1. 简介:密码技术(Cryptography)
What is Cryptography? This module delivers an in depth analysis on Cryptography, its basic principles, and key tools you should master as a pen tester.
This module discusses all the core principles of Cryptography: Authentication, Availability, Confidentiality and Integrity. You’ll learn how companies and penetration testers use these to their advantage and you’ll learn some of the techniques they use along the way.
The topics explored in the Cryptography Module include:
- Whiteboard, which explains the interrelationship and the basic principles you must master for this module
- And the following simulation labs:
- Hash My Files Lab
- Hash Calc Lab
- CryptTool Lab
- Advanced Encryption Package Lab
Hi, Leo Dregier here. This is one of my favorite subjects – cryptography. We’re going to talk about all of the principles that are in play – confidentiality, integrity, availability, authentication and we’re going to talk about how companies use cryptography or secrecy to their advantage, but also how penetration testers can use secrecy to their advantage as well. So there’s lots of different tools and techniques, and different types of attacks. That’s kind of the basic stuff here. But there’s a big difference between what happens academically versus professionally. Academically, there’s a whole history of modern cryptology and, you know enough information, and write college courses on this stuff. At the end of the day, professionally speaking, most of the time, it’s just simply click a button. Either you’re going to encrypt something, or you’re not. Or you’re going to hash something, or you’re not. So we’re going to see how this works in the world, and why people aren’t taking advantage of simple things like hashing, and how the penetration tester can take apart that process, and use it to his or her advantage. So let’s go ahead and start with the basics of cryptography.
2. 框架
This Cryptography lecture discusses and demonstrates the key aspects of Cryptography from concepts and attacks, PKI, Symmetry/Asymmetry, Integrity and the relationships with Protocols.
You’ll gain a deeper understanding of Cryptography’s basic principles in this whiteboard lecture video.
This is one of the most under-valued lessons there is, hands down. It’s the subject of Cryptography. And for whatever reason, a lot of people have problems with modern cryptography. Still to this day haven’t figured out exactly what that is. Maybe it’s their approach, trying to memorize all the facts about all the different algorithms. But it’s really not that hard, so let’s take a closer look. OK, first of all, you have to understand some basic concepts. All right, in the symmetric world, it’s the same key, the private key, the symmetric key, so it’s the same key that is used. In the asymmetric world, there is a public and private key pair. What one key does, the other key un-does. And there’s different principles in play. In the symmetric world, the only principle involved is confidentiality. In the asymmetric world, not only do you have confidentiality, but you also have integrity, authenticity, and non-repudiation. So you have to keep track of the principles as you go, ok? In the basics of, you know, confidentiality, we try to change plain text into cipher text, and cipher text back into plain text. And just some of the basic ways of doing that …institution in transposition or permutations. So substitution means to take out and replace with something else. A permutation is like a scrambling. Think Rubik’s Cube here, ok? And then of course, there’s the concept of like, whole hard drive encryption and things like that. Otherwise, if you just look at it, this is the landscape of Cryptography. You’ve got the symmetric world, you’ve got the integrity world, you’ve got the asymmetric world, you’ve got all of that tied together in PKI and a handful of attacks. Otherwise, it’s really just that simple. So let’s start here with just symmetric. Here, it’s basically different versions of the same stuff. This is, all of these are different procedures or different ways to hide stuff, or encrypt it, or to get cipher text. So plain text to cipher text, cipher text to plain text. So the first challenge is, how are you going to remember all of the algorithms, right? Like everything from AES, DES, triple DES, [unintelligible 0:02:17.4], et cetera. So there’s an easy, easy, pneumonic that you guys can remember, to remember all of these symmetric algorithms. So watch this. This is super, super easy. Great for test-taking. A – D – three guys had an idea to cast out their rod to fish for blowfish, but instead they received serpents in the rain. Very, very easy. You can rattle off ten symmetric algorithms just like that. Otherwise, it’s really just knowing a handful of details about each algorithm. Some of the algorithms, like DES, are a little bit outdated, but that’s 56 bits worth of encryption plus eight bits of parity, equaling a 64 bit block size. Or something like AES, it’s got a variable block size – 128, 192, and 256. Or things like Blowfish, they use a 448 bit box size. So, or bits worth of encryption. So 448 tends to be the dead giveaway here, ok? Otherwise, you have exceptions to the rule of symmetric, which are things like pretty good