RSA Usage

Notes

• Your book and Du are the main sources
• RSA Rivest-Shamir-Adleman the author's names
• This is a system for sending messages
  • Each user has two keys
  • Using these keys they can assure either the privacy or authentic of a message.
• Keys:
  • Every user has two keys
  • A private key is a key that is known only to one users.
    • This is used to encrypt messages we wish to sign
    • This is used to decode messages sent to them in secret
  • A public key is a key that the user has published
    • This is used to decode messages the user has signed to verify the signature
    • This is used to encrypt messages sent to the user in secret
• Openssl provides a tool to generate these
  • openssl genrsa -out private.pem 2048
    • Generate an RSA private key
    • Into the file private.pem
    • using 2048 bits.
  • openssl rsa -in private.pem -pubout -out public.pem
    • use private.pem for the input file to specify the private key
    • generate a public key
    • output to public.pem
• This system is designed so that
  • The public key can be made public, so anyone can know it
  • But they can not decode a message encoded with the public key unless they know the private key.
  • And any message they encrypt with the public key can only be decoded with the private key.
• RSA is intended for small messages
  • Typically a key for a symmetric exchange, we will discuss this later.
• We can encrypt messages with
  • openssl pkeyutl -encrypt -inkey public.pem -pubin -in message.txt -out encrypted.dat
• And decode messages with
  • openssl pkeyutl -decrypt -inkey private.pem -in encrypted.dat -out newmessage.txt
• An example, Bob wants to send you a message.
  • Bob must have public.pem, my public key.
  • Enter a message in privateMessage.txt
  • Encode this with my public key
    • openssl pkeyutl -encrypt -inkey public.pem -pubin -in privateMessage.txt -out privateMessage.dat
  • This will create privateMessage.dat
    • Which looks like garbage!
    • od -c privateMessage.dat, or even bless it
  • You receive the message and want to decrypt it, do so with
    • openssl pkeyutl -decrypt -inkey private.pem -in privateMessage.dat.
    • If you wish you can add -out bobsMessage.txt
  • You use your private key (private.pem) which no one else knows, to decrypt this message.
    • This means that no one else can decrypt it.
  • P = D(K_private, E(K_public, P))
• RSA is also used to verify the authenticity of a message.
  • Create an announcement that you want to prove the authenticity in annoucement.txt.
  • Digitally sign this announcement with my private key
    • openssl dgst -sha256 -sign private.pem -out announcement.sig announcement.txt
    • This is equivalent to me "signing" it.
    • No one else has my private key, so no one else can create this.
  • I can then post the announcement, along with ths signature file (announcement.sig) and my public key.
  • If you doubt that I made this announcement,
    • Download the announcement and the signature
    • Check it with my public key
    • openssl dgst -sha256 -verify public.pem -signature announcement.sig announcement.txt