Monthly Archives: January 2013

File encryption and decryption using symmetric key

Symmetric-key encryption is the type of encryption where the key used to encrypt and decrypt a file is the same. Symmetric  key encryption can use two types of ciphers :

  1. Block Ciphers : Here, the message to be sent, is divided into blocks of fixed size and each block is encrypted using the same key. Thus similar blocks when encrypted using the same key give the same output (AES – Advanced Encryption Standard has 128 bits in a block).
  2. Stream Ciphers : In this cipher, each bit of the message to be encrypted, is encrypted separately.

Encrypting and decrypting a file using symmetric key :

Put the text to be encrypted into a file. Let the contents of the file to encrypted  be :
This is a secret.
The name of the file to be encrypted is secret.

savita@Amrita:~/secure_os$ gpg --symmetric secret

A password is prompted for, which is the key. A file called secret.gpg gets formed. This is the encrypted file. You can view the contents of the file.

savita@Amrita:~/secure_os$ cat secret.gpg
�vu�ƿѥ`�-Y���������V�|�*l5#` ��vf1#ah��v������8�

Now if you want to decrypt the file, run the following command :

savita@Amrita:~/secure_os$ gpg --decrypt secret.gpg

and enter the correct password. You get the following output which contains the text that you encrypted.

gpg: CAST5 encrypted data
gpg: encrypted with 1 passphrase
This is a secret. gpg: WARNING: message was not integrity protected

Bingo! You just encrypted and decrypted a file using a symmetric key. This uses the CAST5 algorithm for encryption.

Verify the signature of Linux kernel

When you download Linux kernel (or for that matter any file such as an Ubuntu image), there are high chances that the file may be corrupted. In order to verify that the file is not corrupted is coming from the right source (that is, comes from the person making the release), a signature of the person making the release is provided along with each release. This sign can then be verified to find out if the files have been tampered with. Public key cryptography is used for signing and verification and it is next to impossible to forge the signature (unless of course the person trying to forge, has the private key of the victim whose signature he is trying to forge). The sign can be verified using GnuPG. All you have to do is :

1. Download the linux kernel and the corresponding sign from the person making the release.

savita@Amrita:~$ wget https://www.kernel.org/pub/linux/kernel/v3.0/linux-3.1.5.tar.xz

2. Download the corresponding sign for the kernel release.

savita@Amrita:~$ wget https://www.kernel.org/pub/linux/kernel/v3.0/linux-3.1.5.tar.sign

3. Unzip the linux kernel.

savita@Amrita:~$ unxz linux-3.1.5.tar.xz

4. Verify the sign.

You will probably get the following output.

gpg: Signature made Fri 09 December 2011 10:46:46 PM EST using RSA key ID 6092693E
gpg: Can't check signature: public key not found

This is because you need to download the public key from PGP server to check the sign.

5. Now download the public key from the PGP server. We get the key ID from above.

savita@Amrita:~$ gpg --recv-keys 6092693E
gpg: requesting key 6092693E from hkp server keys.gnupg.net
gpg: key 6092693E: public key "Greg Kroah-Hartman (Linux kernel stable release signing key) <greg@kroah.com>" imported
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   4  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 4u
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

6. Verify again using GnuPG.

savita@Amrita:~$ gpg --verify linux-3.1.5.tar.sign

You will get this :

gpg: Signature made Friday 09 December 2011 10:46:46 PM IST using RSA key ID 6092693E
gpg: Good signature from "Greg Kroah-Hartman (Linux kernel stable release signing key) <greg@kroah.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 647F 2865 4894 E3BD 4571  99BE 38DB BDC8 6092 693E

The “Good”  signature shows that the file has not been tampered with. There are also chances of the signature being “Bad”. This may be due to the fact that the file is corrupted, or it was not downloaded completely. But there is a warning. You still need to verify whether the sign used, still belongs to the person who made the release, that is, in this case, George Kroah-Hartman. This can be done in two ways. Either follow the Web Of Trust used in PGP or go through the list of people who have signed the person’s key (using the command gpg gpg --list-sigs) and contact them to check if they really signed it and someone else did not fake it. You can thereby verify that the signature on the Linux kernel is genuine.

Reference : http://www.kernel.org/signature.html

Gpg key pair generation

A week ago, I learnt how to create a key pair (public key and private key) using gpg. I thought I’d blog about it. This blog post is a tutorial on how to do exactly that. It is extremely simple.

All that you have to do is to open up a terminal and run the command :

savita@Amrita:~$ gpg --gen-key
savita@Amrita:~$ gpg --gen-key
 gpg (GnuPG) 1.4.11; Copyright (C) 2010 Free Software Foundation, Inc.
 This is free software: you are free to change and redistribute it.
 There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
 (1) RSA and RSA (default)
 (2) DSA and Elgamal
 (3) DSA (sign only)
 (4) RSA (sign only)
 Your selection?
 RSA keys may be between 1024 and 4096 bits long.
 What keysize do you want? (2048)
 Requested keysize is 2048 bits
 Please specify how long the key should be valid.
 0 = key does not expire
 <n>  = key expires in n days
 <n>w = key expires in n weeks
 <n>m = key expires in n months
 <n>y = key expires in n years
 Key is valid for? (0)
 Key does not expire at all
 Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
 from the Real Name, Comment and Email Address in this form:
 "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name:
 Real name: Savita TS
 Email address: savita.seetaraman5@gmail.com
 Comment: Gpg Key-Pair Generation
 You selected this USER-ID:
 "Savita TS (Gpg Key-Pair Generation) <savita.ts@gmail.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
 You need a Passphrase to protect your secret key.

You now get a pop up asking you to enter the pass phrase. Enter a secure pass.


We need to generate a lot of random bytes. It is a good idea to perform
 some other action (type on the keyboard, move the mouse, utilize the
 disks) during the prime generation; this gives the random number
 generator a better chance to gain enough entropy.

Not enough random bytes available.  Please do some other work to give
 the OS a chance to collect more entropy! (Need 118 more bytes)
 .+++++
 .....+++++
 We need to generate a lot of random bytes. It is a good idea to perform
 some other action (type on the keyboard, move the mouse, utilize the
 disks) during the prime generation; this gives the random number
 generator a better chance to gain enough entropy.
 ..+++++
 +++++
 gpg: key 3D4F13E9 marked as ultimately trusted
 public and secret key created and signed.

gpg: checking the trustdb
 gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
 gpg: depth: 0  valid:   4  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 4u
 pub   2048R/3D4F13E9 2013-01-17
 Key fingerprint = 7DEF 17A4 D20B E290 BF7D  6D33 D7ED 37EF 3D4F 13E9
 uid                  Savita TS (Gpg Key-Pair Generation) <savita.ts@gmail.com>
 sub   2048R/9646B948 2013-01-17
 

Bingo! You’ve just created your public key. Now you need to export the key. 😀

Exporting the key :


savita@Amrita:~$ gpg --export savita > public_key.gpg

If you open and see this file, you see gibberish. If you want to see the key in ascii format, then all you have to do is to execute the following command. You have to add one more argument, –armor along with it.


savita@Amrita:~$ gpg --armor --export savita > public_key_ascii.gpg

Importing others’ key

If you want to import other people’s public key, this is what you have to do :

savita@Amrita:~$ gpg --import <filename>

where filename is the name of the file that contains the key.
Now we get to the encryption and decryption part.

Encrypting a file using the public key :

You can now encrypt your files using the public key that you just created. If you want to send a message to xyz you first encrypt message (which is a file containing the message that you want to deliver), this is what you do  :

savita@Amrita:~$ gpg --recipient xyz --encrypt message

Decrypting a file using the public key :

Suppose that you receive a message that has been encrypted with the public key of the sender (imagine yourself in the shoes of xyz who has just received the message that you sent earlier) and you want to decrypt it. You do so using your private key. You need to do the following :

savita@Amrita:~$ gpg --decrypt message.asc

The .asc denotes that the contents of the file is in ASCII format. You will now be asked for the passphrase.

savita@Amrita:~$ gpg --decrypt message.asc
You need a passphrase to unlock the secret key for user: "savita (Gpg Key-Pair Generation) "
2048-bit ELG-E key, ID 35C5BCDB, created 2010-01-02 (main key ID 90130E51)

References :
This site helped me out a lot. But for this site, I would not have been able to complete this assignment.

A song that I like …

Yesterday, I was watching the movie Talaash, starring Aamir Khan, Kareena Kapoor and Rani Mukherjee. While the movie was itself very exciting and kept one on the cliff edge throughout wondering what was going to happen next, according to me, that was not the highlight of that show. The one thing that took away all my attention was the song, “Jiya Lage na”. It’s absolutely amazing !!! I’ve always liked the duo of Ram Sampath and Sona Mahapatra, right from when he used to compose music for the Aamir Khan produced TV show “Satyamev Jayate” and she used to sing the compositions. Some of the other songs for which the duo worked together are “Ghar Yaad Athi Hai”, “Mujhe Kya Bechega Rupaiya” and “Chanda Pe Dance” and for the TV show “Satyamev Jayate”. The male part has been sung Ravindra Upadhyay.

Coming back to this song, I liked everything about this song – the lyrics, the blend of Hindustani and Western flavours, the voice of the male and female singers. Hats off to Javed Akhtar for writing such beautiful lyrics!!! I can’t express how much this song has affected me. Now I’m addicted to it. I can’t stop listening to the song. 😀 . I hope Ram Sampath composes more such amazing songs.

