs
> encalgo : the encryption algorithm that we want to use.
> input_file : the file containing the plain text that we want to encrypt, in our case it
is the “file_rayhane” file created previously.
> output_file : is the file where the result of encryption will be automatically saved in.

OpenSSL allows us to input a password: given the password, OpenSSL derives an

encryption key.
 Master Cybersecurity | Next Step Group

C. Decrypting the encrypted file.

We will be using the same command used for encrypting by just adding the “-d” option
after naming the wanted algorithm. This option will allow us to decrypt our file

D. Comparing the original plain text file “file_rayhane” and the decrypted file
obtained at the end “denc_result_rc4”.

If the files "file_rayhane" and "denc_result_rc4" are identical, the diff command will not produce
any output, and the terminal will remain silent. The diff command is used to compare the
contents of two files, and if there are no differences, it doesn't display anything.
As shown the terminal gave nothing as an output which means both our files are
successfully identical.

1.2. DES
● What is DES encryption?
DES (Data Encryption Standard) is a symmetric-key block cipher algorithm that was widely
used for secure data encryption. It was developed by IBM in the 1970s and later adopted as
a federal standard in the United States. DES operates on fixed-size blocks of data (64 bits)
and uses a secret key for both encryption and decryption.

Key features of DES include:

1. Block Size: Operates on 64-bit blocks of data.

2. Key Length: Uses a 56-bit key for encryption and decryption. However, due to
advances in computing power and the vulnerability of a 56-bit key to brute-force
attacks, DES is considered insecure by modern standards.
3. Feistel Network Structure: DES uses a Feistel network structure, where the data
block is divided into two halves, and multiple rounds of processing are applied to
each half.
4. Rounds: DES consists of 16 rounds of encryption for each block of data.
 Master Cybersecurity | Next Step Group

● Working with DES on kali linux

A. Encrypting the plain text

=> -k 0123456789ABCDEF: Specifies the key for encryption. In this case, the key is
"0123456789ABCDEF."
B. Decrypting the encrypted file obtained

C. Comparing the plain text to the decrypted file.

2. Comparing DES and RC4

 Master Cybersecurity | Next Step Group

3. Asymmetric encryption
Asymmetric encryption is a method where a pair of keys (public and private) is used to
perform two different yet related operations: the public key is used for encryption, and the
private key is used for decryption. It enables secure communication and digital signatures
without sharing the private key.

2.1. Generation of RSA Private/Public Key

In OpenSSL, the generated RSA keys are stored in a file with the extension ".pem" (Privacy
Enhanced Mail).

RSA, or Rivest-Shamir-Adleman, is a widely used asymmetric cryptographic algorithm for

secure communication and digital signatures. It involves a pair of keys: a public key for
encryption and a private key for decryption. The security of RSA relies on the difficulty of
factoring the product of two large prime numbers. It is commonly employed in secure
protocols like SSL/TLS for web encryption, PGP for email security, and digital signatures for
data integrity and authentication.

A. Generate a key pair with a size of 1024 bits and store it in the file "rsakey.pem."

B. Display the file.

 Master Cybersecurity | Next Step Group

The output of “cat rsakey.pem” is likely not human-readable because an RSA private key, as
generated by the openssl “genrsa” command, is typically in a binary format. The contents of
the file are not meant to be easily readable by a person.

You will see the details of the RSA private key. This may include information such as the
modulus, public exponent, private exponent, and other parameters that define the RSA
key.

C. One way to view the keys in full format is to use the rsa command. Display the keys
in hexadecimal format, excluding the output normally generated by the “rsa “
instruction.

=> --text: This option instructs OpenSSL to output the key in text form.

=> -noout: This option tells OpenSSL not to output the encoded version of the key.
 Master Cybersecurity | Next Step Group

D. Extract the public key from the private key and save the result in the file
"rsapubkey.pem."

2.2.Encryption of the RSA key by the algorithm

We will now use the AES256 algorithm to encrypt the private key.

AES256, or Advanced Encryption Standard with a key size of 256 bits, is a symmetric encryption
algorithm widely used for securing sensitive data. It is a block cipher, meaning it processes data
in fixed-size blocks, and it operates on blocks of 128 bits.

2.3.Encryption/decryption of data with RSA

A. Encrypting the “file_rayhane” using the rsa algorithm and the key we generated
earlier.

“rsautl” is a command-line tool provided by OpenSSL for performing RSA encryption, decryption,
and key operations. It allows users to work with RSA keys and perform cryptographic operations
using those keys from the command line
B. Decrypting the encrypted file

C. Comparing the first original plain text to the last decrypted text

The original plain text is identical to our final decrypted output.

 Master Cybersecurity | Next Step Group

4. comparing symmetric & asymmetric encryption