This is a Clilstore unit. You can .
In this part of the unit we are going to talk about how to communicate safely through a shared and insecure channel like internet, where there are many bad guys, who might intercept read and modify the messages, and even usurp the identity of other people with evil intent.
In the activity 1, we will learn how to ensure that nobody except the legitimate receiver will read your communications using encryption
In the activity 2, we will learn how to ensure that the message has not been intercepted and modified by a third person, using digital signature
In the activiy 3, we will learn how to ensure that the sender is identified in a reliable way using certificates issued from a Certifying Authority
All these elements are meant to make safely the communications from a legal standpoint. This concept is also known as to provide LEGAL SECURITY to the Internet
In this activity you will learn how to use asymmetric encryption based on P.G.P. You will create a couple of public-private keys. You will exchange public keys with a classmate, and you will use your respective public keys to encrypt a secret message that only your classmate will be able to read.
This activity must be carried out between two students. So, choose a partner among your classmates.
Nowadays Internet is extremely insecure, and any information moving through the net may be intercepted by third parts. This includes confidential information as personal data, bank account credentials, logins and passwords.
When it comes to transmit data through internet there are two big issues:
How to make sure the data travelling through a public network are hidden for anybody else, safe the legitimitate receiver. This can be done by encrypting the message.
How to authenticate that both, the sender and the receiver are they themselves. This is done through digital signature. We will practice the use of digital signature in activity 2
How to make sure that the document have not been intercepted, while travelling for the net, and modified by a third part. This is done through digital signature. We will practice the use of digital signature in activity 2
To encrypt is to transform a readable message in something unreadable for everybody else except the legitimate receiver. The opposite process, decryption, allows the receiver to decode the unreadable message turning it readable.
There are two types of encryption: symmetric and asymmetric.
It uses a single key that must be known by the sender and the receiver, both to encrypt and decrypt. Something encrypted with a given key A, can be decrypted only if the other part has the same key A.
Symmetric encryption is simpler and easier to implement but has a serious flaw: privacy depends on the secret of the key…. If it is sent through internet we can not ensure it won't be intercepted by others compromising the message privacy
In this case we are using a couple of different but mathematically related keys (instead of one single key). Let's call them the keys A and B. Due to the particular mathematical bound between A and B, something encrypted with A can only be decrypted with B and viceversa. I can not stress this point more: something encrypted with A can not be decrypted with A, that's the difference with symmetric encryption. Only B allows decryption of a message encrypted with . And only A allows decryption of a message encrypted with B
Let's call A an B public and private keys
The private key will remain secret and safe because it will remain in the owner computer . Othewise, the public key can be sent through internet to whoever his owner needs to communicate with . It doesn't matter if it is intercepted by other persons as it'is going to be shown next:
To exchange encrypted information from user1 to user2
Both user1 and user2 exchange their public keys sending them through internet.
User 1 encrypts the message using user2's public key. You must keep in mind that not even user1 can decrypt the message, since something encryted with user2's public key only can be decrypted with user2's secret key which never went out his/her computer
User1 sends de encrypted message through internet
User2 decrypts the message with the his private key
Asymmetric encryption ensures privacy when the message must be transmitted through a shared channel, but it is more costly and complex than symmetric encryption
From now on, to avoid confusions we will use the terms single key encryption (SK) and public-private key encryption (PPK) instead of symmetric and asymmetric
DON'T DO HIS PART
In this activity we are going to use the program Seahorse. This program provides a graphical interface for GNU Privacy Guard, most commonly known as GPG. GPG is the more popular encryption/decryption tool in Linux. Seahores also provides a plug-in for Nautilus, the file manager used in LLiurex in the lasts years. Sadly Nautilus has been replaced by Dolphin in Lliurex 21.
So we need to install the following programs in our virtual machine.
In order to do so, you need to follow the teacher instructions
1. Enable the LLiurex Focal repository using the tool Boton Aplicaciones->Administración de lliurex->Repoman->Repositorios por defecto. Then click on the button apply. This can take some minutes.
Open a terminal window using Botón aplicaciones->Sistema->Konsole
Sudo apt-get install nautilus
Sudo apt-get install seahorse
Sudo apt-get install seahorse-nautilus
Check out for error messages and in case you get something wrong report to the teacher
If everything goes according to plan, you will have two new menus:
START HERE
The first thing to do is to create our first pairs of Keys. This can be done in Seahorse, but takes longer and it is better you know how to work directly with GNU PGP.
