Dela via


Expected Output (CNG Example)

The Cryptography Next Generation (CNG) secure communication example consists of three applications, each of which produces a large amount of textual output. In addition, the example includes five versions that produce different output. For additional information about these applications and versions, see CNG Secure Communication Example and Source Code Overview.

This topic consists of the following sections, which display selected portions of the output:

  • Alice, Options menu

  • Versions 1-5 without interception, non-verbose mode

  • Version 3 with interception, non-verbose mode

  • Versions 4-5 with interception, verbose mode

In the output sections, a colon followed by a greater than sign (:>) indicates a prompt. Ellipses (...) indicate where output lines have been omitted when they have not changed from the previous output block.

The following illustration shows all three console windows at the start of a session:

CNG Output

Alice, Options Menu

The following output shows the options menu that Alice displays at the beginning of the session.

       Cryptography Next Generation Secure Communication Example
------------------------------------------------------------------
Please select a security model:
1 = Plaintext only.
2 = Encrypt messages.
3 = Encrypt messages, use public key to digitally sign messages.
4 = Encrypt messages, use private key to digitally sign messages.
5 = Encrypt messages, use private key to digitally sign messages
    and cryptographic keys.  Causes Abort on security failures.
x = Exit.

:> 3
Include Mallory? y/n
:> y
Verbose output mode? y/n
:> y

Versions 1-5 Without Interception, Non-Verbose Mode

This section displays portions of the output generated by Alice.exe, versions 1 through 5, when you choose non-verbose mode and turn off interception by Mallory.

Alice, Version 1

The following output shows what happens when Alice and Bob engage in a basic message exchange without encryption, digital signatures, or interception.

       Cryptography Next Generation Secure Communication Example
Security Version: 1  Mode: Regular   Mallory: no   Signatures: no
-----------------------------------------------------------------------
Hi, I'm Alice Green. My sales associate is Bob White.
I need to send him a customer order right now!

:> Hi Bob. I have a new customer contact.
   Hi Alice. That is good news. Please send it to me.
:> Here it is: Coho Winery, 111 AnyStreet, Chicago
   Thanks, I'll arrange to meet him.
...

Alice, Version 2

The following output shows what happens when Alice and Bob use cryptographic keys to encrypt their messages.

       Cryptography Next Generation Secure Communication Example
Security Version: 2   Mode: Regular   Mallory: no   Signatures: no
-----------------------------------------------------------------------
...
-----------------------------------------------------------------------
Now Bob will publicly send me his public cryptographic key:
Listening...
-----------------------------------------------------------------------
Now that our keys have been exchanged,
we can have an encrypted conversation:
-----------------------------------------------------------------------
:> Hi Bob. I have a new customer contact.
   Hi Alice. That is good news. Please send it to me.
:> Here it is: Coho Winery, 111 AnyStreet, Chicago
   Thanks, I'll arrange to meet him.
-----------------------------------------------------------------------
...

Alice, Versions 3-5

The following output shows what happens when Alice and Bob sign their keys and messages with digital signatures. Because the fMallory flag is false (that is, there is no interception), the output is almost the same as in the previous section.

       Cryptography Next Generation Secure Communication Example
Security Version: 3   Mode: Regular   Mallory: no   Signatures: yes
-----------------------------------------------------------------------
Hi, I'm Alice Green. My sales associate is Bob White.
I need to send him a customer order right now!
First, I will send Bob a digital signature key over a public channel.
-----------------------------------------------------------------------
Now we will exchange our public cryptographic
keys through a public channel.
First, I'll send Bob my key.
Sending...
-----------------------------------------------------------------------
Now Bob will publicly send me his public cryptographic key:
Listening...
-----------------------------------------------------------------------
Now that our keys have been exchanged,
we can have an encrypted conversation:
-----------------------------------------------------------------------
...

Version 3 with Interception, Non-Verbose Mode

This version shows what happens when the fMallory flag is set to true. Look carefully at the address Bob receives from Alice. Compare it to the address that Bob received in the previous section. You will see that Mallory intercepts the address and changes it slightly.

Mallory is able to intercept the messages although Alice and Bob send a digital signature with each message. This is because they send the digital signature key through the same nonsecure channel as the cryptographic encryption key. Mallory is able to intercept both keys. He uses the cryptographic keys to encrypt his messages, and he uses the digital signature key to sign the messages. Because Alice and Bob are using the same keys, no one becomes suspicious.

Bob, Version 3

The following output is from Bob's console window. It shows the messages that Bob receives from Mallory.

