 So, we've talked a bit about hash functions and we can use cryptographic hash functions for authentication. Let's, in this, this topic, we're still talking about authentication, in fact, we're going to step back and recap or recover what we've talked about for general authentication and then go through another way to authenticate. Instead of using hash functions, we can use what's called message authentication codes. We'll see they're very similar and we won't spend too much time on them. But first, let's talk generally about authentication and what we require and the general ways in which authentication works and look at all the techniques we have available. In fact, go back to our services or a little bit of a variation of the services and in particular the different types of attacks that we have available. Disclosure, message disclosure is this attack where if I send a message, someone intercepts and they can read the contents and they've disclosed the contents of that message. That's our normal form of attack that we think about. When someone says encryption or security, they usually first think about trying to find the message that someone has sent, disclosing the contents of that message. What mechanism do we use to prevent the disclosure of messages? We encrypt the messages. So if I want a message to send to someone and I don't want anyone else to read that message, I encrypt the message, the plain text, send the ciphertext and then the receiver can read the message but someone who intercepts the ciphertext should not be able to find the plain text. That's our normal or most common example of where we use encryption and we've covered that since the start of the course, all the different ciphers we have available. Traffic analysis is another form of attack. We haven't talked much about it. We've said what the attack is but we haven't talked about how to prevent it and how the details of how it can occur but we can use encryption in some cases to hide who is communicating and make it more difficult to analyse traffic and other techniques as well to prevent traffic analysis like introducing random traffic makes it harder for someone to analyse the traffic. So what about some of the other attacks? Well remember we have a masquerade attack where someone pretends to be someone else. How do we prevent that? What mechanism do we use? Well authentication is the mechanism to prevent someone pretending to be someone else. In fact we don't prevent it, we detect it if it does happen. If someone pretends to be me and they send you a message, if we're using authentication techniques you should be able to detect that it didn't come from me, it came from someone else. So someone can perform a masquerade attack but they should be easy to detect if we use authentication techniques. Here we see we say the technique is message authentication. In fact authentication we can authenticate the contents of the message or the source of the message. So sometimes we distinguish, sometimes we just call it authentication or message authentication. Authenticating the source is who did it come from. Authenticating the contents is making sure that the message received is the same as the message that was sent. But they're both referred to as authentication. So a masquerade attack we use authentication to stop it or to at least detect it. Same with modification attacks. We can, someone can try to modify the content along the way or not just modify the message, maybe I send 10 messages. They can try and rearrange the ordering of those messages, modify the sequence. Maybe that can be useful for the attacker or even the timing of the messages. I send a message if the attacker can delay it or somehow make it such that it cause an inconvenience or a problem for the receiver because of the different timing of receiving the messages. That can be a form of an attack. All of these require modifying what has been sent or the order in which it's been sent or how it's been sent. And the way to stop such attacks is again to use authentication. How to detect the modification of content then include some authentication mechanism such that when someone sends a message if it's been modified along the way the receiver will detect that. For example a signature. We sign a message if an attacker tries to modify the message assuming our hash function has the desired properties the receiver will be able to detect something's gone wrong. So we can stop modification attacks or at least detect modification attacks using authentication techniques. Hash functions are hash functions combined with encryption are one form of authentication but there are others. Not about source or a destination denying that a message was sent well also use authentication techniques but a specific instance or a specific case of authentication a digital signature. A digital signature is it's related to authentication but it's this special case of having something that we can prove it came from just one person. A digital signature is using important using public key cryptography. Here's a case a user takes a message and we say they sign that message and the important part is that they encrypt either the hash of the message or even the message itself using the users the sender's private key. And we can confirm that signature because it should only successfully decrypt with that user's public key. If it successfully decrypts with the user's public key it means it must have been encrypted with that user's private key which means it must have came from that user because only one user in the world has the private key of A and is that user A. So public key cryptography specifically encrypting something either the message or the hash of the message with the sender's private key is providing a