privacy, or GPG or PGP, and one time pads or one time passwords. None the less, I would have put all of them in the symmetric world. Next, let’s talk about integrity. Integrity is not where we change plain text into cipher text, but rather the principle of integrity, what we’re trying to detect a non-authorized change, modification or alteration. So we have some data, we analyze it. We get an output called a message digest or hash. And you can hash a single file at a time, a whole directory at a time, a whole hard drive, a whole application, a whole web server. And basically look if any of those hashes change, well that means there must be a change in integrity or something’s been changed, modified or altered somewhere, ok. Most common algorithms, MD5, at 128 bits, SHA at 160, although SHA does have variable bit sizes as well. You can go Google ‘online hashing calculator’. There’s some great online hashing calculators, where you put in the word ‘password’, select hash, and it will tell you the hash in all possible algorithms. Great tools, especially if you just wanted to know what the hash is for something like password, or password 1, or something like that. Next principle is asymmetric. You’re also going to need a way to remember all of your asymmetric algorithms. So here’s a great test-taking technique. I call this the DEREKS model. DEREKS for Diffie-Hellman, Elgamal, RSA, Elliptical Curve, Knapsack and S for digital signature algorithm. It’s a real easy way to rattle off six asymmetric algorithms. All of the asymmetric algorithms, they use public and private keys. So the private key, this is when you digitally sign something to prove you are who you say you are, so that the sender, or anybody with the public key can validate who you are, ok? Very, very easy. Diffie-Hellman is more of a key exchange. Elgamal, very popular in the open-source world. RSA, very popular on the internet, especially on websites. Elliptical curve – very popular for devices with limited processing power. Knapsack – not that popular at all. Digital signature algorithm – popular because it’s a U.S. standard. All right? Next we can see how all of this gets tied together in the world of PKI. Now you have the concept of a certification authority, a certificate authority versus a registration authority. it is very easy to use the analogy of the motor vehicle administration. You go in one line to register for a driver’s license, and then you go into another line to actually get the driver’s license. So you have a registration component, and then you have a certificate issuing component. Now we just happen to issue x.509 certificates in the PKI world, but that would be the equivalent of a driver’s license. And there’s a good 80 percent crossover from all of the fields and values that are on your own driver’s license, to all of the fields on an x.509 certificate. Other than that, really, the next thing to talk about is how do you get the components of asymmetric to and from the clients. And this is where you have things like Diffie-Hellman, or Internet Key Exchange, or ISAKMP, which is a key management protocol, but none the less, they manage all of the back and forth in the infrastructure of the public and private keys. And then, just like in the motor vehicles, you have a revoked list of people that can’t drive, well in the PKI world you have a certification revocation list which is a list of certificates that can no longer be used. OK? And then you could, of course, use protocols like OCSP, Online Certificate Status Protocol, that dynamically checks the CRL. Or CRL is more of a manual concept, OCSP is more of a dynamic protocol that actually checks to see if your driver’s license or x.509 certificate is actually revoked. Then we can go into the attacks, and it’s really known versus chosen, plain text versus cipher text. So a known plain text attack, this is easy. This is where you know the plain text and that’s it. All right? With known cipher text, not only do you know the plain text, but you also know the corresponding cipher text. You might not know the algorithms, you might not know the keys, you might know how — you might NOT know how often the keys are changed, but at least you have some other additional information you can use to try to break that cryptographic system. Next is chosen cipher text. This is where you choose what cipher text gets encrypted, which is often called the lunch-time attack because you basically have to get physical access to somebody’s computer and encrypt it using their account. Therefore, you’re choosing what gets encrypted. And then chosen plain text, this is where you choose what actually gets decrypted, ok? Also a very, very advanced attack because it assumes that you have to get physical access to a network router, or something like that. So there’s a handful of attacks that are relevant. Otherwise, the only thing left to do is really to combine this with a handful of protocols. But cryptography really doesn’t change at this point, it just, how is it implemented with protocols. So, you have protocols like SSH, which replace Tellman for terminal sessions, commonly used in the administration world. Then you have any protocol that ends with an ‘S’, secure L-DAPS, secure HTTP, secure whatever. This is