Task - Using the openssl binary and library routines to encrypt files. The purpose of this task is to use the openssl binary to encrypt files with strong symetrical algorithims. These encrypted files can contain sensitive information that can be passed over insecure networks or cleartext protocols. 1) Ensure that the openssl package has been installed on the workstation. # pkginfo | grep SMCossl application SMCossld openssl 2) Create a file with sensitive information. # vi /mysalary.myname I MAKE $1,000,000 a YEAR! 3) Encrypt /mysalary.myname with the openssl library and dump the file to /mysalary.myname.des3. Use 3des encryption and a passphrase of your choice. Do not forget your passphrase! It is the secret to unlocking the mysalary file. # file /mysalary.myname /mysalary.myname: ascii text # openssl enc -e -des3 -in /mysalary.myname -out /mysalary.myname.des3 enter des-ede3-cbc encryption password: Verifying password - enter des-ede3-cbc encryption password: # ls -l /my* -rw-r--r-- 1 root other 26 Jul 31 20:36 /mysalary.myname -rw-r--r-- 1 root other 48 Jul 31 20:38 /mysalary.myname.des3 # file /mysalary.myname.des3 /mysalary.myname.des3: data 4) The /mysalary.myname.des3 file is now encrypted. It can be transported over unencrypted mediums like ftp and email. Using FTP, copy your file over to another student's workstation. # ftp otherhost Connected to localhost. 220 lebaron FTP server (****THIS IS A RESTRICTED SYSTEM****) ready. Name (localhost:root): 331 Password required for root. Password: 230 User root logged in. ftp> cd /tmp 250 CWD command successful. ftp> bin 200 Type set to I. ftp> hash Hash mark printing on (8192 bytes/hash mark). ftp> cd /tmp ftp> lcd / 250 CWD command successful. ftp> mput mysalary.myname.des3 mput mysalary.myname.des3? y <> 5) One the other workstation has received the file. Tell your fellow student your passphrase and have them decrypt your file. # cd /tmp # openssl enc -d -des3 -in mysalary.myname.des3 -out mysalary.myname.new enter des-ede3-cbc decryption password: # file mysalary.myname.new /mysalary.myname.new: ascii text # cat /mysalary.myname.new I MAKE $1,000,000 a YEAR!