CS615A - Aspects of System Administration HW #4 This homework assignment consists of several parts. Each part needs to be completed as specified below. The object of this assignment is to get you to understand and appreciate a number of basic security mechanisms, including the concept of a public-key based web-of-trust, based on asymmetric cryptography (ie using a public and a private key). (In the following, I'm assuming the use of gpg(1). If you have another tool that implements the PGP standard, you may use that tool as well, though not all commands will apply.) 1) Go to http://www.gnupg.org/docs.html and read about GnuPG. Read the manual page for gpg(1) on our systems. 2) If you do not already have a pgp key, use gpg(1) to generate a key pair. The key in question should be a 2048-bit RSA key. (DSA keys are currently limited to 1024 bits and there have been known issues with gnupg's ElGamal keys.) Note that this requires you to first generate a "sign-only" RSA key by selecting that option from the --gen-key menu; then you must use --edit-key on that key, and use the "addkey" command to add an RSA encryption subkey. Choose a strong passphrase! You may choose for yourself whether or not your key should have an expiration date or not. Remember to generate a revocation certificate, in case you ever want to mark this key as invalid. 3) Export your public key into a file called .asc 4) Import my public gpg key with the keyid B80E83A5 from one of the public keyservers. 5) Download the files http://www.cs.stevens.edu/~jschauma/615A/hw4.txt and http://www.cs.stevens.edu/~jschauma/615A/hw4.txt.md5.asc 6) Verify that the file hw4.txt.md5.asc was signed with my key. 7) Verify that the file hw4.txt matches the md5 checksum noted in the file hw4.txt.md5.asc 8) Create a file .hw4.txt that contains a description of how you completed steps (3) through (7) as well as the output of any commands you issued. 9) Generate an MD5 checksum of this file and save it as ".hw4.txt.md5" 10) Generate a clear-text detached signature of this file as ".hw4.txt.md5.asc" 11) Encrypt the file .hw4.txt with my public key as ".hw4.txt.gpg". 12) Send me the files .asc, .hw4.txt.gpg and .hw4.txt.md5.asc as attachments in an email sent from your Stevens email account with the subject line "[cs615] hw4". 13) Receive an email from me with a text file encrypted with your public key with further instructions. Decrypt that file and follow those instructions.