basically combining SSL or TLS with some sort of protocol, so it wraps all of the upper-layer applications in a cryptographic wrapper. But none the less, they all realistically work the same. Then you have network layer cryptography, like IP Sec, which uses an authentication header and encapsulating security payload. I often use the analogy of a truck when I’m in a classroom. So the header, that’s the front of the truck, the payload, that’s the back of the truck. And the header, you can add an integrity check, see MD5 and SHA, if you want more information. Or in the payload, you can add an integrity check and a confidentiality check. And again you can use MD5 and SHA or whatever the vendor supports in terms of secrecy. DES, triple DES and AES are some of the most common. And then, of course, SSL and TLS. There’s a great Wikipedia page on this, that will give you the whole history and the popularity of SSL and TLS. But none the less, they’re just protocols, ok? So, realistically, cryptography isn’t that hard, although I will tell you, countless network administrators and countless experts use the wrong words to talk about the wrong principles. They’re using words like ‘hash’ and they really mean confidentiality. So they mix things up, but it’s very, very, very easy. You have symmetric, you have asymmetric, you have integrity, and then you have PKI. All of that gets realistically tied together. Let’s go ahead and have a look at some hands on examples. I’m going to show you how to use tools like MD 5 or hash my files, and a few of the other tools. I want to point out one last thing. There’s a huge difference here between the academic world and the professional world. In the academic world, we have to learn all the history and the nuts and the bolts of how all the algorithms work. In the professional world, it’s pretty simple. All you have to do is click a button. Encrypt or decrypt. Or hash. Or verify a hash. And it’s relatively pretty simple. So you can go get the theory, and that’s always helpful, there’s plenty of good videos on this. Or feel free to watch my videos. But it’s realistically not that hard, folks. It is 2014, so let’s go ahead and look at some hands-on examples.
3. HashMyFiles使用
This lab demonstrates the Hash My Files tool which analyzes files by specific file or by directory. The Hash My Files process report is basic and the output can be exported to a series of different formats including HTML. You’ll also observe a demonstration of how the Hash My Files tool works and what you can learn from the information it provides.
Hey, Leo Dregier here. I want to review a tool called Hash My Files. It’s along the lines of hash word calculators, or any sort of hash word, hash program where you just take a file and you analyze that file. So these tools definitely theme out really, really, really quickly. So what we’re going to do, is basically add a file, a folder, process files or add by wildcard. So you can add a particular folder, and then go browse and select the folders, so we’ll just pick something on the C drive and we’ll call it ‘Labs’. So we’re going to go pick the C:\Labs folder and add all the files and the subfolders. Click on OK, and give the tool a second to run. Ok. So once the files are finished running, you basically can see it’s just a reference of this file name, the message digest hash, then the SSH hash, and if you scroll to the right, you have redundancy check and then the full path to actually where the file is, the date that the file was modified and created and the size of the file, version, product information and any sort of extensions and / or attributes. But that’s it. You have a nice little database of all the files in a particular directory and what those particular hashes are. And then of course you can do things like save it, move the things to the recycle bin if you don’t want them. You can copy the hashes, you can show the gridlines if you want, these are just pretty pieces. You can do an HTML report, HTML’s report is nice, because the format of the report allows you to export it, then import it into your reporting applications and things like that. So real good there. Otherwise, really, really basic tool to use. So here’s a quick snapshot of what the hashing report looks like, and it looks just like the program, except it’s in a nice, digestible format. And this is what I would use to actually include in my forensics reports or pen testing reports. And then, of course, you can right-click it, save it, et cetera, et cetera, et cetera. So that’s it. Hash My Files. It’s an integrity program that not only does specific files, but also directories, and gives you the MP5 and SHA and the basic the basic critical information that you would need to analyze a file. So that’s it. Leo Dregier here. And I’ll see you in the next video.
4. Hash Calc使用
The Hash Calc lab teaches you what “use” information is gained from using Hash Calculators to analyze files within a directory, or specifically targeted files. For example, the output of the Hash Calc tool includes the message digest about the target as well as all its relevant integrity algorithms.
The lab also discloses several integrity algorithms not output from the Hash Calc tool that provide a wider range of output datasets.