       Cryptography Next Generation Secure Communication Example
Security Version: 3   Mode: Regular   Mallory: yes   Signatures: yes
----------------------------------------------------------------------
Hi, I'm Bob White: My sales associate is Alice Green.
I think she has a new customer contact for me!
First, Alice will publicly send me a digital signature key.
-----------------------------------------------------------------------
Now we will exchange our public cryptographic
keys through a public channel.
First, Alice will send me her key.
Listening...
-----------------------------------------------------------------------
Next, I will send my public cryptographic key to Alice:
Sending...
-----------------------------------------------------------------------
Now that our keys have been exchanged,
we can have an encrypted conversation:
-----------------------------------------------------------------------
   Hi Bob. I have a new customer contact.
:> Hi Alice. That is good news. Please send it to me.
   Here it is: Coho Winery, 111 AnyStreet, Chicago
:> Thanks, I'll arrange to meet him.
-----------------------------------------------------------------------...

Mallory, Version 3

The following output is from Mallory's console window. It shows how Mallory intercepts and changes Alice and Bob's messages.

       Cryptography Next Generation Secure Communication Example
Security Version: 2   Mode: Regular   Mallory: yes   Signatures: no
-----------------------------------------------------------------------
Hi, I'm Mallory, the man in the middle.
I wonder what Alice and Bob are talking about.
I think I'll listen in.
-----------------------------------------------------------------------
Alice and Bob are going to exchange their
public cryptographic keys through a public channel.
First, Alice will send Bob her key.

Good.  I just intercepted Alice's public key:
Next, I will send my MalloryAlice public cryptographic key to Alice:

Sending...
Next, I will send my MalloryBob public cryptographic key to Bob:

Sending...
Now I will receive Bob's public key:
Good.  I just intercepted Bob's public key:
-----------------------------------------------------------------------
Now that they have exchanged their keys,
they can have a secure conversation:
-----------------------------------------------------------------------
From Alice:
   Hi Bob. I have a new customer contact.
To Bob:
:> Hi Bob. I have a new customer contact.
From Bob:
   Hi Alice. That is good news. Please send it to me.
To Alice:
:> Hi Alice. That is good news. Please send it to me.
From Alice:
   Here it is: Coho Winery, 111 AnyStreet, Chicago
To Bob:
:> Coho Winery, OneEleven EveryStreet, Chicago
From Bob:
   Thanks, I'll arrange to meet him.
To Alice:
:> I think the address is wrong, but I'll keep trying.
-----------------------------------------------------------------------
I am so clever!
Here is what I received: Coho Winery, 111 AnyStreet, Chicago
and here is what I sent: Coho Winery, OneEleven EveryStreet, Chicago

They will never catch me! 
-----------------------------------------------------------------------
...

Versions 4-5 with Interception, Verbose Mode

In versions 4 and 5, Alice sends Bob a private digital signature key, which they use to sign their messages. Mallory is not aware of the private channel that Alice uses to send the key to Bob. Therefore, he continues to use the digital signature key that he intercepted on the public channel.

Bob, Version 4

This section displays the full, verbose output. You can see the encrypted digital signature key, the message encryption key, and the encrypted messages. This version also includes security warnings when the unverified digital signature is detected.

       Cryptography Next Generation Secure Communication Example
Security Version: 4   Mode: Verbose   Mallory: yes   Signatures: yes
-----------------------------------------------------------------------
Hi, I'm Bob White: My sales associate is Alice Green.
I think she has a new customer contact for me!

First, Alice will publicly send me a digital signature key.
Here it is:

☻???x???♥?? ♦ ?ie??t?VD?A?Y??▬☻§?Ed►??H?Hm2G¶?E??N?!`?☺¶^[←?↨?▬d? K9zdnJ
?☻?:↓?☺ ?L?K???C+♦??c?*7↓l?§??-??`L?h↓?GF?=???????????↔??&1|☺?????%?_???
?

Now Alice privately sent me a digital signature key. I will use it instead.
Here it is:

0??☻☺ 0►♠*?H?=☻☺♠♣+?♦ #♦??0??☻☺☺♦B☺??t
???♥?? ♦☺?V??)???s<m{sGM!?;~??d??Oc`♦?j??⌂§?d??b?? ????????,?♠  ??4?]???
.??☺DN)3?=T↨??p>M???X?B????50???? ? ?E§?B?nr?z?/r??U????7,⌂?n?SL??,+
-----------------------------------------------------------------------
Now we will exchange our public cryptographic
keys through a public channel.
First, Alice will send me her key.

