This is a Clilstore unit. You can .
In this part of the unit we are talking about how to make sure communications through a shared and insecure channel, like internet, where there are many bad guys, who might intercept the messages, read and modify them, and even usurp the identity of other people with evil intent.
In the activity 1, we will learn how to ensure that nobody except the legitimate receiver will read your communications using encryption
In the activity 2, we will learn how to ensure that the message has not been intercepted and modified by a third person, using digital signature
In the activiy 3, we will learn how to ensure that the sender is identified in a reliable way using certificates from an Certifying Authority
All these elements are meant to make sure the communications from a legal standpoint. This concept is also known as to provide LEGAL SECURITY to the Internet
In this activity you will learn how to use asymmetric encryption based on P.G.P. You will create a couple of public-private keys. You will exchange public keys with a classmate, and you will use your respective public keys to encrypt a secret message that only your classmate will be able to read.
This activity must be carried out between two students. So, choose a partner among your classmates.
Nowadays Internet is extremely insecure, and any information moving through the net may be intercepted by third parts. This includes confidential information as our personal data, our bank account credentials, login and passwords.
When it comes to transmit data through internet there are two big problems:
How to make sure the data travelling through a public network are hidden for anybody else safe the legitimitate receiver. This can be done encrypting the message.
How to authenticate that both, the sender and the receiver are they themselves. This is done through digital signature. We will practice the use of digital signature in activity 2
How to make sure that the document have not been intercepted, while travelling for the net, and modified by a third part. This is done through digital signature. We will practice the use of digital signature in activity 2
To encrypt is to transform a readable message in something unreadable for everybody else except the legitimate receiver. The opposite process, decryption, allows the receiver to decode the unreadable message turning it readable.
There are two types of encryption: symmetric and asymmetric.
It uses a single key that must be known by the sender and the receiver, both to encrypt and decrypt.
Symmetric encryption is simpler and easier to implement but has a serious flaw: privacy depends on the secret of the key…. If it is sent through internet we can not ensure it won't be intercepted by others compromising the message privacy
In this case we are using a couple of different but mathematically related keys (instead of one single key). Let's call them the keys A and B. Given the particular mathematical bound between A and B, something encrypted with A can only be decrypted with B and viceversa. I can not stress this point more: something encrypted with A can not even be decrypted with A. Let's call A an B public and private keys
The private key will remain secret because it will not be send through internet. The public key can be sent through internet wherever you want . It doesn't matter if it is intercepted by other persons
To exchange encrypted information from user1 to user2
Both user1 and user2 exchange their public keys
User 1 encrypts the message using user2's public key. You must keep in mind that not even user1 can decrypt the message, since something encryted with user2's public key only can be decrypted with user2's secret key which never went out his/her computer
User1 sends de message through internet
User2 decrypts the message with the his private key
Asymmetric encryption ensures privacy when the message must be transmitted through a shared channel, but it is more costly and complex than symmetric encryption
From now on, to avoid confusions we will use the terms single key encryption (SK) and public-private key encryption (PPK) instead of symmetric and asymmetric
The first thing to do is to create our first pairs of Keys. This can be done in Seahorse, but takes longer than half an hour. To get it done quicker, we will use Gnu PGP in a terminal window
Open a terminal window (Ctrl+Alt+T) or select the menu aplicaciones →accesorios → terminal
Write on the terminal the command shown in the image and press the key return
Now, write 1 and press return to select the encryption algorithm RSA
Write 2048 to set the length of the key to 2048 bytes
Write 0 so that the key never expire
Enter your personal information: full name, email (you can make it up) and a comment.
Press 'V' to go on. Input a password to protect the private key. Keep in mind that if the private key weren't protected any person who logins in your computer might be able to steal your identity
Next the key generation process will start. This is a very costly process and will take some minutes. To speed up the generation, type the keyboard and move the mouse randomly. The process will use all these actions to add up randomness to the key generation saving computing time
Finally a message tells the key has been created.
Let's see the created key in Seahorse. In the left panel click in claves gnuPG
Let's create a second key pair. But this time using Seahorse
Select the menu Archivo→Nueva in Seahorse
Select Clave PGP.
Input the a full name (make it up), email and comment. Deploy the advanced options clicking in opciones avanzadas
The default values are correct . Encryption type RSA , length ,and never expires.
Click on the button Crear. Insert a password to protect the private key. It is advisable to write a phrase key instead of a single word
And next… summon all your patience, because it'll be long. A background process will create the keys in some minuts. It might be up to half an hour. But never give up. After a long time the new key will pop up in the Seahorse keys panel
Remember the plan: The student A wants to send an encrypted secret message to B. So B must sent A his/her public key through internet. Then A will encrypt the message with B's public key and will send it to B by email. Only B will be able to decrypt the messages as long as it only can be decrypted using B's secret key, and it never went out his/her computer
Select your Key in Seahorse and select the menu archivo→exportar. This will store you public key in a .pgp file.
Send the .pgp file to your class mate by email. He/she must sent you his/her exported public key too.
Import you classmate public key. Select in Seahorse the menu archivo→ importar, next select your parter .pgp key file .The public key information will be shown as you can see in the next picture. Click In the button Importar
If the imported key isn't shown in the gnuPGP panel, select the menu option Visualiza→muestra qualquiera
Notice that the imported public key is shown next to a single key icon…..
…. while the private-public pair keys are shown next to a two keys icon. This make sense because the imported key is a single public key while the pair are two keys the public and private
First we must create the message. Search on internet a famous phrase. Open Gedit (aplicaciones→accesorios->gedit) and paste the sentence and the author. Save it in a file
Next select the secret message file in Nautilus (the Lliurex file manager). Click the right button to drop down the contextual menu and select cifrar. A new window will open showing the available public keys (our public keys and the imported public keys from others). Choose your partner's classmate public key
Done, the encrypted file is the one with .gpg extension
Next send the encrypted file to your partner by email.
Your partner in this activity should already have sent you his/her own secret message in an encrypted file. To decrypt it, select it in Nautilus, drop down the contextual menu (right mouse button) and select the menu option Abrir con descifrar fichero. Remember, he/she has encrypted the message using your public key. To decrypt it will be necessary to use your private key, and we had protected it with a password.
And then, it will be possible to open and read your partner's message
Ask your teacher to come by and assess your work
PART 2. EXCHANGE A SECRET MESSAGE WITH YOUR TEACHER
Search in internet another famous phrase. Write it in a text file using Gedit. Write down your surname and name and the famous sentence.
Save the file
You are expected to encrypt this file and send it to the teacher. So, first you have to import the teacher's public key.
Download from Moodle the teacher's public key
Import it (archivo->importar)
Encrypt the file and upload it using Moodle
Short url: http://multidict.net/cs/4508