Hey, Leo Dregier here. In this video, I want to talk about hashing files, or basically a hashing calculator. This is a great tool to use to understand the principles of integrity, because it basically takes a file, analyzes it and gives you an output. And it shows you the message digest, and just about all of the possible integrity algorithms that exist. And when people are new to the subject of integrity, they basically have to learn things like MD5 and SHA. But there are many hashing programs that are beyond popular, like Ripe, Tiger, Whirlpool, which actually this tool doesn’t do, Adler cyclic redundancy check, all the variants of SHA. So basically, we’re going to take a file, text or string, in this case we’re going to take a file, and you can take any file what you want, so I’m just going to pick any file on the system, just to show that it works. Select a bunch of these, if you want the appropriate message digest for it, and then calculate. And there, therefore you’ve got all of them message digests. Now that was relatively easy to use, if I do say so myself. And, keep in mind that if you have a file and you hash it, and later on you hash it, and the message digest calculates the same, then the file has not been changed, modified, altered, nothing has been added or subtracted or removed from that file. It also does not look at things like time stamps in attributes and things like that. It is purely the contents or the core data of the file that gets checked. So that’s it. Hash My– Calculator, easy program to use in the subject of cryptography. And you should definitely use this to get a better understanding of the principles that are in play. For example, confidentiality versus integrity – In my experience, most people goof up the principles of confidentiality and integrity, especially when preparing for any sort of testing exam. So use these tools, and understand how they work. All these tools do is take some data, for example a file, or a text string, or an hex string, and then analyze it to make sure nothing is changed, modified or altered. And you can prove that if the message digest computed as exactly the same. So thank you for watching. My name’s Leo Dregier, and I’ll catch you in the next video.
5. CrypTool使用
Cryp Tool is a non-academic analysis tool for the professional penetration tester. Cryp Tool delivers a fundamental understanding of encryption algorithms. This lab demonstration of Cryp Tool gives insight into how the encryption process works and what you learn from it.
For example, you’ll learn how to conduct pattern analysis with Cryp Tool to identify trends in patterns.
Hi, Leo Dregier here. In this video, I want to highlight Cryp Tool. Cryp Tool is an application that you can use to further your crypto-analysis background. Most of what we do in the field of cryptography comes from the academic world, which is relatively painful, because that’s where you learn integrity versus symmetric versus asymmetric, tying it all together with a PKI, et cetera. Well this is actually more professionally speaking, because it allows you to actually use the tools, and give you a much better, much more fundamental, hands-on application. So, my website is the Code of Learning, which is based off Edgar Dale’s “The Cone of Learning”, which basically puts a lot of application in doing this stuff. In other words, you’ll know the stuff if you actually do it. This is one of the reasons why I can demonstrate so many of these tools, is because I’ve actually used, it just seems like way too many tools. So let’s go ahead and get an idea of 1/ an overview of the program and then how to use a tool like this. So how to start. Cryp Tools is a free e-leaning program designed to demonstrate the application and analysis of encryption algorithms. Cryp Tool includes an extensive online help, yea, yea, yea. Please press F1 while selecting any menu and you get the dialogue box. Ok great, thank you. So Cryp Tool, for example, a starting example for the Cryp Tool version, family. Cryp Tool is a comprehensive free educational program, et cetera, et cetera. Basically, just highlighting what we did there, and that’s basically our help. So we can go ahead and get rid of that. So in this case, let’s go ahead and open up a file. Now, I just happen to have a file on my hard drive that I created, which is an encryption dot text, and we’ll just go try to open that encrypted file up, and basically see what we can learn, ok? And you can see the file info. It says it’s compressed, but it’s actually encrypted. File info and AEP here, so not too much in terms of the work flow of this encrypted file. But none the less, it does give us the cipher text and maybe we could go ahead and start doing pattern analysis and things like that, to just that. So you can basically open up any server encrypted file or, let’s try to open up the clear text version of this at this point. So we’ll go back up here, and we will look for, I thought we had a text file in there, let me see what happened to the text file. I think I deleted it when I actually encrypted, so let’s go look at — so, here we go. Plain text dot txt. Hi Mom, control s, alt F4, and now we should be able to open that back up in the tool, so there’s your plain text, and you can see that it pulls the plain text right out of it. More so what I wanted to demonstrate was plain text versus cipher text, ok? So that’s the big picture, and any sort of symmetric encryption, right. So