digital signature and that can stop someone denying that they sent a message because user A signs a message and sends it and then sometimes later user A says I did not send it well B has a copy of it including the signature of the message confirming that it did come from A. So there's a way to confirm at later dates later time that the message was sent and similar with destination repudiation that if the destination denies it you can make use of digital signatures to check whether they have received it or not. So that's about some of the attacks that are possible what mechanisms do we use to prevent or detect them encryption authentication and as a subset digital signatures we're focusing on authentication well what do we have available to do authentication how do we perform authentication there are two main things usually what we do is we have some function that we apply on a message called or that produces some output we saw in the previous topic we take a hash of the message and we get a hash value as the output so that function is the hash function the output is the hash value the output generally is called an authenticator it's just the general terminology and combined with some function like a hash function or we'll see others we also need some protocol this mechanism for what do we send and what does the receiver do that's although that's like these diagrams this is the protocol the function is what we apply on the message for example the operation we do here the protocol is what do we send and what does the receiver do so that are the two parts of authentication and there are different ways to do it there are different protocols and there's different functions available focusing on the functions well in general there are three types of functions we can use we can use a hash function and that's what we saw in the previous topic the previous topic was about using hash functions to perform authentication for example for a signature we take a hash of the message and then encrypt with a private key and we saw four or five of those diagrams different variations of using hash functions but we don't have to use a hash function for authentication there are other ways one is simply encryption by encrypting a message often we also provide authentication using symmetric or just public key encryption so we don't need to use a hash function and there's a third approach another type of function called a Mac a message authentication code it's in fact similar to both of the hash function and message encryption so what we're going to do now is talk genuinely about well how do we provide authentication using encryption we know some examples of how to provide authentication using a hash function how do we do it using just encryption just a AES or RSA and then we'll finish how do we do it using a Mac introduce what a Mac is how do we authenticate a message when we encrypting a message that is I have a message I want to send you I encrypt it using des I send you the ciphertext when you receive it it's provided confidentiality but in many cases you can also authenticate and make sure it came from the right person and make sure it hasn't been modified along the way so here's using symmetric key encryption for authentication we take a message we encrypt using some symmetric key algorithm des AES triple des whatever you choose we have a shared secret key K we send the ciphertext across the network the recipient takes the ciphertext decrypts with the same shared secret key K and gets the message back we know this provides confidentiality only be any a as well only they can recover the plain text if someone intercepts the ciphertext assuming we have a strong key and a strong algorithm that person who intercepts cannot find the plain text so that's confidentiality but we also provide other services we also provide authentication of the service of the source that is the receiver knows who this message came from be the receiver knows that the message came from a how do they know well recall that the key K should be known only by the source and destination a and B so if the receives a message some ciphertext if it successfully decrypts with that key K then it must have been encrypted with that key K and therefore it must have came from user a or be but be just received it so be did not send it to itself so be knows if they receive a message and it successfully decrypts with this key K be knows that this message came from a so that's authentication of the source they know it didn't come from someone else pretending to be a because if someone else pretended to be a and sent be a message they have to encrypt that message with some key but they don't know the key K because that should be a secret key so just encrypting a message also implies or also provides authentication of the source and similar what if someone tried to modify the message can a third user see intercept the message and modify what do they need to do well they would need the key because if we intercept the ciphertext and modify the ciphertext then it will not successfully decrypt or at least we will not get the original plain text when we decrypt and if the ciphertext is something different from what was sent when we try to decrypt with the key we'll get some random looking output because it's a different ciphertext we'll get a random looking plain text and the receiver should be able to detect that the only way third user could modify the the plain text is if they know the key but they don't know the key because that's a secret so what we normally assume is if if the receiver successfully decrypts the ciphertext they receive then that confirms that that message must have came from the person who also has that key and there's only one other person in the world that has this key K so that provides source authentication and it also means that the message has not been modified along the way so also provides data authentication or data integrity is the service that we call it so symmetric key encryption on its own provides these three services now in these two authentication cases we've made some assumption and that's the assumption that if we successfully decrypt well that we can detect that it was a successful decryption and the way we detect is that when we decrypt that we can recognize that we've got the correct plain text if I have some ciphertext and I decrypt with the wrong key let's try let's say our third party our attacker C encrypted some modified message run out of space let's say the attacker C is trying to pretend to be a so C has intercepted the message they've modified the message and they encrypt it with some other key K prime then they send it to be V receives they think the message came from a so they decrypt using key K but this message and prime was encrypted using K prime when we try to decrypt with a different key we'll get some plain text as output what we assume is that if we decrypt with the wrong key that the receiver the decryptor will be able to detect that this plain text is not the correct plain text and that's normally the case if the plain text has some meaning if the plain text was some English phrase or an English document if we decrypt with the wrong key the resulting plain text will be random characters it's highly likely and therefore the decryptor we detect this is not a message that has meaning something went wrong let's see a simpler example of that here you are you are user B okay user A has sent you something so you use a B you've received some cipher text you think it came from a okay and with a you have a shared secret key K here's the cipher text DPN so you receive this cipher text you think it came from a therefore you decrypt using the key that you shared with a user A and you decrypt with the key K and you get this plain text so the output you get here is this plain text do you think that this plain text was encrypted with a key K yes or no do you think that the plain text that you got as the receiver was encrypted with the key K that was shared with user A hands up for yes more more hands please put your hand up when you decrypt the cipher text and you get some message that makes sense normally we assume if it makes sense that it must have been the right key okay well no what well I think we know and we've seen when we looked even at classical ciphers if we decrypt with the wrong key we usually get random looking output coming back to the Caesar cipher we had a brute force attack on a Caesar cipher we had we had cipher text we tried all 26 keys one of them produced an English phrase 25 others produced random looking strings so if we decrypt with the correct key we should get a message that we recognize if we decrypt with the wrong key we will get random looking messages which don't make sense that's the assumption we're making so in this case you receive cipher text decrypt with a key and this key K you shared with user A you get a message that makes sense therefore you assume key K is the correct key that is the message was encrypted with key K and therefore the message came from user A because the only other person who has key K is user A so this provides authentication you assure the message came from user A and also do you think that the cipher text received has been modified along the way user A sent some cipher text you receive this DPNF do you think it's been modified how do you know well you well you you should be quite confident that it has not been modified you receive this you don't know what they sent you know what you received how do you know it hasn't been modified again because it successfully decrypts to something that makes sense if it was modified instead of D at the start it was XP da da da one letter was modified then the output here would be different we would get some strange letter here would get a phrase eventually that didn't make sense so if the cipher text was modified along the way most likely the plain text when we decrypt will not make sense since the plain text makes sense we assume the cipher text was not modified and we assume it was encrypted using key K and we assume that there's only a one other user in the world that has key K and that is user A so we've provided authentication of the source and authentication of the data so this is this assumption if we get plain text that we recognize authentication works another example here's the cipher text you receive you decrypt what do you think happened what do you think happened here you've decrypted the cipher text QEF and you get some plain text FT you eat again option one is not sent from a because we've got a plain text that doesn't make sense in this case okay doesn't make sense to me at least so assuming we know what to expect say the language then here's a plain text after decrypting it doesn't make sense well why wouldn't it make sense if A is sent me a message that has no meaning well no one does that so why doesn't it make sense to possible options either it came from someone using a different key than key K it was encrypted using K prime for example and then I decrypted it using key K because I thought it came from a so maybe that's the case someone is pretending to be a and they used a different key to encrypt the message so when I decrypt with key K I get some strange looking plain text or maybe someone has modified the plain text along the other cipher text along the way a has used key K sent some cipher text but use a C modified that cipher text to be this QEF to do and therefore when I decrypt using key K I get unrecognizable plain