Cryptography Cybersecurity Project
Objective:
To create a home lab environment for learning and practicing basic cryptography concepts using ARM-based macOS, Kali Linux, and an ARM Ubuntu server. This project covers the following topics:
- Symmetric and asymmetric encryption
- Hashing
- Digital signatures
- Public Key Infrastructure (PKI)
Lab Setup:
Components:
- macOS (ARM): Primary workstation for accessing the lab environment and performing cryptographic tasks.
- Kali Linux (VM): Used for offensive security tasks, such as breaking encryption and sniffing network traffic.
- Ubuntu Server (ARM): Hosts various cryptographic services and tools.
Step-by-Step Instructions:
1. Setting Up the Environment
1.1. Install VirtualBox on macOS
- Download and install VirtualBox for ARM macOS.
- Download the ARM images for Kali Linux and Ubuntu Server:
- Kali Linux ARM Image
- Ubuntu Server ARM Image
1.2. Set Up Kali Linux VM
- Open VirtualBox and create a new VM:
- Name:
KaliLinux
- Type:
Linux
- Version:
Other Linux (64-bit)
- Allocate memory and create a virtual hard disk.
- Attach the Kali Linux ARM image to the VM and start the VM.
- Follow the on-screen instructions to complete the Kali Linux installation.
1.3. Set Up Ubuntu Server VM
- Repeat the above steps to create a new VM for Ubuntu Server:
- Name:
UbuntuServer
- Type:
Linux
- Version:
Ubuntu (64-bit)
Attach the Ubuntu Server ARM image and complete the installation.
2. Configuring Ubuntu Server
2.1. Install Essential Packages
sudo apt update
sudo apt install openssh-server openssl
2.2. Set Up OpenSSH for Remote Access
- Start and enable the SSH service:
sudo systemctl start ssh
sudo systemctl enable ssh
2.3. Set Up Cryptographic Tools
- Install GnuPG for encryption and signing:
sudo apt install gnupg
2. Install OpenSSL for working with SSL/TLS:
sudo apt install openssl
3. Configuring Kali Linux
3.1. Install Cryptographic Tools
- Update the system and install essential tools:
sudo apt update
sudo apt install john hashcat nmap openssl
4. Performing Cryptographic Tasks
4.1. Symmetric Encryption (Using OpenSSL)
- On Ubuntu Server, create a file to encrypt:
echo "Hello, this is a secret message" > secret.txt
2. Encrypt the file using AES-256:
openssl enc -aes-256-cbc -salt -in secret.txt -out secret.txt.enc
3. Decrypt the file:
openssl enc -aes-256-cbc -d -in secret.txt.enc -out secret_decrypted.txt
4.2. Asymmetric Encryption (Using GPG)
- Generate a GPG key pair on Ubuntu Server:
gpg --full-generate-key
Encrypt a file:
gpg --encrypt --recipient <YourEmail> secret.txt
Decrypt the file:
gpg --decrypt secret.txt.gpg > decrypted.txt
4.3. Hashing (Using OpenSSL)
- Generate a hash of a file:
openssl dgst -sha256 secret.txt
4.4. Digital Signatures (Using GPG)
- Sign a file:
gpg --sign secret.txt
Verify the signature:
gpg --verify secret.txt.gpg
4.5. Public Key Infrastructure (PKI)
- Create a self-signed certificate:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
Verify the certificate:
openssl x509 -in cert.pem -noout -text
Transfer the encrypted file to Kali Linux using SCP on a Ubuntu Server:
scp secret.txt.enc kali_user@kali_ip:/home/kali_user/
Observe the Traffic in Wireshark:
In Wireshark, look for the SCP traffic (typically using TCP port 22). You can apply a filter to narrow down the results:
tcp.port == 22
Example 2: Asymmetric Encryption with GPG
- Generate a GPG key pair on Ubuntu Server:
gpg --full-generate-key
Encrypt a file:
gpg --encrypt --recipient YourEmail secret.txt
Transfer the encrypted file to Kali Linux using SCP on a Ubuntu Server:
scp secret.txt.gpg kali_user@kali_ip:/home/kali_user/
- Observe the Traffic in Wireshark:
- Look for the SCP traffic using the same filter as above.
Example 3: Creating a Self-Signed Certificate with OpenSSL
- Create a self-signed certificate on Ubuntu Server:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
Transfer the certificate to Kali Linux using SCP on Ubuntu Server:
scp cert.pem kali_user@kali_ip:/home/kali_user/
Observe the Traffic in Wireshark:
Apply the filter for SCP traffic:
tcp.port == 22
- Inspect Individual Packets: Click on individual packets to see detailed information about them. Observe the encrypted data within the packets.
Step 6: Save the Capture for Further Analysis
- Save the Capture File: Go to
File > Save As
and save the capture file for future reference.
This home lab setup provides a comprehensive environment to learn and practice basic cryptography concepts. By following these steps, you can effectively understand and implement various cryptographic techniques and tools.