Cryptographic Software Questions

Question 1: Cryptographic Software

OpenSSL is a widely used open source cryptography library that allows you to generate keys, encrypt messages, sign messages, etc. In many cases the OpenSSL tool comes already pre-installed with your operating system. If that’s not the case, you can usually install it through your favorite package manager or download it, e.g., at  Make sure you have the latest stable version OpenSSL 3.0.0 from September 07, 2021. Use OpenSSL to answer the following questions:

a. Save the two passphrases enc-cryptorulez2600 and mac-cryptorulez2600 in the text files enc.pw and mac.pw, respectively. What are the SHA256 fingerprints of these passphrases? [2 marks]

 

b. You received the following encrypted message:

This ciphertext was produced with the ChaCha20 stream cipher using the SHA256 fingerprint of enc IV. What was the message? [2 marks]

c. Next to the above ciphertext you also received the following authentication tag for it:

It was created with the HMAC-SHA256 message authentication code using the SHA256 fingerprint of mac-cryptorulez2600 as a key. Is it correct? What OpenSSL command did you use to verify it? [2 marks]

d. Consider the following RSA public key:

e. Create a plaintext file containing the string Alan Turing and encrypt it towards the above RSA public key. What is the ciphertext in base64 format? [4 marks]

(e) Consider the following Diffie-Hellman parameters and public key:

Assume the DH parameters and public key are stored in files dhp.pem and dhpub1.pem, respectively. Describe the steps to setup your own DH key pair and do a DH key exchange using the given DH parameters and public key. [4 marks]

(f) The following command sequence allows to download TLS certificates:

• Which HOST and PORT parameters were used to download the above certificate? [2 marks]
• What is the certificate’s serial number? [1 mark]
• Until when is the certificate valid? [1 mark]
• What signature algorithm was used to sign the certificate? [1 mark]
• What is the certificate’s fingerprint? [1 mark]

Let ? denote a security parameter. Let ?₁ and ?₂ be two encryption schemes for which it is known that at least one of them is IND-CPA secure with respect to ?. However, you do not know which one is definitely IND-CPA secure and which one may be not.

• Build a correct and IND-CPA secure encryption scheme ? using ?₁ and ?₂. [8 marks]
• Prove that ? is IND-CPA secure with respect to ?. [12 marks]