CSCI 530 Lab

Cryptography and Public Keys

This lab consists of two primary parts:

1) manual operation of RSA's public-key algorithm using the bc calculator

2) use of the gnugpg public-key utility program to create and distribute keys for users and interact them cryptographically as the users encrypt and sign messages for one another

After you have performed the above lab components, answer the following questions.

1. place at the top of your submittal the content of the file "outfile" you generated in applying RSA

2. In the gpg exercise Tom and Dick each signed a message. Tom could verify that Dick's message indeed came from Dick. But Dick failed when he tried to verify that Tom's message was actually from Tom. Why this difference?

3. When users tried to verify the correct originator of messages, gpg issued warnings like:

gpg: Good signature from "Dick Jones (second among equals) <dick@bogus.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.

Did the verification process on the message succeed? Did the message come from Dick for sure? What command options or features do you notice in the "man gpg" documentation for gpg that appear to address the complaint in the warning message? (You can google man pages on the internet if away from a linux machine.)

4. Visit pgp.mit.edu. Look up "David Morgan," "Joseph Greenfield," and "Clifford Neuman." Report the date of placement on the server for the earliest public key that Joseph put there, and for the earliest public key that Clifford put there.

The University of Southern California does not screen or control the content on this website and thus does not guarantee the accuracy, integrity, or quality of such content. All content on this website is provided by and is the sole responsibility of the person from which such content originated, and such content does not necessarily reflect the opinions of the University administration or the Board of Trustees