text so in this case I would assume something's gone wrong no not really denial of service we don't know what we don't know what has happened but we know something has gone wrong because we obtained a plain text that does not make sense we cannot recognize it either someone else sent it using the wrong key you're using a different key than K or someone modified the cipher text along the way and therefore it did not decrypt correctly so again we provide authentication in this case because we get the wrong or unrecognizable plain text we detect that either it didn't come from a or someone modified it and we'd need to do something about it we wouldn't trust this message I just received so this assumption is if we can recognize the plain text we assume the correct key was used and nothing was modified if we don't recognize the plain text we assume something has gone wrong either the wrong key or the cipher text was modified what about this case what happened is the plain text correct all right in the previous examples I was sending English phrases here's it's a part of an image a JPEG image can you recognize the plain text not so easy okay it just looks like a random sequence of zeros and ones but maybe it's a compressed image or a portion of a word document or an image that's being compressed with G zip or with Ra or something and we just get the binary data now we have this problem of the receiver we got cipher text we decrypt with key K we need to be able to check does this plain text make sense because we've making this assumption if the plain text makes sense everything was okay if it doesn't make sense something's gone wrong that was in the previous two cases in this case how do we know whether this plain text makes sense or not well it's not easy to know I don't know whether it's part of an image or if it has no meaning it's just random so here we identify a problem with this idea of we need to be able to recognize the plain text to provide authentication so we need to be able to recognize the correct plain text in example one we did assuming the message was in English the plain text had some expected structure it had words that we recognize so we assumed it was okay and therefore we assumed it was sent by a and it had not been modified in example two we assume the message was supposed to be in English but we saw that the plain text had no structure it was just random letters and therefore we assumed it was either not sent by a or is modified in example three what do we assume did it come from a or not what's hard to tell because what is the expected structure I don't know in this case so authentication works when we're using encryption only if the message has some expected structure some structure that we can recognize like in the first two the message was English which has some structure and therefore if we get a plain text with that structure good if it's unrecognizable then we assume something went wrong but in some cases the message may not have structure what do we do so if we encrypt a message and we send it if we cannot detect the structure in the received plain text what do we do how can we again packets what does that help for you're on the right track but try to be a bit more specific what can we do such that when we decrypt decrypt the ciphertext and get plain text we can recognize the structure let's say the original plain text doesn't have any structure I can recognize it's some compressed file it's like random zeros and ones at the receiver when I decrypt the ciphertext I want to be able to detect whether or not is it is an expected message what can we do add we can add some structure to it okay so authentication works when we're using encryption if the receiver can recognize the structure in the plain text if it's an English message that's easy if it's a compressed file or a binary data then it's much harder if it's in that case therefore I think we're getting to add some structure to the message before you send it so the plain text messages have struck if they have structure we can detect whether they're correct or not but sometimes that can be difficult depending upon what the plain text is if it's difficult then add some structure to the message the original message before you send it so that the receiver when they decrypt they will recognize that structure and they can confirm has it been modified or not okay and there are different ways to add structure to a message let's say I have a binary file I want to send to you before I send it adds some extra information like a error detecting code a frame check sequence a CRC checksum that adds some extra structure so that when the receiver decrypts the ciphertext they can use that error detecting code to confirm whether the plain text is correct or not and in network communications even the packet header has some structure and that can be used to detect if the packet received is correct or not in practice most messages either already have structure that we can detect or it's quite easy to add some structure such that we can detect if it's a correct plain text or not so in most cases we can in other words in most cases when we use encryption we also provide authentication some examples of those last two we can add an error detecting code or a packet header here's an example of adding an error detecting code we have our message instead of encrypting the message and sending it we first add some extra information about that message error detecting code it shown here is some function on that message and attach that and send them both encrypted in fact this is about this is similar to doing a hash of a message same concept and not much use here if we send data inside a TCP segment that header has some structure so when we decrypt at the receiver we expect the plain text to have the structure which matches the TCP header for example port numbers sequence numbers and so on so in most messages that we send there is some structure included such that the receiver can detect that it's the correct plain text or not so in summary whenever we encrypt our message and send it across the net across the network with symmetric key encryption we normally provide confidentiality authentication of the source and data integrity or authentication of the data so all services are provided what about when we use public key encryption well and we've covered this before if we encrypt with the public key we provide confidentiality we do not provide any authentication because we encrypt with the public key the public key of the destination that is PUB B can decrypt it because only B has the private key so it's confidential no one else can decrypt the ciphertext because no one else has the private key of B but anyone could have sent this message when B receives it how do they know that it came from a they don't in this case everyone can obtain the public key of B therefore anyone can encrypt a message with the public key of B so in this case there's no authentication provided in this case we have data authentication sorry let's go back what what authentication do we have here we don't have authentication of the source what we have we do have authentication of the data the contents so same as with symmetric key cryptography still if the message was modified it would not successfully decrypt so we don't have authentication of the source but we do have authentication of the data if it's modified we'll detect it but if someone else sends it we will not detect if we want to detect if we want to provide authentication of the source we can use the keys in the opposite direction our private key and we get our digital signal digital signature the proof that came from a okay so we can use crypto we can use encryption symmetric key or public key to provide also authentication confidentiality and authentication and with public key we can combine encrypt with a private key of the source then encrypt with a public key of the destination send it decrypt and then verify so we can combine the the ordering of the keys provides all services so yep this one no there's no confidentiality here because it's encrypted with a private key of a everyone has the public key of a so anyone can decrypt that message so there's no confidentiality in this case someone can intercept the message and decrypt any as long as they have the public key of a and by assumption by we assume that that's always public so if we want both authentication and confidentiality with public key encryption we need to apply two operations with symmetric key encryption we can just do it once just encrypt once so it has some difference in terms of performance so we're looking at the different ways in which we can authenticate data and the source the previous topic we spoke about hash functions that's one way we just briefly went through another way using just encryption and then there's a third way using message authentication codes and we'll go through them quite quickly because there's not much different from what we've seen in other hash functions and encryption what's a message authentication code a Mac different from a Mac in terms of medium access control and network protocols a message authentication code is really we have a Mac function some function that takes two things as an input it takes a message and a secret key a shared secret key K and it returns a message authentication code it's a bit confusing the names here we often write Mac as the function takes as an input the message in the key and returns usually a short code as an output sometimes called a tag similar to a hash function remember what a hash function does takes a message any size returns usually a short fixed length hash code a Mac takes a message and a key and returns usually a short fixed length tag or Mac or message authentication code and in fact the similarities mean that a Mac function is sometimes called a keyed hash function it's a hash function but it also has a key we use we use hash functions and Mac functions for similar purposes for authentication so recall hash function take a message as an input produce a hash code as an output Mac function similar takes a message as an input but also a secret key and produces a tag or a message authentication code as an output and we use them for authentication of data in similar ways it's just that the functions are different and importantly a Mac also takes a shared secret key a hash doesn't in fact another way another thing that similar to is encryption symmetric key encryption we usually write encrypt using some shared secret key some message and we get some ciphertext coming back to just symmetric key encryption we take some plain text the message a shared secret key apply some function and we get ciphertext as output Mac is similar it takes a message a shared secret key apply some function and get a tag as output except generally Mac functions are easier to design and implement than encryption functions a Mac function doesn't need to be reversible remember with encryption when we get the ciphertext we need to be able to use the same key and decrypt and get the original plain text M that's not true with a Mac function with a Mac function given the tag and the key we don't need to be able to find the original message again so therefore in practice it's usually easier to divide to design these Mac functions than encryption functions and faster for them to work in software and hardware so performance advantage so there's some similarities between them and we use them in similar ways for as hash functions sending