Security in Computing (3rd Edition)

Info icon This preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
CS 161 Computer Security Fall 2005 Joseph/Tygar/Vazirani/Wagner HW 2 Due Friday, October 14 at 11am Please include the following at the top of the first page of your homework solution: Your full name Your login name The name of the homework assignment (e.g. hw3) Your TA’s name Staple all pages together, and drop them off in drop box #2 (labeled CS161/Fall 2005) in 283 Soda by 11am on the due date. Homework exercises: 1. (4 pts.) Any questions? What’s the one thing you’d most like to see explained better in lecture or discussion sections? A one-line answer would be appreciated. 2. (20 pts.) PGP In this question, you will learn how to use PGP, a popular format for email encryption. Of course, plain email is totally insecure: it is very easy to send forged email with a spoofed From: address, and it is often easy to intercept (eavesdrop) on email. PGP was first built by Phil Zimmerman as a way for activists to communicate securely over the internet. Over time, it has evolved into an open standard, called OpenPGP. There are several programs that support this message format: PGP is made by PGP Corporation; gpg is an open-source Gnu implementation. They can all interoperate. The instructional machines already have gpg installed, so the following instructions assume that you will use gpg on the instructional machines. Note that you can get documentation on how to use gpg by simply typing man gpg . The instructional web pages also have a more detailed tutorial at . (a) Generate a new key pair. With gpg , you can use gpg --gen-key . This will construct a public key and a private key. Make sure your keysize is at least 1024 bits. Then, export your public key into ASCII-armored format, and save the result to the file pubkey.asc in your home directory. With gpg , you can use gpg --export --armor > ˜/pubkey.asc . Make sure that the resulting public key is world-readable: chmod a+r ˜/pubkey.asc . (b) Extract the fingerprint of your public key. With gpg , the fingerprint is printed out when you generate the key, or you can use gpg --fingerprint . The finger print is a long string of about 40 hex digits that can be used to uniquely identify your public key. It is generated by applying a collision-resistant hash function to your public key, so no two public keys will have CS 161, Fall 2005, HW 2 1
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
the same fingerprint. This is very useful: if I want to send you my public key, I can email you my public key (or send it to you over any insecure channel), and then we can compare fingerprints over a secure channel. For instance, I might print my fingerprint on my business card, or you can telephone me and I can read off my fingerprint out loud. Write down your fingerprint as the answer to this question. (c) Get your TA’s public key, and import it into your “keyfile”. Your TA’s public key will be stored in ˜cs161/pubkeys/ta-name.asc on the instructional machines. (Replace ta-name with the last name of your TA.) With gpg , you can import it into your keyfile using gpg --import ˜cs161/pubkeys/whoever.asc .
Image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern