 I will use OpenSSL to encrypt the text file using the Data Encryption Standard Desk. First, let's look at the man page for OpenSSL. OpenSSL is a command line tool to apply many different security algorithms. It's also, in fact, a library that you can call from different programming languages. We're just using the command line tool. If we scroll down, we'll see there are many different commands that can be used within this package. The one that we want is to encrypt or into encode. ENC is the operation. All these commands listed here have their own man page. So let's go direct to the one that we want. If we quit and look at the man page for ENC, we'll see it's a set of routines for symmetric ciphers. We want to encrypt using DESK, just as an example. All the options that are available with the encrypting or encoding are listed here. For the homework that was assigned, you were told to use particular options. We'll see them in the demo. So read through the man page to see what options are available. And also, if you scroll down, you'll see the supported ciphers. DESK, CAST, Blowfish and others. We're going to use DESK for this example and using the cipher block chaining mode, DESK, CBC. First, let's create a text file that is going to be a plain text to encrypt. You can use your own text editor. Here's a quick way to create a plain text file. And if we cat that, this is going to be our demo plain text for the input. Now we want to encrypt using DESK, and we need to select a key to use. We're going to use, just for a demonstration, the Linux kernel has a random number generator that takes inputs from the keyboard, the disk activity to produce pseudo-random numbers. We're going to grab one of those numbers to use as our key. The random number generator is called Urandom, or random, and it has its own man page. So you can read through that for an explanation of how it works and how to use it. Basically it's a file, and it contains newly generated random numbers. So what we want to do is select just some random numbers to use for a key. And for DESK, we need a 64-bit key. We only need a limited number of random numbers, so I'm going to pipe the output into a head, which takes just the first line of the output, and take all of that into a file. Let's call it random bytes. The random bytes is a binary file, so let's have a look at it using a program where we can dump the binary file as hexadecimal or as binary, or octal. HexDump is one program, but there are other programs, so I'm going to use xxd, just to display the file. I'm only going to display the first line of the file, because we only need a selection of the bytes. The format here is the first column that all zeros shows us the placement or the position in the binary file. And then we see the hexadecimal values of those random numbers. So for OpenSSL to encrypt using DES, we need to provide a key, a 64-bit key, and we can provide it in hexadecimal. So I'm going to select the first 16 hexadecimal digits there, 319D up and through to EE3C. So we can remember that. And now let's do our encryption with OpenSSL. So on the command line, we want to apply the encryption or encoding operation. We need to specify the algorithm to use, the cipher. In our case DES with cipher block chaining. In fact, in this case, you can use just the DES option here, because it defaults to CVC. We specify input file, the plain text, and the output file, we'll give it a name, our cipher text. And the options that we want to use for the encryption, and you don't have to use these options, but for the assignment or the homework that you were told to use them, just for simplicity, we don't want to use Assault. The initialization vector that we need for cipher block chaining is all zeros. So we can specify in hexadecimal 16 zeros. And now the key that we want to choose. And I'll simply take from the output of those random bytes in the line above. 319D, F2, F4. And that should encrypt our plain text file using DES with the cipher block chaining mode of operation using the specified key and initialization vector and produce the output cipher text file. Now let's take a look at that output cipher text file. If we list the files, 56 bytes in length, it's a binary file, so let's again use xxd to look at the contents. The minus b option with xxd prints the output as binary. Zeroes and ones. The file. And we see the output of the cipher text there. We have six columns and nine rows. So 56 bytes is 448 bits if I do the calculations, which using my calculator, 448 bits. And we know with DES we use 64-bit input blocks, so we have four blocks of plain text that was encrypted to produce the cipher text there. Note that padding would have been used if the plain text was not the round number of blocks. So there's our encryption. But again with our homework, I ask you to use base 64 encoding of the output. That is rather than saving it as a binary file, the cipher text, to then perform some encoding on that binary file to produce a text file, a text file that we can send via email. And that uses base 64 encoding. So we'll repeat the encryption option, an encryption operation, but add one more option. The minus A option produces the output with base 64 encoding. And now we can look at the output cipher text. It's a text file. Check up on the internet for how the base 64 encoding works. It was originally developed to allow sending of binary content in emails. So we have our cipher text. Let's now decrypt it. And the operation to decrypt is very similar. We use the encoding operation, specify the cipher, and add the option minus D for decryption. Our input now is the cipher text. And the output, let's call it, in my case, the received plain text. And the other options should be the same. We don't want to salt. We have an initialization vector of all zeros, and the same key as we use for encryption. It's a symmetric key cipher. And since the cipher text is base 64 coded, we'll add the minus A option so that first OpenSSL will decode back to binary and then do the decryption on the cipher text. And look at the files that we have. We now have this received file. It's the same size as plain text. We expect that if we show the received plain text, if I type the name correctly, which I didn't do in the original encryption, we see it's the same text. And just to check, we can use diff, which would show the differences between the plain text file and the received file. We see no differences, which is what is shown there. So we've now done the encryption and demonstrated the decryption using OpenSSL using the DES block cipher.