Activity 1: The β€œMailbox” Keys (Asymmetric)

Asymmetric encryption solves the key exchange problem using a key pair. The public key is the mailbox slot (share it). The private key is the mailbox key (never share it).

Instructions:

  1. Generate an RSA-2048 key pair.
  2. Observe: Public key is shareable. Private key must stay secret.
  3. Optional: copy the public key and pretend you’re β€œgiving it to a vendor.”

Mobile Tool: Generate RSA-2048 Key Pair

This generates a real RSA key pair in your browser using WebCrypto. Keys are shown in PEM format. Do not use these for production.

Tip: public key can be shared. Private key stays secret.
Public Key (Mailbox Slot)
Private Key (Mailbox Key)

Interview takeaway

Say this: β€œRSA uses a key pair. The public key encrypts (or verifies), and the private key decrypts (or signs). Public can be shared; private must stay protected.”

Open CyberChef (optional) Back to Labs

Why This Matters: Encryption in the Age of AI

In cybersecurity, Encryption is the final line of defense. While firewalls keep intruders out, encryption ensures that if they do get in, they steal nothing but unreadable garbage. It serves two critical roles in the industry:

  1. Confidentiality: It locks your data. Whether it is a credit card number moving across the internet (Data in Transit) or a medical record sitting on a server (Data at Rest), encryption guarantees that only those with the "Key" can read it.

  2. Authentication: It proves you are you. Through complex "Public Key" systems, encryption verifies that the bank website you are visiting is legitimate, preventing hackers from impersonating trusted services.

The AI Evolution Historically, the main threat to encryption was time. Attacking a strong key used to require billions of years of random guessing. Artificial Intelligence is changing the math.

AI tools don't just guess blindly; they look for patterns in the "noise." They analyze how systems generate random numbers and search for microscopic flaws in the encryption logic that humans might miss. This has forced the industry to abandon older, weaker standards (like DES and WEP) and move toward massive key sizes (like AES-256) and complex "Elliptic Curve" cryptography that can withstand the predictive power of modern AI.

In this lab, you will see the difference between "scrambling" data and truly securing it.

Activity 2: The β€œHouse Key” (Symmetric AES)

AES is the workhorse of encryption. It uses the same secret key to encrypt and decrypt data β€” like a house key that both locks and unlocks the door.

Instructions:

  1. Type a secret message (plaintext).
  2. Use the shared key SecGuySecret.
  3. Encrypt β†’ observe unreadable ciphertext.
  4. Decrypt β†’ recover the original message.

Mobile Tool: AES-GCM Encryption

This uses AES-GCM (modern, authenticated encryption). The same key encrypts and decrypts.

Plaintext
Ciphertext (Base64)
Shared Key
IV / Nonce (auto)
Tip: same key encrypts and decrypts β€” lose it and data is gone.

Interview takeaway

Say this: β€œAES is symmetric β€” the same secret key encrypts and decrypts. That’s why key protection and rotation matter.”

Open CyberChef (optional) Back to Labs

Activity 3: Unlocking the Vault

Encryption guarantees confidentiality. Without the exact same secret key, ciphertext stays unreadable β€” like a locked vault.

Instructions:

  1. Paste ciphertext from Activity 2.
  2. Leave the key empty β†’ decryption fails.
  3. Enter SecGuySecret as the key.
  4. Observe: plaintext is recovered.
  5. Change one character in the key β†’ decryption fails again.

Mobile Tool: AES-GCM Decryption

Uses AES-GCM. The key must match exactly β€” there are no partial wins.

Ciphertext (Base64)
Plaintext Output
Shared Key
IV / Nonce (Base64)
Tip: wrong key or IV = unreadable data.

Interview takeaway

Say this: β€œEncryption only guarantees confidentiality if the key is protected. Lose or change the key, and the data is unrecoverable.”

Open CyberChef (optional) Back to Labs

Activity 4: Digital Signatures (Non-Repudiation)

We've done Integrity and Confidentiality. Now let's prove Non-Repudiation (proving who sent the message).

A Digital Signature is created by Hashing a message and then Encrypting that hash with your Private Key.

Instructions:

  1. Sign: Type a message (e.g., "I approve this transfer") and click "Sign Document". This generates a unique signature.
  2. Tamper: Change the text in the message box (e.g., add extra zeros to the amount).
  3. Verify: Click "Verify Signature".
  4. Observe: The system detects the mismatch instantly. The mathematics of the signature no longer match the message.
[ No Signature Generated Yet ]

Activity 5: The Base64 Trap (Encoding is NOT Encryption)

Exam Warning: A common trick question shows you scrambled text and asks "What algorithm encrypted this?"

If the text looks like U2VjR3V5..., it is likely Base64 Encoding. This is NOT encryption. It is just a way to format data (like attaching images to emails). It provides zero confidentiality.

