[cs615asa] Problems to submit level0

Jan Schaumann jschauma at stevens.edu
Tue May 7 23:31:21 EDT 2019


Chengzhi Yang <cyang32 at stevens.edu> wrote:
 
> The possible reasons we found are list below:
> 1. We have not to CC to team members when submit.
> 2. Someone's public key file's name has a typo.
> 3. Someone's key's name in GPG is not the same as Stevens id.

Correct, all of these would be reasons for the submission to be deemed
incorrect.  Another reason might be that the email you sent me was not
(properly) encrypted.

I'm surprised that this part of the assignment has caused problems for
every team, but I'll chalk it up to the ubiquitousness of webmail as the
default email client, whereby it becomes increasingly difficult to
properly integrate with PGP implementations.  (I thought that extensions
like e.g. https://www.mailvelope.com/ still worked, but since I don't
use webbased email clients, I haven't verified that.)

I'll waive the 24 hour delay going forward for this level and offer the
following instructions / additional help:

The objective is for you to be able to send an encrypted email, to keep
all content secret in transit as well as at rest.

Given the (apparent) lack of usable tools integrating with webmail, I
suppose the "best" approach then is:

- prepare your tar file as per the requirements, yielding
  "$GROUP-level$level.tar"
- encrypt the tar file, yielding "$GROUP-level$level.tar.gpg"
- compose the body of your email in a text editor, yielding a file named
  e.g. "mail"
- cleartext encrypt the file "mail", yielding a block of ascii text
  looking somewhat like this:

-----BEGIN PGP MESSAGE-----

hQEMA5+kki6zOvrlAQgAp8uaKKz3LSi1lvmlMYlKljmDMXMgaxdqsG68AdpPdD1d
7uNSiFssa6W5Fpb1LsoEK3kkv8dYa8m+Fw6pCnS3M6toa5YSx2d73cBlUq7KR6z3
lyGu98FZf5fzWTLJ71UsYLh8iMySLHCKm+zsecCyY+Sq9yn/xv9o7VMbQVST1Lk+
F+ZE46UsGQUKpValeYcp/ZOHOFXFI6VB2rw8kEYvd5rX59qFPfpL5VPXlBfOsOJ8
Jd4GpWx+Tfmt0oVimphi6slRdEWhZStUXO6s3r0MF1HUbQHGOhdsLkmouVV2B75z
HoIuLCSeG3f9OuPXN+uDt0A7bWo7oksfDwaHTXDz99I/AZXx25wpaJSICP3ngwZj
ICss3q9/md6M/Ud9ZQCO3KFRYFTxS+w84tjlZv4BQLy+dhhtrMZmEgmB8edA/AXD
=+Iah
-----END PGP MESSAGE-----

- copy and paste this text block into the email body
- make sure to disable HTML formatting or anything else that might mess
  up or in any way alter the text
- attach the encrypted tar file
- remember to cc all your team members
- send

Note that encryption of the data above can be done simultaneously for
multiple recipients, so you can create secret data that can be decrypted
by all team members as well as myself.

If you do use mailvelope, make sure to check whether attachments are
automatically encrypted or if you need to encrypt them manually prior to
attaching the file.  (I suspect you do need to do that.)

Hope this gets you all on the right track.

-Jan


More information about the cs615asa mailing list