you can go ahead and take this plain text file, symmetric class it, and look at some of the different algorithms. So you have the Vigenere cipher, basic substitution, you can exclusively this, you can make a homophone, you can solitaire skytail, so it’s pretty good in terms of analyzing, in applying some of the basic, classic cryptography-style algorithms. So if we take some of them like the Caesar cipher, which is a classic rotation of 13 places, because it’s a ROT13 as opposed to a ROT3. So Caesar, the value of the first alphabet equals 0, there you go, let’s do alpha-numeric characters, and basically you want to shift the number of values. So in this case, the mapping is going to be exactly the same, so that’s not going to be any fun there, so let’s pick something like 3, and then you can see A turns into D, B turns into E, C turns into F. Or if we do 13, then you can see A turns into N, B O, C P, et cetera, and follow it out. And then go ahead and encrypt that, and then, boom, there you go, now you have the equivalent of the cipher text. Then if you want to decrypt that, you can do the same thing. So take this file, do a 13, and same mapping, and then decrypt it, and then “Hi Mom” comes out. So then, that was the Caesar cipher. Then you could take something like Vigenere, which is a poly-alphabetic, so enter in the key, in this case we’re going to need a repeating key here, and we could do “Hi Mom”. Now this, in cryptography language, was what we would refer to as ‘dumb’, because now we have a key that is directly related to our message, and so that’s basically bad. But nonetheless, we can use it for an example. So you can see that using the Vigenere, which is a poly-alphabetic version of Caesar, basically I can get a cross-reference. So we’re going to do this again, we’re going to do “Hi Mom”, decrypt this and then, boom, it comes right back out, ok? So then we can do a symmetric algorithm. Now the only ones that they have really to play here is the RSA algorithm, as opposed to elgamal or elliptical curve, or there’s no DSA here, or none of the key exchange algorithms, like Diffie-Hellman or Sicam or anything like that. If you want something a little bit more advanced, you can go into the hybrid mode, and that does have elliptical curve with AES, but start out at the basics first. I want you guys to get the basic Caesar, Vigenere and then exclusively, and then you can move up to some of the advanced algorithms. Because a couple of hours with this tool, and then a couple of hours on Wikipedia, just researching the basics of the algorithm, that’s how you can get some really, really good, valuable time, actually understanding how this stuff works. If you want to do PKI, you can generate a report, keys here, you can digitally sign, you can digitally verify with the corresponding public and private keys, you can extract the digital signature for signing. You can look at hashing, so if I want to take “Hi Mom” and hash it, I can get the value of that. And I can do the same thing at the Command prompt if I wanted to. So all the principles are right here in this tool, which is why this is one of my favorite tools for actually analyzing cryptography. Nothing will drive home the principles of cryptography more than actually using the stuff in hands-on environment. Because this is where you physically get to see that in the asymmetric world, you have a public and private key. In the symmetric world, you only have private keys. In the hashing, you don’t have any keys, you’re just analyzing data, ok? And so this is a great, great analysis tool, plus you get to learn some of the analysis attacks here, like for example, what is a cipher-text only attack, what is a known plain text, how do you manually analyze it. You can go into some of the other algorithms like Mars and Serpent, Twofish and et cetera, et cetera. You can try to do factorization attacks, if you’re going to do something like RSA. You can see your relating factorizations, RSA, to side channel attacks, et cetera, et cetera. So attack the hash value of a digital signature, or analyzing the randomness text, see if it meets the FIPS 140 standard. And then you have plot analysis for spectrums and things like that, which you can use. This is too simple here for plot analysis, but nonetheless, when you get to the advanced stuff you can see that. You also can choose your alphabets and some of the text options, and things like that. So go ahead, play with this tool. Spend some time on it. I find myself, when I was learning this, getting lost in this tool for hours, because it was actually verifying and validating all of the stuff that I’ve actually learned, and all of the theory, ok. So, enjoy it. Try the Cryp Tool, this is going to be paramount in your study of crypto-analysis.
6. 高级编码包
In this lab, you'll learn all about the Advanced Encryption Package and learn about how to use it to dig deeper in your analysis of data.
The Advanced Encryption Package lab demonstrates use of an advanced encryption analysis components and how to use then to dig deeper in your analysis. For example, you’ll observe creation of a password protected text file and see how the Advanced Encryption Package tool rates a newly assigned password.
In the Advanced Encryption Package lab, you’ll also learn the advantages and disadvantages in the integrity principle vs. confidentiality principle and how those differences impact Symmetric vs. Asymmetric encryption.
