You will learn how to start and shutdown the Linux virtual machines. You will learn how to extract data created on these VMs for later reuse on raw floppy disk image files. You will learn how to use openssl command lines on Linux in order to start exploring some cryptographic building block operations.
You will have finished this lab once you have completed the following tasks:
Some very useful security learning programs are available on Linux. We will be using some of these programs from the command line. This is a way of interacting with a computer system one command (or sentence) at a time. You type the command onto the command line, and can edit it on the line you type if you spot any mistakes before you press the enter key to execute your command. The program will either do something you intended, or if you got the command wrong it will do something else (usually but not always nothing), and you may get an error message explaining what went wrong. This is a very flexible way to learn, because once you are familiar with how to use a command to carry out an intended job correctly, automating the use of this command by putting it into a script is then relatively easy.
Unfortunately Linux support by the BCU IT team has been severely limited. You can use Linux on your own laptop or at home freely, e.g. concerning access to networks and devices. In Millenium Point labs 016 and 050 various Linux virtual machines (VMs) are available. These essentially offer similar facilities, using different Linux versions. I've used the ones under the Linux and Virtual Learning menus to do the following exercises. Gutsy Host 1 and 2 can be logged into using user: user and password: password .
The virtual machines neither have network access, nor any direct access to your disks or USB drives. However, you can connect a raw floppy image file downloaded to your H: drive to the Linux virtual machines, mount it in the Linux VM, save text files with transcripts of your commands and work to this virtual floppy and store this image file within your university Windows environment. On another Windows computer over which you have administrative control, a virtual floppy driver can be installed to enable you to see and print the files saved to the floppy image directly. If you don't have access to any computer of your own and need to use the BCU supported computers alone, you can still save Linux VM work on floppy image files, but you will only be able to view this work within the VMs or using a Windows screen capture program or an older computer which still has a physical floppy disk drive. A raw floppy image can be downloaded here.
Once you have logged in and out of the Linux VM, you will need to try out these procedures for imaging floppies and experiment with using these for getting data into and out of the virtual machines. Before you can do this you will need to use the facility within the VM hypervisor to associate the floppy image file with the virtual machine floppy device. (A hypervisor is a virtual machine program such as Virtual PC at BCU. More capable hypervisors include VMWare and VirtualBox which enable you to use a USB stick).
The Ubuntu Linux VMs use the Gnome window manager. This includes a places menu - you may need to use the computer icon here to open a file browser on the floppy or virtual floppy. A tool which mounts a virtual floppy image as a drive letter on Windows XP can be downloaded from http://sourceforge.net/projects/vfd/ . This approach requires Windows administrator access, not present in the BCU lab PCs. Hints about using this download and a similar command which mounts a floppy image on Linux are available here.
It is essential to obtain and use a logbook for this module. If you don't then you will probably forget what was covered in the previous week and will find next week's lab exercises a struggle. The first coursework deliverable will test what you have learned in these labs, so with a well-kept logbook you will find this assignment much easier.
Using the Applications -> accessories menu open a terminal. In this type the following command:
openssl version
If openssl reports its version number this shows that the openssl command is installed on your Linux system. If it isn't then you'll need to install it before you can do any more openssl commands. If you mistyped the command, e.g. by saying openssx version, the system should output a suitable error message to say you have not got the incorrect command which you tried.
Try these commands:
openssl 37
openssl 39
37 is prime, and 39 isn't, but what numbering system does openssl use to report these results ? Write the results and your answer into your logbook.
Use openssl to find a prime number which has at least 40 decimal digits and write it into your logbook. Hints:
Could openssl have worked out whether such large numbers were prime by attempting to factorise them in the time taken ? How many tests would a factorisation testing approach have required ? If we had to try every odd number up to the square root of the number being tested, write down a quick estimate of the number of tests which would have been needed in your logbook, and state how long openssl took. When we study how public key cryptography using RSA works we'll want to know how very large prime numbers useful for RSA keys can be obtained.
Try the following:
echo a secret message | openssl enc -des -k secretkey -a
In this example, openssl is taking its standard input not from the usual place (the keyboard), but instead uses the string: a secret message piped from the output of the echo command. What is the difference if the -a flag wasn't used ? Try it without this flag, and see if you can identify a description of the -a flag from the recommended reading, and write in your logbook the effect of using or not using -a . Using the mouse scroll wheel as if it were a middle mouse button, drag and drop the standard output containing the BASE64 encoded DES ciphertext of the secret message into the standard input of the next command as follows:
echo U2FsdGVkX1/MqR+pLc9fgVDuvM5VdJ+8wFDKvE7oSYuoezsf2oU/Pg== | openssl enc -des -d -k secretkey -a
If you got the original plaintext back again from the above ciphertext, the openssl DES decryption command worked. Try the above 2 commands, but using an encryption/decryption key that would be more difficult to guess than secretkey. See if you can make a stronger cipher than DES, e.g. AES256 or DES3 work in a similar way, and write the encryption and decryption commands used into your logbook.
Read the Linux manual page for openssl using the command
man opensslThis will open this document in the less browser. To see the next page press the space bar, to see the next line press enter, to get help in using less press h, to page back press b and to quit less press q .
Unfortunately this manpage isn't complete. A clickable - but still incomplete - version is here.
You won't want to read it from start to end, but this HOWTO guide is useful reference once you know what you want to do with openssl. Try using this HOWTO document to identify the openssl subcommands and flags used in the above example commands for DES encryption and decryption and for primality testing.