Nt1330 Unit 5 Assignment 5
Encryption
GBA 685 Advanced Computer Forensics
Report #7
Xianglian Jin
The GNU Privacy Guard (GnuPG) is GNU 's tool for secure communication and data storage. It can be used to encrypt data, create digital signatures, and help authenticating using Secure Shell and to provide a framework for public key cryptography. It includes an advanced key management facility and is compliant with the OpenPGP and S/MIME standards. Gpg4win is GNU Privacy Guard for Windows and Kleopatra is the certificate manager in Gpg4win. To create OpenPGP and X.509 certificates, Gpg4win uses a key length of 2048bit by default. The default algorithm for signing and encrypting is RSA. [1]
In RSA cryptosystem, the encryption key is public and differs from …show more content…
the decryption key which is kept secret. The following parts will introduce the main function of Kleopatra.
1 Create new certificate/ Import certificate
1.1 Create new certificate
We can create two types of certificate with Kleopatra: OpenPGP key pair and X.509 key pair.
The differences between OpenPGP and X.509 are as follows:
In the X.509 world, the only PKI that we usually encounter is one built on a centralized CA.
PGP has flourished for many years without the need to establish a centralized CA. This is because OpenPGP uses a decentralized system of trusted introducers, which are the same as a CA. OpenPGP allows anyone to sign anyone else’s public key. When Alice signs Bob’s key, she is introducing Bob’s key to anyone who trusts Alice. If someone trusts Alice to introduce keys, then Alice is a trusted introducer in the mind of that observer.[2]
I choose to create a personal OpenPGP key pair.
Click ‘File’. Then click ‘New Certificate’.
Figure 1 New certificate
Figure 2 Choose the type of key
Enter the name and Email address in textboxes. We can click on ‘Advanced Settings’ to set some details about the certificate.
Figure 3 Enter details of the certificate
We can choose the encryption algorism (RSA/DSA) and details about certificate usage in advance settings. Click ‘OK’ to complete the setting. Then click ‘Next’ to next step. The certificate creation wizard will show all parameters of the certificate. Click ‘Create Key’ to confirm and create the key pair.
Figure 4 Review certificate parameters
During the key creation process, the program will ask you to create a passphrase for the certificate. The program suggests that the passphrase should be at least 8 characters and contain both of letters and numbers. It will pop an alert to warn you if the passphrase isn’t safe enough.
Figure 5 Enter passphrase
Click ‘OK’ to complete the process. Then click ‘Finish’.
1.2 Import certificate
Click ‘Import Certificates’. The extensions of certificates can be: *.asc, *.cer, *.cert, *.crt, *.der, *.pem, *.gpg, *.p7c, *.p12, *.pfx, *.pgp.
Click ‘Open’ to import the certificate.
Figure 6 Select the certificate
Note: The certificate I choose to import only contains the public key.
2 Export certificate
Select a certificate and click ‘File’. Then click ‘Export Certificates’.
Figure 7 Export certificate
If the certificate is owned by me, I can choose to export the secret key, though this is a very dangerous action. We don’t use this function very often.
The default filename of certificate is the fingerprint of it.
3 Encrypt/ Sign
We can encrypt or sign a file with public key of the certificates.
3.1 Encryption
When using other’s certificate to encrypt a file, remember to add a certificate owned by us as well. Otherwise we are not able to open the encrypted file since we don’t have the private key of others.
Click ‘File’. Then click ‘Sign/Encrypt files’.
Then select the file we want to encrypt. Click ‘Open’ to proceed.
Select ‘Encrypt’. We can also choose to remove unencrypted original file when done if we want. Then click ‘Next’.
Figure 8 Encrypt files
We can select multiple certificates.
Figure 9 Select certificates
I chose two certificates and one of them is owned by me. Click ‘Encrypt’ to proceed. Then click ‘Finish’.
We can find the encrypted file in the same folder with the original file.
Figure 10 Encrypted file
3.2 Make a signature
The first few steps of making a signature are same with encryption. Just remember to choose ‘Sign’ instead of ‘Encrypt’.
Then select a file, and click ‘Open’. Click ‘Next’ to proceed.
We can only use our own certificates to make signature. Click ‘Sign’ after choosing the certificate.
Figure 11 Choose to sign a file
We need to enter the passphrase to unlock the secret key. Click ‘OK’ to proceed.
Figure 12 Enter the passphrase
Click ‘Finish’ to complete.
Figure 13 Signing succeeded
4 Decrypt/ Verify
4.1 Decryption
First of all, we need to create a checksum for the original file.
Then we create a checksum for the decrypted file after decryption to make sure the file has not been altered.
Click ‘File’. Click ‘Create checksum files’. Select the original file and click ‘Open’. Then we got a checksum file which contains the checksum in it.
Figure 14 Create a checksum
Figure 15 Checksum of the original file
Click ‘File’. Then click ‘Decrypt/Verify Files’. Select an encrypted file. Then click ‘open’.
Figure 16 Select an encrypted file
Then click ‘Decrypt/Verify’ to proceed. The procedure also includes entering the passphrase of the certificate.
Figure 17 Decrypt a file
Click ‘OK’ to complete. The decrypted file will appear in the selected folder. Then we create a checksum for the decrypted file follow the steps that have mentioned above.
Figure 18 Checksum of decrypted file
We can see that this checksum is as same as the one of the original file. That means the file has not been altered after encryption and decryption.
4.2 Verification
The first few steps of verification are as same as the decryption. But remember to check the box which says ‘Input file is a detached signature’ before click on the ‘Decrypt/Verity’.
