Hash and Symmetric Encryption with OpenSSL EDAAS Solution. All Rights Reserved. Hash and Symmetric Encryption Overview The purpose of this lab is to practice different encryption algorithms with OpenSSL. You will need to use different crypto hash and symmetric encryption algorithms. Lab Environment Preparation This lab will use the pre-configured VM, server and client. If you havent set up the environment, please setup the environment and use the following credentials to log in to the virtual machine: Username: student Password: tn3duts Note: This lab can be completed with only one VM. You should complete it with the server VM. Task 1 Get familiar with Digest 1 In the terminal, go to the ~/Desktop folder and create a file containing your name and your current time. For example, to get the current time of the system and create a file for Tom, type in date Sun Mar 26 22:45:34 GMT-8 2021 echo Tom, 22:45:34, 2021/03/26 > test.txt It will create a text file with the content Tom, 22:45:34, 2021/03/26. Create a file with your name and your current time. Take a screenshot of the content of your created file and add it to your report______________. 2 OpenSSL can generate the digest of a file. To generate the sha256 hash of the file message.txt, simply type the command openssl dgst - The supported digest algorithms include md5, sha1, sha256, sha512, etc. For example, to create a sha256 digest of test.txt, simply type the command openssl dgst sha256 test.txt Take a screenshot of the output and add it to your report ___________________. Hash and Symmetric Encryption with OpenSSL EDAAS Solution. All Rights Reserved. 3 Create a digest for test.txt with sha1, md5, and sha512 respectively. Take a screenshot of the output and add it to your report ___________________. Answer the question: How many bits does each digest contain? ____________________ 4 For more information about generating digest using OpenSSL, check the instructions in https://www.madboa.com/geek/openssl/#how-do-i-createan-md5-or-sha1-digest-of-a-file to get familiar with how to generate digest (hash value) of a file. Task 2 Generating digest for files 1 Go to the ~/ExpFolder folder. You should see a file named olingo-odata2- parent-2.0.12-source-release.zip (Make sure you are in the server VM. You wont see the file in the client VM). Use OpenSSL to compute its sha512 hash value. Take a screenshot for it. ____________________ 2 The above zip file is downloaded from https://archive.apache.org/dist/olingo/odata2/2.0.12/. Discuss how you can verify the authenticity (correctness) of this file by using the generated hash value. It is preferred that you can provide a screenshot to show that you have successfully verified the file. _________________. Task 3 Get familiar with Symmetric Encryption 1. On the terminal, go back to the directory where test.txt is located. For example, suppose test.txt is located in ~/Desktop, simply type cd ~/Desktop 2. To encrypt test.txt with AES CBC mode, type in the following command. You will be asked to type in passphrase that is used to encrypt the file. openssl enc -aes-256-cbc -a -salt -in test.txt -out test.enc To decrypt test.enc, type in the following command. You will be asked to type in the passphrase that were used to encrypt the file. openssl enc -d -aes-256-cbc -a -in test.enc -out test.dec Note: You might see a warning message stating that deprecated key derivation used. It is because the OpenSSL think the default way of generating an encryption key from your passphrase is no longer safe. You need to use the pbkdf2 algorithm, which gives you a much robust Hash and Symmetric Encryption with OpenSSL EDAAS Solution. All Rights Reserved. encryption key. For more details, check https://support.1password.com/pbkdf2/ To remove the warning, use the following encryption command: openssl enc -aes-256-cbc -a -salt -pbkdf2 -iter 10000 -in test.txt -out test.enc To decrypt type in the following command: openssl enc -d -aes-256-cbc -a -pbkdf2 -iter 10000 -in test.enc - out test.dec 3. Use the nano command to view the contents of test.enc and test.dec. Take a screenshot of the output and add it to your report. ___________________. 