I would like to thank Sai Vikneshwar (a senior of mine, who is crazy about music and films among other things), who asked me to watch the movie because but for him, I would not have had the opportunity to come to know about this song. 🙂

7876579_1347368626_94718

Python Challenge Level 1

A couple of days back, I tried started solving questions from Python Challenge. In all there are 33 levels. I’ve completed the first few levels and I plan to blog about them. This is one is about how I solved the first level. Pull up a terminal and type, “python”. You get an interactive shell. Just type 2**38 and you get  the answer.


savita@Amrita:~/python_challenge$ python
Python 2.7.3 (default, Aug  1 2012, 05:16:07)
[GCC 4.6.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> 2**38
274877906944L
>>>

Now following what the hint suggests, change the URL. The original URL is : http://www.pythonchallenge.com/pc/def/0.html . I tried changing that to : http://www.pythonchallenge.com/pc/def/274877906944L.html . As a result, I got this message : “the L in unnecessary”.  So I removed the L from the URL, and bingo !!! I got to the next level. This is the simplest way of doing it. You could even resort to scripting the command in a file and then executing the file. There are also ways of doing it.

Another way of solving this level is :

>>>pow(2, 38)

You could start too 🙂

14-06_python_challenge

Python programming language

It’s Sunday and I didn’t know how to kill time. So I thought I’d post about Python programming language. Python is a very easy to learn programming language. Once you start learning it, you’ll fall in love with it. According to me, anyone trying to learn programming for the first time should start with Python as it cuts down on a lot of syntax that may be meaningless to the newbies. The language was written by Guido van Rossum. The logo for Python programming language (which was designed by Gudio van Rossum’s brother, Just van Rossum).

python-logo-master-v3-TM
Python logo

Some things about Python that are noteworthy are :

  1. Python is an interpreted language. It interprets and executes the code scripted in files.
  2. It also has an interactive shell that executes arbitrary statements.
  3. Python code can be easily read and understood even by a person who’s absolutely blank about the language.
  4. It supports both structural programming and object-oriented programming.

Those who want to start learning Python could start off with Coding bat : http://codingbat.com/python . This website has a got a whole lot of questions which will strengthen your  basic knowledge of the language. For those who wish to delve deeper, Python challenge would be good (But this is just what I feel. It could be the other way around for some people). A couple of days back, I started doing Python challenge a couple of days back and am finding it interesting. I suggest that you learning Python too.

Internal and External Linux commands

Linux commands can be classified into two categories :

  1. External
  2. Internal

Let’s look into what External Linux commands are.

External commands programs with files in /bin directory (In Linux, everything is represented in the form of files). If the files are not present in the path specified by the $PATH variable, they do not get executed. Similarly, if the files are available but are not present int the path specified by $PATH, the commands cannot be executed. Another point worth noting is that every time an external command gets executed, a new process gets spawned.

Internal commands are those which are directly executed by the shell. These are built-ins in the shell. They do not depend on paths since they are not coded in files. Unlike external commands no process is created when an internal command is executed.

How to distinguish between internal and external commands ?

There is a Linux command type, which (quoting the Wikipedia) specifies how its arguments would be interpreted if they were used as a command name. This command could be used to identify between the two types of commands. Execute the command : type <command>

If the output states that the command is shell built-in, it is an internal command. Instead, if the output states that the command is present in /bin, then it is an external command.

For example, cd and pwd are examples of internal commands.


savita@Amrita:~$ type cd
cd is a shell builtin
savita@Amrita:~$ type pwd
pwd is a shell builtin
savita@Amrita:~$

cp and mv are examples of external commands.


savita@Amrita:~$ type cp
cp is /bin/cp
savita@Amrita:~$ type mv
mv is /bin/mv
savita@Amrita:~$

However, there might be certain commands which have files in /bin directory and at the same time, are also built-ins in the shell. In such cases, the first preference would always be given to the internal command, meaning that, even if the corresponding file did not exist, it would be executed by the shell as a built-in. One example is the Linux command echo.

Differences between the two types of commands :

Summarizing the above two paragraphs, some of the differences between internal and external commands (from what I understood about them) are :

External Linux Commands

Internal Linux Commands

These are executed by the kernel. These are executed by the shell.
A separate process is spawned every time a new external command is executed. No new process is created.
These are separate files in /bin directory. The execution of these commands happens through the execution of their corresponding files in /bin directory. These are built-ins in the shell. The execution of these commands happens through the execution of their corresponding files in /bin directory.
A few examples are cp, mv, etc. Some examples are cd, pwd, etc.

References : 1   2