Figure 19 Verify a file
Figure 20 Signature
verified
References
[1] http://www.gpg4win.org/features.html
[2] http://www.openpgp.org/technical/whybetter.shtml
GBA 685 Advanced Computer Forensics
Report #7
Xianglian Jin
The GNU Privacy Guard (GnuPG) is GNU 's tool for secure communication and data storage. It can be used to encrypt data, create digital signatures, and help authenticating using Secure Shell and to provide a framework for public key cryptography. It includes an advanced key management facility and is compliant with the OpenPGP and S/MIME standards. Gpg4win is GNU Privacy Guard for Windows and Kleopatra is the certificate manager in Gpg4win. To create OpenPGP and X.509 certificates, Gpg4win uses a key length of 2048bit by default. The default algorithm for signing and encrypting is RSA. [1]
In RSA cryptosystem, the encryption key is public and differs from …show more content…
the decryption key which is kept secret. The following parts will introduce the main function of Kleopatra.
1 Create new certificate/ Import certificate
1.1 Create new certificate
We can create two types of certificate with Kleopatra: OpenPGP key pair and X.509 key pair.
The differences between OpenPGP and X.509 are as follows:
In the X.509 world, the only PKI that we usually encounter is one built on a centralized CA.
PGP has flourished for many years without the need to establish a centralized CA. This is because OpenPGP uses a decentralized system of trusted introducers, which are the same as a CA. OpenPGP allows anyone to sign anyone else’s public key. When Alice signs Bob’s key, she is introducing Bob’s key to anyone who trusts Alice. If someone trusts Alice to introduce keys, then Alice is a trusted introducer in the mind of that observer.[2]
I choose to create a personal OpenPGP key pair.
Click ‘File’. Then click ‘New Certificate’.
Figure 1 New certificate
Figure 2 Choose the type of key
Enter the name and Email address in textboxes. We can click on ‘Advanced Settings’ to set some details about the certificate.
Figure 3 Enter details of the certificate
We can choose the encryption algorism (RSA/DSA) and details about certificate usage in advance settings. Click ‘OK’ to complete the setting. Then click ‘Next’ to next step. The certificate creation wizard will show all parameters of the certificate. Click ‘Create Key’ to confirm and create the key pair.
Figure 4 Review certificate parameters
During the key creation process, the program will ask you to create a passphrase for the certificate. The program suggests that the passphrase should be at least 8 characters and contain both of letters and numbers. It will pop an alert to warn you if the passphrase isn’t safe enough.
Figure 5 Enter passphrase
Click ‘OK’ to complete the process. Then click ‘Finish’.
1.2 Import certificate
Click ‘Import Certificates’. The extensions of certificates can be: *.asc, *.cer, *.cert, *.crt, *.der, *.pem, *.gpg, *.p7c, *.p12, *.pfx, *.pgp.
Click ‘Open’ to import the certificate.
Figure 6 Select the certificate
Note: The certificate I choose to import only contains the public key.
2 Export certificate
Select a certificate and click ‘File’. Then click ‘Export Certificates’.
Figure 7 Export certificate
If the certificate is owned by me, I can choose to export the secret key, though this is a very dangerous action. We don’t use this function very often.
The default filename of certificate is the fingerprint of it.
3 Encrypt/ Sign
We can encrypt or sign a file with public key of the certificates.
3.1 Encryption
When using other’s certificate to encrypt a file, remember to add a certificate owned by us as well. Otherwise we are not able to open the encrypted file since we don’t have the private key of others.
Click ‘File’. Then click ‘Sign/Encrypt files’.
Then select the file we want to encrypt. Click ‘Open’ to proceed.
Select ‘Encrypt’. We can also choose to remove unencrypted original file when done if we want. Then click ‘Next’.
Figure 8 Encrypt files
We can select multiple certificates.
Figure 9 Select certificates
I chose two certificates and one of them is owned by me. Click ‘Encrypt’ to proceed. Then click ‘Finish’.
We can find the encrypted file in the same folder with the original file.
Figure 10 Encrypted file
3.2 Make a signature
The first few steps of making a signature are same with encryption. Just remember to choose ‘Sign’ instead of ‘Encrypt’.
Then select a file, and click ‘Open’. Click ‘Next’ to proceed.
We can only use our own certificates to make signature. Click ‘Sign’ after choosing the certificate.
Figure 11 Choose to sign a file
We need to enter the passphrase to unlock the secret key. Click ‘OK’ to proceed.
Figure 12 Enter the passphrase
Click ‘Finish’ to complete.
Figure 13 Signing succeeded
4 Decrypt/ Verify
4.1 Decryption
First of all, we need to create a checksum for the original file.
Then we create a checksum for the decrypted file after decryption to make sure the file has not been altered.
Click ‘File’. Click ‘Create checksum files’. Select the original file and click ‘Open’. Then we got a checksum file which contains the checksum in it.
Figure 14 Create a checksum
Figure 15 Checksum of the original file
Click ‘File’. Then click ‘Decrypt/Verify Files’. Select an encrypted file. Then click ‘open’.
Figure 16 Select an encrypted file
Then click ‘Decrypt/Verify’ to proceed. The procedure also includes entering the passphrase of the certificate.
Figure 17 Decrypt a file
Click ‘OK’ to complete. The decrypted file will appear in the selected folder. Then we create a checksum for the decrypted file follow the steps that have mentioned above.
Figure 18 Checksum of decrypted file
We can see that this checksum is as same as the one of the original file. That means the file has not been altered after encryption and decryption.
4.2 Verification
The first few steps of verification are as same as the decryption. But remember to check the box which says ‘Input file is a detached signature’ before click on the ‘Decrypt/Verity’.
Figure 19 Verify a file
Figure 20 Signature
verified
References
[1] http://www.gpg4win.org/features.html
[2] http://www.openpgp.org/technical/whybetter.shtml