our encryption to provide authentication so just some examples focus on the top one I want to send a message and I want the receiver to be able to authenticate to make sure that the message wasn't modified and that it came from me not someone pretending to be me so I take the message I apply my Mac function on this diagram it's denoted as C okay that's the Mac function shared secret key and I send that the output combined with a message across the network so the message and the Mac value is attached to that and the receiver authenticates they check they take the received message apply the same Mac functions see in this case using the same shared secret key and compare it against the received Mac value if they're the same it assumes that the message has not been modified and that the message came from the person who has the secret key K and there should be only one other person in the world that has that secret key and you can easily follow through and see well what what can an attacker do if they modify the message if the attacker modifies the message then they should not match because if we modify the message the output of the Mac function should be different than the received Mac value or if they use the wrong key similar to what we saw with encryption if you use the wrong key the output will be different and we'll be able to detect that the other two diagrams are similar but they are also combining encryption just different ways to use Mac functions so get more complex but we will not go through them there are other ways as well so let's finish by looking again briefly well how strong is a Mac function how do we measure the security similar to hash functions it's like providing collisions or calculating collisions what an attacker wants to do they don't know the key they want to find a valid Mac code for some given message coming back to this example if if this message was sent and the attacker can find a different message with the same Mac code as the one that was sent then the receiver will be fooled into thinking that the message has been received by a that is if we modify the message to M prime the original message was sent M concatenate with the Mac of K and M intercepted attacker modifies the message and sends the same Mac value they just changed this part then this will work that is it will defeat the security of the system if the Mac using this key of message M is the same as the Mac using the key of M prime so if the Mac of two different messages with the same key is the same then the attacker same with it when we analyze the hash function the attacker can fool the receiver into thinking that the message came from a but it's in fact been modified by the attacker in this case so the same concepts apply for what an attacker can try to do with a hash function if they can modify the message and get the same Mac value then they can break the security system so the challenge for the attacker then is to be able to compute the Mac code without knowing the key to find so is it the definition of our requirement for security if we have some message X and the Mac using some key of that message it should be hard for the attacker to find some other message X it's different from X I with the same and and the Mac value of that message X so it should be hard for the attacker to find that so that's a required property of the Mac function and similar analysis can be performed as done with hash functions it's a similar problem we're not going to analyze we'll just tell you the results so there are two ways to break a Mac function try all possible keys how much effort depends on the key length if the key is k bits long a brute force attack try all possible keys takes two to the k attempts the other way is to try an attack to find the Mac value and it turns out that depends upon the length of the Mac value so if we have an n-bit Mac value the output here t is n bits long then the amount of effort to break in a brute force attack is 2 to the power of n so if my Mac function here t is 128 bits and the k the key is 256 bits how much effort to break this Mac function 2 to the power of 128 because there are two different approaches you either do a brute force on the key or you do a brute force on the Mac value so you do the one which will get you to the answer fastest this would take to the power of 128 operations or attempts this would take two to the power 256 attempts so the security of the Mac function is proportional to the minimum of the two in this case to the 128 if the key was only 64 bits in length for this Mac function then the security would be equivalent to two to the power of 64 attempts so you need a key which is long enough and you need a Mac value which is long enough and then a brute force attack is not possible there are many different Mac algorithms we're not going to go through any we don't see many of them in the examples that we see of our network protocols except for one which we'll see on the last slide generally they're considered secure the Mac algorithms available so it's really make sure your key is long enough and make sure the Mac code is long enough and people cannot break them some Mac algorithms are based upon using different modes of operation with block ciphers for example DAA data authentication algorithm used des and then a new one C Mac used triple des or AES in different modes of operation and there are others will not go through how they work but they combine block ciphers in different ways DAA C Mac maybe the one that you will see and we may see it in some examples is H Mac this is a Mac function that uses the existing hash functions remember hash function takes a message only Mac function takes a key in a message other than that we use them for the similar purposes so H Mac is a