Listening...
 ========  SECURITY ERROR!!===========
Cryptographic Key: Failure verifying digital signature.


Here it is: an ECDH public KeyBlob
encoded within an XML string:

<ECDHKeyValue xmlns="https://www.w3.org/2001/04/xmldsig-more#">
  <DomainParameters>
    <NamedCurve URN="urn:oid:1.3.132.0.35" />
  </DomainParameters>
  <PublicKey>
    <X Value="5810718142462989354994453278603666484069278865008031317447
037792465942980799716553452148826647328907514445799324904361787703912513
195249832409677600954844765" />
    <Y Value="3280794663882281563639053942916365892460715799983953322007
508591453180081202861463948160922147015703385178443338980028430040655324
927942630539423460021361227" />
  </PublicKey>
</ECDHKeyValue>
-----------------------------------------------------------------------
Next, I will send my public cryptographic key to Alice:

Sending...
Here it is: an ECDH public KeyBlob
encoded within an XML string:

<ECDHKeyValue xmlns="https://www.w3.org/2001/04/xmldsig-more#">
  <DomainParameters>
    <NamedCurve URN="urn:oid:1.3.132.0.35" />
  </DomainParameters>
  <PublicKey>
    <X Value="2455055322326895878650801953827546401118074905382497016837
137236585732889354895381530732942808710858667195863286496064074787137035
924365385948877294503335106" />
    <Y Value="1218921928274644208762495755994900948182290688858431853778
446672036473174952224569387259723200925573098776195363817761522302928910
53555717400648130000558239" />
  </PublicKey>
</ECDHKeyValue>
-----------------------------------------------------------------------
Now that our keys have been exchanged,
we can have an encrypted conversation:
-----------------------------------------------------------------------
   Incoming message:

??(??m?⌂4i?JOgion vector:  ?

   Ciphertext:
??∟↓[\▼?3♦Z GTGa>?&??,?x3f1Sh7L↓n?dc?I?A??\?P?l⌂X⌂@?V#??G??(O???6?♦☻)?
PJ???@{N

   Signature:
?QF????¶☻       ~?YA?????oJ?7??{◄?oVg???L?→←3?⌂§?
Y???Ca??S?Rl?v8(?       ? ????I0 ?♦?|???L9|????????
??♦&)??gm??28?!??L?
U?, ???N??@4??2§S

   Incoming decoded message:

   Hi Bob. I have a new customer contact.
SECURITY WARNING! Received signature did not verify
-----------------------------------------------------------------------

:> Hi Alice. That is good news. Please send it to me.
-----------------------------------------------------------------------
   Incoming message:

   Initialization vector:  ??4??♂??§??♫:(??

   Ciphertext:
?m?????y??x'~?<⌂yZ???G??Q????§????↕G??☼M?(?y[§▼→a?f%L??????←    ????y???
&??z ?p?????[?p

   Signature:
 ???7[?ju???4??]???F?l?'-A??@?l??‼?¶F"k???g??♀{??S??????▲?t.?;???↕▬?u?♠♀
?!%}?????∟?☻?*?a?"◄o??▬??,?w??F▲k??Y∟?▲???j??T???↕♫2???

   Incoming decoded message:

   Coho Winery, OneEleven EveryStreet, Chicago
SECURITY WARNING! Received signature did not verify
-----------------------------------------------------------------------
:> Thanks, I'll arrange to meet him.
-----------------------------------------------------------------------

Bob, Version 5

As in the previous version, version 5 uses the private digital signature key to sign the message encryption key. In addition, this version ends the session as soon as a security error is encountered.

       Cryptography Next Generation Secure Communication Example
Security Version: 5   Mode: Verbose   Mallory: False   Sign keys: true
-----------------------------------------------------------------------
Hi, I'm Bob White: My sales associate is Alice Green.
I think she has a new customer contact for me!

First, Alice will publicly send me a digital signature key.
Here it is:
...
Now Alice will privately sent me a digital signature key. I will use it 
instead.
Here it is:
...
-----------------------------------------------------------------------
Now we will exchange our public cryptographic
keys through a public channel
First, Alice will send me her key.

Listening...
========  SECURITY ERROR!===========
Cryptographic Key: Failure verifying digital signature.
Contact your security administrator.
TERMINATING SESSION

See Also

Concepts

Cryptography Next Generation (CNG) Secure Communication Example

Other Resources

Cryptographic Services