(Crypto) DES And RSA Algorithms Overview
Download as PPT, PDF6 likes14,308 views
This document provides an overview of the DES and RSA encryption algorithms. DES is a symmetric algorithm that is fast for large data sizes but requires securely exchanging keys, while RSA is an asymmetric algorithm that is slower for large data sizes but uses public/private key pairs to encrypt and decrypt. The document then demonstrates implementing DES and RSA encryption using the OpenSSL tool, including generating keys, encrypting and decrypting files, and best practices for key exchange between two parties.
![TP : Test Each Algorithm (DES)
-des-cbc : DES algorithm using CBC mode
-e : for encryption
-in [inputfile] : to specify input file
-out [outputfile] : to specify output file
-K XX..XX : to specify secret key 64 bits
-iv XX..XX : to specify initialization vector 64 bits
-a : encoding output file in base64 format
-nosalt : no salt will be used
03/01/2013 NOUNI El Bachir 8](https://image.slidesharecdn.com/desandrsaoverview-130104052301-phpapp01/85/Crypto-DES-And-RSA-Algorithms-Overview-8-320.jpg)
![TP : Test Each Algorithm (RSA)
openssl genrsa [-out filename] [-passout arg] [-des] [-des3] [-idea]
[-f4] [-3] [-rand file(s)] [-engine id] [numbits]
openssl rsa [-inform PEM|NET|DER] [-outform PEM|NET|DER] [-in
filename] [-passin arg] [-out filename] [-passout arg] [-sgckey] [-
des] [-des3] [-idea] [-text] [-noout] [-modulus] [-check] [-pubin]
[-pubout] [-engine id]
For encryption we will use rsautl command of
following synopsis :
openssl rsautl [-in file] [-out file] [-inkey file] [-pubin] [-
certin] [-sign] [-verify] [-encrypt] [-decrypt] [-pkcs] [d-ssl] [-
raw] [-hexdump] [-asn1parse]
Lets now try this algorithm :
03/01/2013 NOUNI El Bachir 11](https://image.slidesharecdn.com/desandrsaoverview-130104052301-phpapp01/85/Crypto-DES-And-RSA-Algorithms-Overview-11-320.jpg)
(Crypto) DES And RSA Algorithms Overview
- 1. DES & RSA Algorithms Overview Tutorial 03/01/2013 NOUNI El Bachir 1
- 2. Comparison And Uses DES : It's a symmetric algorithm designed for encrypting data. Its advantage is that it's fast for large data size, but it present one inconvenient is that of changing keys between the tow tiers. 03/01/2013 NOUNI El Bachir 2
- 3. Comparison And Uses RSA : it's an asymmetric algorithm designed for encrypting data also. Its inconvenience is that it's too slow for large data size. It use tow keys instead of DES which uses one shared key. One of these keys is secret and the other is public. The Data that is encrypted by one is decrypted by the other but not by the same key. 03/01/2013 NOUNI El Bachir 3
- 4. Tools Through this tutorial we will use the Openssl tool. This tool is by default integrated in Linux. For Windows users they should download this tool by following this link : http://slproweb.com/products/Win32OpenSSL.html After the installation of openssl; whether you add the path of openssl.exe to your system path, our each time at the command prompt you use the full path of openssl.exe. 03/01/2013 NOUNI El Bachir 4
- 5. Parameters Of These Algorithms DES : − Secret key (64 bits) − Initialization vector (64 bits) RSA : − Secret key − Secret key length − Public key − The modulus 03/01/2013 NOUNI El Bachir 5
- 6. TP : Test Each Algorithm (DES) The instructions thereafter were tested under Linux system. DES : To use this algorithm we have to generate first its parameters (secret key,initialization vector). To do so we will use /dev/urandom file and head command. The synopsis of each one is : 03/01/2013 NOUNI El Bachir 6
- 7. TP : Test Each Algorithm (DES) |> cat /dev/urandom | head -1 > random.bin the result after using |> xxd random.bin to show file content in Hex format : 0000000: 95c3 e2d9 62c9 8d24 fa03 69e7 59aa aa11 ....b..$..i.Y... So we choose 95C3E2D962C98D24 as secret Key and FA0369E759AAAA11 as initialization vector. After that we can encrypt and decrypt a file. |> Openssl enc -e -des-cbc -in inputfile -out outputfile -nosalt -K 95C3E2D962C98D24 -iv FA0369E759AAAA11 -a 03/01/2013 NOUNI El Bachir 7