Open a terminal window (Ctrl+Alt+T) or select the menu Botón aplicaciones->Sistema->Konsole
Write on the terminal the command shown in the image and press the key return
Now, write 1 and press return to select the encryption algorithm RSA
Write 2048 to set the length of the key to 2048 bytes
Write 0 so that the key never expire
Enter your personal information: full name, email (you can make it up) and a comment.
Press 'V' to go ahead. Input a password to protect the private key. Keep in mind that if the private key were not protected by a password, any person logins in your computer might be able to steal your identity. Make sure you remember this password later. Write it down, or use the same password you are using for your user.
Next the key generation process will start. This is a very costly process and will take some minutes. To speed up the generation, type the keyboard and move the mouse randomly. The process will use all these actions to add up randomness to the key generation saving computing time
Finally a message tells you the key has been created.
Check out for error messages and in case you get something wrong report to the teacher
Let's see the created key in Seahorse. In the left panel click in claves gnuPG. Remember, to start Seahorse click on botón aplicaciones→utilidades→passwords and keys
Let's create a second key pair. But this time using Seahorse
Select the cross button in Seahorse
Select Clave PGP.
Input the a full name (make it up), email and comment.
The other default values are correct . Encryption type RSA , length ,and never expires.
Click on the button Crear. Insert a password to protect the private key. It is advisable to write a phrase key instead of a single word. It is still more advisable that you remember the password later, so write it down.
And next… summon all your patience, because it might be long. A background process will create the keys in some minuts. It might be up to half an hour. But never give up. After a long time the new key will pop up in the Seahorse keys panel
Remember the plan: The student A wants to send an encrypted secret message to B. So B must sent A his/her public key through internet. Then A will encrypt the message with B's public key and will send it to B by email. Only B will be able to decrypt the messages as long as it only can be decrypted using B's secret key, and it never went out his/her computer
Select your Key in Seahorse and using the contextual menu click on exportar.
This will store you public key in a .pgp file.
Send the .pgp file to your class mate by email, or using the shared folders in your desktop. He/she must sent you his/her exported public key too.
Import you classmate public key. Click in Seahorse in the + button and select the option importar desde un archivo, next select your parter .pgp key file .The public key information will be shown as you can see in the next picture. Click In the button Importar
If the imported key isn't shown in the gnuPGP panel, select the button Filtro de elementos→Mostrar qualquiera
Notice that the imported public key is shown next to a single key icon…..
…. while the private-public pair keys are shown next to a two keys icon. This make sense because the imported key is a single public key while the pair are two keys the public and private
IMPORTANT: THIS LAST PROCESS, IMPORTING THE PUBLIC KEY MIGHT FAIL IN THE CURRENT LLIUREX VERSION. IF IT IS THE CASE, IN ORDER TO IMPORT THE KEY, YOU NEED TO FOLLOW THIS PROCEDURE
1. Log out. You need log out your courrent session in order to update the background seahorse process
2. Log in. Start Seahorse. Check out the list of imported keys.
If this doesn't work try this other procedure.
1. In the files browser, select the folder where you saved the key you want to import
2. Press the keys Maysculas+F4 in order to open a terminal in that folder
3. In the prompt write gpg --import the_name_of_key_file (replace the_name_of_the_key_file, for the name of the private key file
4. Log out. You need log out your courrent session in order to update the background seahorse process
5. Log in. Start Seahorse. Check out the list of imported keys.
First we must create the message. Search on internet a famous phrase. Open Gedit (aplicaciones→utilidades->KWrite) and paste the sentence and the author. Save it in a file
Next select the secret message file in Nautilus (aplicaciones→utilidades->Files). Click the right button to drop down the contextual menu and select cifrar. A new window will open showing the available public keys (our public keys and the imported public keys from others). Choose your partner's classmate public key
Done, the encrypted file is the one with .gpg extension
Next send the encrypted file to your partner by email.
Your partner in this activity should already have sent you his/her own secret message in an encrypted file. To decrypt it, select it in Nautilus, drop down the contextual menu (right mouse button) and select the menu option Abrir con descifrar fichero. Remember, he/she has encrypted the message using your public key. To decrypt it will be necessary to use your private key, and we had protected it with a password.
And then, it will be possible to open and read your partner's message
Ask your teacher to come by and assess your work
PART 2. EXCHANGE A SECRET MESSAGE WITH YOUR TEACHER
Search in internet another famous phrase. Write it in a text file using Gedit. Write down your surname and name and the famous sentence.
Save the file
You are expected to encrypt this file and send it to the teacher. So, first you have to import the teacher's public key.
Download from Moodle the teacher's public key
Import it (archivo->importar)
Encrypt the file and upload it using Moodle
Short url: https://clilstore.eu/cs/10973