1. DES & RSA Algorithms Overview
Tutorial
03/01/2013 NOUNI El Bachir 1
2. Comparison And Uses
DES : It's a symmetric algorithm designed for
encrypting data. Its advantage is that it's fast for
large data size, but it present one inconvenient
is that of changing keys between the tow tiers.
03/01/2013 NOUNI El Bachir 2
3. Comparison And Uses
RSA : it's an asymmetric algorithm designed for
encrypting data also. Its inconvenience is that
it's too slow for large data size. It use tow keys
instead of DES which uses one shared key. One
of these keys is secret and the other is public.
The Data that is encrypted by one is decrypted
by the other but not by the same key.
03/01/2013 NOUNI El Bachir 3
4. Tools
Through this tutorial we will use the Openssl
tool. This tool is by default integrated in Linux.
For Windows users they should download this
tool by following this link :
http://slproweb.com/products/Win32OpenSSL.html
After the installation of openssl; whether you
add the path of openssl.exe to your system
path, our each time at the command prompt
you use the full path of openssl.exe.
03/01/2013 NOUNI El Bachir 4
5. Parameters Of These Algorithms
DES :
− Secret key (64 bits)
− Initialization vector (64 bits)
RSA :
− Secret key
− Secret key length
− Public key
− The modulus
03/01/2013 NOUNI El Bachir 5
6. TP : Test Each Algorithm (DES)
The instructions thereafter were tested under
Linux system.
DES :
To use this algorithm we have to generate first
its parameters (secret key,initialization vector).
To do so we will use /dev/urandom file and
head command.
The synopsis of each one is :
03/01/2013 NOUNI El Bachir 6
7. TP : Test Each Algorithm (DES)
|> cat /dev/urandom | head -1 > random.bin
the result after using |> xxd random.bin to show file
content in Hex format :
0000000: 95c3 e2d9 62c9 8d24 fa03 69e7 59aa aa11 ....b..$..i.Y...
So we choose 95C3E2D962C98D24 as secret Key
and FA0369E759AAAA11 as initialization vector.
After that we can encrypt and decrypt a file.
|> Openssl enc -e -des-cbc -in inputfile -out outputfile -nosalt -K
95C3E2D962C98D24 -iv FA0369E759AAAA11 -a
03/01/2013 NOUNI El Bachir 7
8. TP : Test Each Algorithm (DES)
-des-cbc : DES algorithm using CBC mode
-e : for encryption
-in [inputfile] : to specify input file
-out [outputfile] : to specify output file
-K XX..XX : to specify secret key 64 bits
-iv XX..XX : to specify initialization vector 64 bits
-a : encoding output file in base64 format
-nosalt : no salt will be used
03/01/2013 NOUNI El Bachir 8
9. TP : Test Each Algorithm (DES)
For decryption we use the same command line,
we have to just change -e option by -d for
decryption.
03/01/2013 NOUNI El Bachir 9
10. TP : Test Each Algorithm (RSA)
The implementation of RSA follow three steps :
Generate a encrypted secret key of 1024 or
2048 length.
Generate the public key from the secret one.
To do so, we will use genrsa and rsa commands.
Synopsis of these commands is :
03/01/2013 NOUNI El Bachir 10
11. TP : Test Each Algorithm (RSA)
openssl genrsa [-out filename] [-passout arg] [-des] [-des3] [-idea]
[-f4] [-3] [-rand file(s)] [-engine id] [numbits]
openssl rsa [-inform PEM|NET|DER] [-outform PEM|NET|DER] [-in
filename] [-passin arg] [-out filename] [-passout arg] [-sgckey] [-
des] [-des3] [-idea] [-text] [-noout] [-modulus] [-check] [-pubin]
[-pubout] [-engine id]
For encryption we will use rsautl command of
following synopsis :
openssl rsautl [-in file] [-out file] [-inkey file] [-pubin] [-
certin] [-sign] [-verify] [-encrypt] [-decrypt] [-pkcs] [d-ssl] [-
raw] [-hexdump] [-asn1parse]
Lets now try this algorithm :
03/01/2013 NOUNI El Bachir 11
12. TP : Test Each Algorithm (RSA)
To generate the secret key :
|> openssl genrsa -des -out sckey.pem 2048
-des : DES which will be used to encrypt the
secret key.
-out : to specify the output file.
2048 : key length.
After Enter Key press the prompt will demand to
you to enter a phrase password.
03/01/2013 NOUNI El Bachir 12
13. TP : Test Each Algorithm (RSA)
To generate the public key :
|> openssl rsa -pubout < sckey.pem > pkey.pem
-pubout : to specify that wie want to generate a
public key from the secret one sckey.pem.
< : input flow redirection
> : output flow redirection
03/01/2013 NOUNI El Bachir 13
14. TP : Test Each Algorithm (RSA)
To encrypt data with public key :
|> openssl rsautl -encrypt -in inputfile -out outputfile -inkey pkey.pem
-pubin -a
-encrypt : for encryption.
-in : to specify input file path.
-out : to specify output file.
-inkey : key file to use.
-pubin : specify that the key specified with -inkey
is a public key. Without this options secret key
is used.
03/01/2013 NOUNI El Bachir 14
15. Best practice
RSA : to exchange shared secret key
DES : to encrypt data using exchanged shared
secret key.
Scenario :
Alice (sA,PA) and Bobe (sB,PB).
Alice want send data to Bobe, but it is the first
time. So they should define a shared key.
03/01/2013 NOUNI El Bachir 15
16. Best practice
So Alice had to generate a random 64 bits key
(DES) and an initialization vector (64 bits) and
encrypt it using the public key of Bobe P B. Then
send it to Bobe.
Bobe will receive encrypted key and will decrypt it.
At this moment its ok but he should send an
acknowledgment to Alice to tell him that he
receive the key successfully. So he should
encrypt the received key using public key of
Alice and send it to him.
03/01/2013 NOUNI El Bachir 16
17. Best practice
After this handshaking it is ok to exchange
encrypted that using shared secret key (64 bits).
It is recommended to use Tripe DES instead of
DES because it is more secure. To use this
algorithm in what we have seen, you can just
change -des by -des3 in RSA section and for
DES section you choose -des-ede-cbc instead
of -des-cbc.
03/01/2013 NOUNI El Bachir 17