- 8. TP : Test Each Algorithm (DES) -des-cbc : DES algorithm using CBC mode -e : for encryption -in [inputfile] : to specify input file -out [outputfile] : to specify output file -K XX..XX : to specify secret key 64 bits -iv XX..XX : to specify initialization vector 64 bits -a : encoding output file in base64 format -nosalt : no salt will be used 03/01/2013 NOUNI El Bachir 8
- 9. TP : Test Each Algorithm (DES) For decryption we use the same command line, we have to just change -e option by -d for decryption. 03/01/2013 NOUNI El Bachir 9
- 10. TP : Test Each Algorithm (RSA) The implementation of RSA follow three steps : Generate a encrypted secret key of 1024 or 2048 length. Generate the public key from the secret one. To do so, we will use genrsa and rsa commands. Synopsis of these commands is : 03/01/2013 NOUNI El Bachir 10
- 11. TP : Test Each Algorithm (RSA) openssl genrsa [-out filename] [-passout arg] [-des] [-des3] [-idea] [-f4] [-3] [-rand file(s)] [-engine id] [numbits] openssl rsa [-inform PEM|NET|DER] [-outform PEM|NET|DER] [-in filename] [-passin arg] [-out filename] [-passout arg] [-sgckey] [- des] [-des3] [-idea] [-text] [-noout] [-modulus] [-check] [-pubin] [-pubout] [-engine id] For encryption we will use rsautl command of following synopsis : openssl rsautl [-in file] [-out file] [-inkey file] [-pubin] [- certin] [-sign] [-verify] [-encrypt] [-decrypt] [-pkcs] [d-ssl] [- raw] [-hexdump] [-asn1parse] Lets now try this algorithm : 03/01/2013 NOUNI El Bachir 11
- 12. TP : Test Each Algorithm (RSA) To generate the secret key : |> openssl genrsa -des -out sckey.pem 2048 -des : DES which will be used to encrypt the secret key. -out : to specify the output file. 2048 : key length. After Enter Key press the prompt will demand to you to enter a phrase password. 03/01/2013 NOUNI El Bachir 12
- 13. TP : Test Each Algorithm (RSA) To generate the public key : |> openssl rsa -pubout < sckey.pem > pkey.pem -pubout : to specify that wie want to generate a public key from the secret one sckey.pem. < : input flow redirection > : output flow redirection 03/01/2013 NOUNI El Bachir 13
- 14. TP : Test Each Algorithm (RSA) To encrypt data with public key : |> openssl rsautl -encrypt -in inputfile -out outputfile -inkey pkey.pem -pubin -a -encrypt : for encryption. -in : to specify input file path. -out : to specify output file. -inkey : key file to use. -pubin : specify that the key specified with -inkey is a public key. Without this options secret key is used. 03/01/2013 NOUNI El Bachir 14
- 15. Best practice RSA : to exchange shared secret key DES : to encrypt data using exchanged shared secret key. Scenario : Alice (sA,PA) and Bobe (sB,PB). Alice want send data to Bobe, but it is the first time. So they should define a shared key. 03/01/2013 NOUNI El Bachir 15
- 16. Best practice So Alice had to generate a random 64 bits key (DES) and an initialization vector (64 bits) and encrypt it using the public key of Bobe P B. Then send it to Bobe. Bobe will receive encrypted key and will decrypt it. At this moment its ok but he should send an acknowledgment to Alice to tell him that he receive the key successfully. So he should encrypt the received key using public key of Alice and send it to him. 03/01/2013 NOUNI El Bachir 16
- 17. Best practice After this handshaking it is ok to exchange encrypted that using shared secret key (64 bits). It is recommended to use Tripe DES instead of DES because it is more secure. To use this algorithm in what we have seen, you can just change -des by -des3 in RSA section and for DES section you choose -des-ede-cbc instead of -des-cbc. 03/01/2013 NOUNI El Bachir 17
- 19. Thanks nouni.ebachir@gmail.com 03/01/2013 NOUNI El Bachir 19