Reading: ???
In this lab you will experiment with encryption technology. First, you will use the GPG tool to encrypt and sign files. You will also set up your web server to use a self-signed X.509 certificate to support TLS connections.
Proceed as follows:
Download the encrypted file top-secret.txt.gpg. If you download it to your host system, you will need to transfer it to your virtual machine.
Decrypt the file with the passphrase I used to encrypt it: "super-secret" (no quotes). Include the decrypted text in your report.
I have prepared a document describing how to use GPG, along with some notes about security considerations. My public key is linked from that document (see the section entitled "Putting my public key on your key ring")
Proceed as follows:
Create your own public/private key pair using GPG and export your public key to a file.
Import my public key to your key ring.
Create a message and encrypt it so that only I can read it (i.e., using my public key). The message can be anything you want, but you should include your name in the message, so I can tell who it is from.
Proceed as follows:
Download signed-message.txt.gpg from the class web page. It has been signed with my private key. Verify my signature and view the message contents.
Create a message (that contains at least your name) and clear sign it using your private key. See the --clear-sign option to GPG.
The goal of this part of the lab is to configure your web server to use an X.509 self-signed certificate to support HTTPS traffic. This will entail creating the certificate and configuring your web server to know about it. You may also have to open a hole in the system firewall for external access to port 443 (the system uses the "uncomplicated firewall" or ufw).
Rather than detailing the instructions here, search the Internet for the information you need. You might also find asking an LLM helpful (e.g., Copilot). For example, try the prompt, "How can I configure my Apache web server to use a self-signed certificate on my Ubuntu 24.04 server to support HTTPS?" Consider the reply a starting point; don't follow it blindly. Ask follow-up questions freely and try to confirm details you don't understand. For example, look up the meaning of configuration directives and command line options you aren't familiar with to verify that they are appropriate for your situation.
Note: You can ask a tool like Copilot to explain things to you, and it will do a reasonable job, but you should double-check critical or unclear points with authoritative documentation (such as the official Apache documentation). Hint: The Apache documentation has an SSL/TLS Users' Guide that includes a "How-To."
A traditional search can also be helpful as a way of accessing information in context (e.g., people discussing things on a forum, blog posts, etc.). The usual issues apply: information found via traditional searches might be incorrect, out of date, not applicable, or not the best practice (the same can be said for LLM-generated summaries).
The most powerful approach is to use the techniques above in combination. For example, if there is something in the authoritative sources that you think might be relevant, but you aren't sure, ask Copilot about it. Don't be afraid to show Copilot the information you're looking at (copy and past selected material) and say, "I don't understand why ... is being used. What does that do?" There is a good chance the tool will give you a reasonable answer, although you should maintain a healthy skepticism if what it says seems off.
In your writeup, be sure to explain configurations you added, removed, or modified.
For this lab submit a document that details the steps you took and the commands you used to complete the tasks above. Also include the following items:
The lab is worth 20 points.
Last Revised: 2025-03-13
© Copyright 2025 by Peter Chapin <peter.chapin@vermontstate.edu>