general approach that takes an existing hash function introduces also a key so it turns a hash function into a Mac function the benefit here is that there are well-known hash functions which have good software libraries and even hardware implementations so MD5 and Shah the idea is let's just use them again but also introduce a key so H Mac turns hash functions into Mac functions just an example of how it does it it uses the hash function the key and some other values some XORs on some paddings use an opad and an iPad where they are not tablets they are just strings predefined strings some padding used in here so we have a message and some key if we use H Mac we take our hash function for example Shah one we take our key XOR with this string here of this constant value and concatenate with our message take the result of that and concatenate with K XOR with opad and then take the hash of all of that and we get the output so the idea really is turn a hash function into a Mac function and the advantage is that we can use existing software for hash functions and the security of H Mac depends upon the security of the hash function because people have analyzed the hash functions a lot they know how secure they are and they trust them so that's one you may see in some of the network protocols done very quick on Mac functions no more that we need to cover on that any questions why do we need a Mac function it's a different way to authenticate it has an advantage of using the key in this case if you see when we when we use a hash function for authentication we normally do not just use a hash function we also use encryption so for example I've removed it but when we did a digital signature we had a hash and encryption for performance reasons we may not want to do encryption so for authentication just use a Mac function which can be faster so for performance reasons for practical reasons if you don't want to use encryption and you want to perform authentication then you can use a Mac function because often encryption is slower or you need a license to use a particular cipher so there are costs involved of using encryption so it's an alternative to using hash functions and just plain encryption any other questions before we finish this topic and start a new topic we've got a lot of time remaining I'll stop on this topic here yes let's let's not start the next topic but let's give an example when it may just take 10 minutes it's always Friday afternoon now lectures if we stop every Friday afternoon let's do a quick example of using open SSL because your next homework it's not using this one it's using something similar this one the example I'll go through is and quite quick it's using RSA public key encryption and digital signatures using open SSL so you can read about it on the website I'll provide a link later or it's on the web course website already but we can use open SSL to encrypt and to provide it signatures actually I need the instructions your next homework and I'll release it today or tomorrow is very simple it's even simpler than this it's using Diffie helman so so we can do it quickly I'll just copy and paste some commands maybe all right you do not have to remember these that you can find them on the website but this is just a command using open SSL to generate GenP key generate a private key in fact it's generating a pair of keys GenP key generate a private key and a public key using RSA a length of 2048 bits and the public exponent of 3 remember E in RSA let's set it to 3 and let's output it to a file private key dash a and there it just generated my public and private key and saves them in a file there it is now this is hard to read what it open SL normally does with it its keys when it generates them is it saves them in this format which is not encrypted it looks strange it's not encrypted it's just a different encoding so there's some information about the keys public and private key for example edn also p and q the primes in RSA we'll see them in a moment but normally instead of storing them or displaying them in a text format in encode them into what's called base 64 which is just a way to encode them using ASCII characters in a format that can be easily sent across the network in an email posted on a web page and so on so this is not encrypted it's just encoded and open SSL provides a way to decode it very easily here's one we take that as an input and display it in text go up so what I just did is used of this P key operation to take my private key in fact a pair private key and public key for RSA and display it in text mode which shows the encoded form and then after that it shows in the human friendly text form it shows my modulus n remember RSA we have n public exponent e which is 3 in this case I set it to be 3 private exponent which is D that's my private value here it is long value and it also stores the primes prime one P prime two Q that they are private don't look at them they are mine okay prime one prime two is P and Q and it stores some other values that help in calculating later but are not necessary but just improve performance so that's my key pair in fact my public and private key let's let's extract just the public key from that because I would like to give you my public key I generate my own private key and then I would like to make my public key available to others so we can extract just the public key we take as an input the private key and the output let's call it pub key dash a I'm user a in this case and we say pub out output the public key yes so all it does is it takes the public values out of my key pair my key pair has the private and public values I store that for myself but to give to someone else I just give them the public key and let's look at that in a text format