Instructions:

  1. Type a secret in the top box (e.g., "admin_password").
  2. Click "Encode to Base64". It looks scrambled, right?
  3. Now, pretend you are a hacker who intercepted that text. Click "Decode".
  4. The Lesson: Did the system ask you for a password or key? NO. That means it was never secure.
[ Waiting for input... ]

Activity 7: Diffie-Hellman (Secure Key Exchange)

The Problem: How do we agree on a Secret Password if a hacker is reading all our messages?

The Solution: We use the Diffie-Hellman algorithm. We simulate this using "Paint Mixing." It is easy to mix paint, but impossible to "un-mix" it to find the original colors.

Instructions:

  1. Step 1 (Public): Everyone starts with the same Public Color (Yellow). Even the hacker sees this.
  2. Step 2 (Secret): Alice adds her secret color (Red). Bob adds his secret color (Blue).
  3. Step 3 (Exchange): They send their mixtures across the internet. The hacker sees the mixtures (Orange and Green) but doesn't know the secrets added.
  4. Step 4 (The Magic): Alice adds her secret (Red) to Bob's mix. Bob adds his secret (Blue) to Alice's mix.
  5. Result: They both end up with the Exact Same Color (Brown). They now have a Shared Key that the hacker cannot reproduce!

1. Public Start (Visible to Everyone)

Public

Alice

Secret: RED

Bob

Secret: BLUE

SUCCESS! Shared Key Generated

Both Alice and Bob created the exact same Brown color independently!

Activity 8: PKI (The Digital ID Card)

The Problem: I have a Public Key, but how do you know it belongs to SecGuy and not a hacker?

The Solution: I send my key to a Certificate Authority (CA). They verify my identity and issue a Digital Certificate. This is the "Green Lock" you see in your browser.

Instructions:

  1. Step 1 (CSR): Enter a domain name (e.g., secguy.org) and click "Generate CSR". This creates a request containing your Public Key.
  2. Step 2 (Issue): Act as the CA (Certificate Authority). Click "Sign & Issue". You are digitally stamping the request.
  3. Step 3 (Verify): See the final X.509 Certificate. This proves to the world that this Public Key belongs to that Domain.

πŸ“„ CSR (Request)

Subject: ...
Pub Key: ...
Status: Pending Signature

πŸ”’ Digital Certificate

Issued To: ...
Issuer: SecGuy Root CA
Valid Until: ...
TRUSTED

Activity 9: Block Modes (The "Penguin" Problem)

The Concept: How we apply encryption matters.
ECB (Electronic Codebook): The naive way. It encrypts each block individually. Fast, but dangerous because patterns remain visible.
CBC (Cipher Block Chaining): The secure way. It uses an IV (randomness) to chain blocks together, destroying all patterns.

Instructions:

  1. The Input below is a repeating pattern: AAAA AAAA AAAA AAAA.
  2. Click Encrypt (ECB Mode). Look at the result. It repeats! 88 88 88 88. If this were an image, you would still see the picture.
  3. Click Encrypt (CBC Mode). Look at the result. It is totally random: 88 2F 9A 1C. The pattern is gone.

🚫 ECB Mode (Insecure)

[ Waiting... ]

βœ… CBC Mode (Secure)

[ Waiting... ]

Activity 10: Attacking the Keys (Brute Force vs. Dictionary)

We have built strong locks, but attackers don't pick locksβ€”they guess the key.
Dictionary Attack: The "Smart" way. Tries a list of common words (password, admin, football). It is instant.
Brute Force: The "Hard" way. Tries every possible combination (aaaa, aaab, aaac). It is slow but guaranteed to work eventually.

Instructions:

  1. Test 1: Type a common word like shadow. Click Run Dictionary Attack. It cracks it instantly because it's in the "database."
  2. Test 2: Type a random short code like x9z. Dictionary fails. Click Run Brute Force. Watch it count up. It finds it, but it takes work.
  3. The Lesson: Length and Randomness (Entropy) are the only defense against Brute Force.
System Ready... Waiting for target...
Attempts: 0 Status: IDLE

Activity 6: Steganography (Hidden in Plain Sight)

The Concept: Steganography is the art of hiding data inside other files (like hiding a text file inside a JPEG).

The most common method is LSB (Least Significant Bit). We take the binary data of a pixel (its color number) and change just the very last digit. The color changes mathematically, but visually, it looks identical.

Instructions:

  1. Look at the Original Pixel below. It is a specific shade of blue (RGB 50, 100, 200).
  2. Click "Inject Hidden Data". This simulates a hacker hiding a secret message inside that pixel.
  3. Look at the Modified Pixel. Mathematically, the numbers changed (200 → 201).
  4. The Test: Can your eyes see the difference? No. To a firewall or a human, the image looks "clean," but it now carries a secret payload.

Original Pixel

Blue Value: 200
Binary: 11001000

Modified Pixel

Blue Value: 200
Binary: 11001000

πŸŽ‰ Mission Accomplished!

You have successfully navigated the core concepts of Cryptography. From the Integrity of Hashing to the Confidentiality of AES, and the Non-Repudiation of Digital Signatures.

You now understand not just what these terms mean for the exam, but how they actually work in the real world.