4. Follow the link below to learn how to use AES-256 encryption algorithms to encrypt and decrypt a file: https://www.madboa.com/geek/openssl/#howdo-i-simply-encrypt-a-file. Especially study how to encrypt/decrypt without typing passphrase (i.e., the usage of the -pass parameter). Task 4 File encryption and decryption 1. Prepare two files to encrypt. The size of the first file is between 1KB and 512KB; the size of the second file is between 1MB and 512MB; You can find a word document, which is usually between 1K and 512K. You can download project packages from https://www.apache.org, which are mostly between 1M and 512MB. If its difficult to find the files that meet the requirements, you can just use the files in the directory ~/Documents. The size of smallfile is 103KB, while the size of bigfile is 99MB. 2. Test the time overhead of various encryption algorithms through the time command. The purpose of the time command is to measure the time and system resources required to execute a specific command. Use this form to measure the time overhead time [options] COMMAND [arguments] The example below executes the command "time date" (see line 1). The system will execute the command "date" first, and the second line is the execution result of the command "date". Lines 3-6 are the time statistics of the execution of the command "date". Line 4 "real" is the actual time, line 5 "user" is the user CPU time, and line 6 sys" is the system CPU time. Hash and Symmetric Encryption with OpenSSL EDAAS Solution. All Rights Reserved. 1. time date 2. Sun Mar 26 22:45:34 GMT-8 2006 3. 4. real 0m0.136s 5. user 0m0.010s 6. sys 0m0.070s (1) To measure the time of encryption with AES256CBC, you can use the following commands: a) Encryption command: time openssl enc -aes-256-cbc -a -salt -pbkdf2 -iter 10000 -in file -out file.enc pass pass:myPassword b) Decryption command: time openssl enc -d -aes-256-cbc -a -pbkdf2 -iter 10000 -in file.enc -out file.dec pass pass:myPassword NOTE: the command myPassword can be replaced with your own password. (2) Encrypt and decrypt two files prepared in Task 4.1 with AES256CBC encryption algorithm. Make sure to use the "-pass" option so that you don't have to manually type in passphrase. Record the time used for encryption and decryption through the above forms of testing. Fill in the following table. Encryption Algorithm File Size Range File Name File Size Encrypt Command Encrypt Time Decrypt Command Decrypt Time AES256 1KB512KB 1MB512MB (3) For each command in the above table, take a screenshot of the command and the output in the terminal_________________. 3. Test the usage of system resources when encrypting and decrypting data (1) Of course, you can also test the actual resource consumption of encryption algorithms, such as CPU usage, memory usage, and I/O throughput, for example, below commands will print out resource consumption of AES256CBC. Here are some tips that help you to read different resource consumption based on the output of /usr/bin/time. Percent of CPU this job got: CPU usage Maximum resident set size (kbytes): memory usage File system inputs: number of filesystem inputs by the process File system outputs: number of filesystem outputs by the process Hash and Symmetric Encryption with OpenSSL EDAAS Solution. All Rights Reserved. a) Encryption command: /usr/bin/time v openssl enc -aes-256-cbc -salt in file -out file.enc pass pass:myPassword b) Decryption command: /usr/bin/time -v openssl enc d -aes-256-cbc in file.enc out file.dec pass pass:myPassword NOTE: the command myPassword can be replaced with your own password. (2) Encrypt two files prepared in Task 4.1 with AES256 encryption algorithm. Make sure to use the "-pass" option so that you don't have to manually type in passphrase. Record the resource used for encryption and decryption through the above forms of testing. Fill in the following tables. Encryption Algorithm File Size Range File Name File Size Encryption Command CPU usage memory usage I/O throughput AES256 1KB512KB 1MB512MB Decryption Algorithm File Size Range File Name File Size Decryption Command CPU usage memory usage I/O throughput AES256 1KB512KB 1MB512MB (3) For each command in the above table, take a screenshot of the command and the output in the terminal ___________________. 4. Reflection: Answer the following questions based on your measurements of above commands: a) When the file size increases, how does the encryption time change? Why? _________________ Hash and Symmetric Encryption with OpenSSL EDAAS Solution. All Rights Reserved. b) When the file size increases, how does the decryption time change? Why? __________________ c) With the same file, will encryption take longer time than decryption? Why? __________________ d) When the file size increases, how does the CPU usage change? Why? _____________________ e) When the file size increases, how does the memory usage change? Why? _________________ f) When the file size increases, how does the I/O throughput change? Why? ____________________

please help i am having problem with this