again it's just in the encoded format originally so and in the text format the public key in and it shows us just the modulus n and the exponent e equal to three okay so that they are my public values I can give you this file okay I will post this file the file was pub key a dot PEM PEMs with the format and the way that it stored beforehand I generated pub key B but I would post pub key a on a website or I'd include it at the bottom of an email that would be my public key okay so I can make it available to anyone and what's next I've also done it for some other user user B in this just for this demo so assume user B has done the same thing already they've generated their private key and they've also extracted their public key so let's assume we've exchanged our public keys what can we do sorry n is 2048 bits in this case okay so it shows the values in hexadecimal but n was chosen to be 2048 bits I've got a message here just some text file we can calculate the hash of that message char one sum is just a program in Linux on the command line that calculates this the char hash using the char one algorithm there are different variations and here's the hash value of the contents of the file not the file name the contents 0 6 to the open SSL has its own way to do that as well there are other programs that will do it it's called the digest and you can specify the algorithm and it produces the same value so it's just a not another way to calculate the hash of the contents of that message now I've got a message I want to send it to user B I'm user A I want to send it to user B what do I do I well first I want to provide two services confidentiality and authentication or a signature so we're using RSA in this example I want to let's first sign the message so I want to send this message to someone else to use a B I want to first sign the message how do I sign the message I use my private key okay that's important so open SSL allows us to sign a message I specify the hash algorithm char one because in fact the signature we take a hash of the message and then encrypt that hash value with the private key of the source of the sender so I use char one as a hash algorithm and then we've got the option to sign and I specify my private key which is the one I created before and the output let's call it sign something it's a binary it produces just a binary value so put it into a file and the message we want to sign so all I did is well that operation applies the char one hash function on the message and we'll get this value zero six four whatever all through the CA six and then it encrypts that value with my private key and the output is saved in this file sign a dot bin and last thing let's provide confidentiality by encrypting the message using RSA and this is operation public key utility to encrypt the input is the message the in key is what I'm going to encrypt encrypt my message using some input key and it's the again you're right the public key of B for confidentiality I encrypt the message using the public key of the recipient be I'm not going to combine them in this case I'm I'm going to do them separate public key of B and output my ciphertext I've done something wrong what did I do wrong I need another option I need to say that it's a public key coming in encrypt my message using a public key as input and that public key is the public key of B and output into this file called ciphertext dot bin so this file contains the ciphertext I now send that to user B and I also send the one I created before sign sign a dot bin I send these two files this is the ciphertext this is the signature send them to be and then it's the job of B to decrypt and verify so the last assume now we've sent them across the network and B has received them B now needs to decrypt I've already created the key for B so let's decrypt similar operations as encrypt take the ciphertext as input input key is what by default it uses the private key what B wants to decrypt the ciphertext what's the input key the private key of B a sent the ciphertext to be it was encrypted with a public key of B so we decrypt with the private key of B and let's call it the output received and let's look at the received file now okay so the received file is the same as the original message after decrypting has the file been modified who did it come from well anyone could have sent us this file so now we use the signature to verify the signature anyone can encrypt with B's public key and send it to B but we also receive the signature so the last thing last thing is to check the signature again we must know that hash algorithm show one and instead of a sign operation there's a verify operation and we need to specify a key which key do we use to verify public key of of the sender okay of a correct so now we're verifying and the input signature is that file that we received and the file that we're verifying is the received one so what we're doing is use the public key of a take the signature that we received and the file we received and check them and it simply says verified okay okay so it does everything for us it decrypts using the public key of a and compares the hash values and if they're the same it says verified okay and now user B knows the received message and that they are certain it came from user A and it hasn't been modified along the way confidentiality digital signature and source of both source and data authentication in that case enough that's it that's an example of using RSA it's on the website you can see all those commands I will really release the homework which is even simpler but using Diffie helmet okay so that will be the homework drew for next Friday there'll be no online quiz just the the homework I'll send it out an email soon okay we'll see you next week