A+ Work

17 Jun A+ Work

Make a screen capture showing the fingerprint generated by the key creation process and paste it into your Lab Report file.

Introduction

As computers, tablets, phones and other “always on” digital devices become increasingly interconnected through unsecure public networks, threats against our privacy and digital security increase in kind. Threats like identity theft and credit fraud threaten our financial security. Digital stalking and online harassment threaten our physical and emotional security. Some suggest that digital surveillance, mass data collection, and data mining by government and commercial entities encroach on our right to free speech, our freedom of association, and our Constitutional protections against unlawful search and seizure.

The need to protect confidential and private information over “public” networks is an ancient one. The solution then, as now, is to encode private data using cryptography. Simply put, cryptography takes human readable information and makes it unreadable “cipher text” which can only be read if one possesses the correct key. Generally speaking there are three cryptographic standards: symmetric cryptography, asymmetric cryptography, and hybrid cryptography.

With symmetric cryptography the sender and receiver use the same key (or “shared secret”) to encrypt and decrypt a given message. Symmetric cryptography is quite fast and generally easier to implement than asymmetric cryptography. However, while symmetric cryptography does provide confidentiality and integrity, it does not guarantee authenticity. In other words, you do not know for certain who gave you the encrypted message.

With asymmetrical encryption, the sender has two keys: a private key and a public key. The sender encrypts with her private key and the receiver decrypts using the sender’s public key, which the receiver obtains from the sender or through a trusted third party, such as a certificate server. While asymmetrical encryption is slower and more complex than symmetrical encryption, it does guarantee the authenticity of the sender.

The hybrid approach is to have the sender encrypt the message with a symmetric key, and then send the message and a copy of the symmetric key using the sender’s asymmetric public key. The initial message and symmetric key are decrypted using the sender’s public key, and subsequent messages are then decrypted quickly using the symmetric key. The hybrid approach provides the same full CIA protection as asymmetrical encryption with nearly the same speed as symmetrical encryption.

In this lab, you will learn how cryptography tools can be used to ensure message and file transfer integrity and how encryption can be used to maximize confidentiality. You will use Kleopatra, the certificate management component of GPG4Win, to generate both a public and private key as both a sender and a receiver. You will use the sender’s keys to encrypt a file, send it to the receiver, and decrypt it using the receiver’s copy of the keys.

This lab has five parts which should be completed in the order specified.

In the first part of the lab, you will create a public and private key pair for the senders account on the vWorkstation desktop.

In the second part of the lab, you create a public and private key pair for the receiver’s account on the remote desktop, TargetWindows01.

In the third part of the lab, you will transfer and import the public key from the receiver, TargetWindows01.

In the fourth part of the lab, you will encrypt a file on the vWorkstation desktop using the receiver’s public key and the sender’s private key, send it to the remote machine, and then decrypt the file.

Finally, if assigned by your instructor, you will explore the virtual environment on your own in the third part of the lab to answer a set of challenge questions that allow you to use the skills you learned in the lab to conduct independent, unguided work, similar to what you will encounter in a real-world situation.

Learning Objectives

Upon completing this lab, you will be able to:

Apply the concepts of common cryptographic and encryption techniques to ensure confidentiality

Understand public and private key pairs and basic asymmetric cryptography

Generate a public and private key pair

Encrypt a data message using a public and private key pair

Decrypt a data message using a public and private key pair

Tools and Software

The following software and/or utilities are required to complete this lab. Students are encouraged to explore the Internet to learn more about the products and tools used in this lab.

FileZilla

GPG4Win (Kleopatra)
Deliverables

Upon completion of this lab, you are required to provide the following deliverables to your instructor:

Lab Report file including screen captures of the following step(s): Part 1, Step 8 and Part 4, Step 25.

secret-message.txt.gpg, transferred to your local computer in Part 4, Step 15;

Lab Assessments file;

Optional: Challenge Questions file, if assigned by your instructor.
Double click the Kleopatra icon on the desktop open the Kleopatra component of the GPG4Win application.

Figure 2 Kleopatra

Click File and select New Certificate from the Kleopatra menu.

Click the Create a personal OpenPGP key pair option in the Certificate Creation Wizard.

Figure 3 Create a new certificate using Kleopatra

Type the following information in the Enter Details screen and click Next to continue.

Name: Desktop

Figure 4 Enter certificate details

Click the Create Key button.

A pinentry (pin entry) dialog box will pop up to complete the creation of a key. You need to enter a passphrase, or password.

In the pinentry dialog box, type ISS316Security and click OK.

As you type, notice that the Quality meter below the passphrase changes to indicate the degree of security offered by the passphrase. A password that includes upper- and lowercase letters as well as numbers is more secure than one that uses only numbers, such as a birthdate, or a recognizable word, such as password.

Figure 5 Create a passphrase for the new certificate

In the passphrase box, type ISS316Security again to re-enter the passphrase and click OK to generate the key.

When the key is successfully created, you have several options for handling the key:

Make a Backup Of Your Key Pair. This option sends a copy of your private key to your computer where you can store it anywhere you’d like.

Send Certificate By EMail. This option will create a new e-mail and automatically attach your public key certificate.

Upload Certificate To Directory Service. You can store your certificate on a public Internet server.

Figure 6 Successful key pair fingerprint

Make a screen capture showing the fingerprint generated by the key creation process and paste it into your Lab Report file.

Kleopatra generates a unique 40-character fingerprint each time a key pair is created.

Click the Make a Backup of Your Key Pair button.

In the Output file box of the Export Secret Certificate dialog box, type C:/Users/Administrator/Desktop/DesktopKey-private.gpg and click OK to send your private key to the vWorkstation desktop.

Figure 7 Export Secret Certificate

Click OK to close the Secret Key Export Finished dialog box.

Click Finish to close the Certificate Creation Wizard.

The new certificate appears in the My Certificates tab of the Kleopatra application. The Key-ID is the last 8 digits of the fingerprint associated with this certificate. Each new certificate is created with no expiration (valid until) date, but you can set an expiration date in the Certificate Details screen.

Figure 8 The newly created certificate

In the Kleopatra window, double-click the Desktop certificate you just created to view all details related to the certificate:

Note that the key type is RSA. Kleopatra uses both RSA (Rivest, Shamir, and Adelman encryption algorithm) and DSA (Digital Signature Algorithm) for encryption. Kleopatra uses RSA as the default encryption algorithm, but you could select DSA while you create a new certificate by clicking the Advanced Settings button on the Enter Details.

Figure 9 Certificate details for Desktop

Click Close to close the window.

With the Desktop certificate highlighted in the Kleopatra window, click the Export Certificates button in the application’s toolbar to save a copy of your public key.

In the Export Certificates dialog box, click the Desktop icon under the This PC folder, name the file DesktopKey-public, and click Save to send the public key to the desktop.

Figure 10 Export the public key

Minimize the Kleopatra window.