Ok, so let’s talk about encryption. There’s a little cool package that I like to use every now and again, called Advanced Encryption Package. You have a trial version, but you can also get the actual full, paid version of it. But I like it just because it gives you the basic overview of encryption, gives you a variety of algorithms to choose from, which are down here in the algorithm list, and things like that. So what we’re going to do is basically — I’ve created a directory and a file called ‘encryptme.txt’ that’s sitting on my hard drive. And what we’re going to do is, we’re going to set up a password, and I’m just going to call it ‘password’. It’ll rate the strength of it. So I can do this symmetrically, or you can see there’s a public key component here, which is an asymmetric component. I can choose the algorithm. Now this is nice, because you can actually see a variety of the symmetric algorithms. So, if we just back up and look at principles for a second, remember, in the integrity world, we want to detect to see if something has been changed, modified or altered. But in the confidentiality world, we purposely do want to change things. In fact, we want to change things from plain text, the stuff that we can see, to cipher text, the stuff that we can’t see. And so, any symmetric algorithm, it basically works like a padlock. You basically put in a password, and it changes plain text into cipher text forwards and backwards, and that’s it. All keys in the symmetric world are private keys. So there’s a little saying that we have in class, where we just rattle off all of the symmetric algorithms. So it’s “A-D-3 guys had an idea to cast out the rod to fish for Blowfish, but instead they received Serpents in the rain”. So let me go through that a little slower, and then let me show you that basically in a program or tool like this. So ‘A’, ‘A’ for AES, and you would look on this list for AES. Now, in fact Rijndael is based off of AES, so this can work in AES 256 bit mode. ‘D’ is for DES, ‘3 guys’ for Triple-DES, ‘had an idea’ and you could see if Idea is in this list, doesn’t look like that it is, ‘to cast’ – Cast, right here, which is a 256 version of Cast. ‘To cast out the rod to fish’, so you can see if Twofish is here, and there it is, ‘for Blowfish’, there’s Blowfish. ‘But instead they received’, received is the Rivest cipher, so specifically have Rivest 2, but there’s 3, 4, 5, 6, et cetera. ‘Serpents’, Serpents is in the list, somewhere. Here it is at the bottom. ‘In the rain’, which again is Rijndael or AES. And there’s a few others that I didn’t cover – Mars, Skipjack, which is you know, relatively outdated. Square, Shark, Ghost, Three-way, Safer, T-Diamond. So they are others if you want to get the idea. One of the most testable things about these algorithms is the bit size, so it is helpful to basically see those here, for example Skipjack is 80. I’m looking for unique trends and patterns here. Blowfish is 448, Triple-DES is basically 192 or 168, depending on how you want to add it up, with or without parity. DES is normally 56, in this case they’re running 128 bit version of that. AES actually comes in variable sizes, this in two, so it’s 128,192 and 256, so this program implements the 256 version, et cetera, et cetera, et cetera. So you basically can pick any algorithm you want. All of these are effectively going to work exactly the same. So in this case we’ll use Blowfish, just because it’s not exactly popular on Windows, but it is in the open source world and things like that. And then basically encrypt the file, and then ‘encrypt now’. “Error – the second password does not match the first”. Oops. Go ahead and put in your password, I just put in the word ‘password’, and then go ahead and encrypt the file, and now you can see ‘encryptme.txt.aep’ and that’s the one. So now if I want to decrypt that file — oh actually, before we do that, let’s go actually see the actual file on the hard drive. So I have that in a folder called ‘Leo’ and if I try to open this or manipulate this, it actually comes up right with the password right here. So to decrypt the file, we basically just put in our password – p-a-s-s-w-o-r-d, select ‘decrypt’ and it says ‘hey, it already exists. Do you want to override it’? And we can select ‘yes’ here, just to prove that it is, in fact, going to decrypt it. And you can see the encrypted contents, right? I just made something simple here, I just put ‘Hi Mom’. But it really doesn’t matter the size, because I just basically proved that it works. So there’s a couple of different reasons for using a tool like this. One, it actually gets you a little bit more fluent with the algorithms, ok? Please note – you don’t see any MD5, you don’t see any SHA, Tiger, Whirlpool, cyclic redundancy checks, HAVAL, no integrity algorithms are in here. You also do not see any asymmetric algorithms in the symmetric list, so it gets you pretty familiar with basically how symmetric algorithms work. Now if you wanted to do public key algorithms, you can basically import the public key and, now the cool part about this is you don’t need the private key, only the decrypter or the receiver need the private key. So you’ve just got to import somebody else’s public key and then you can go ahead and encrypt it, and send the file to somebody else. And it does have, like a PKI key manager, basically, and the equivalent of the digital keyring here, to basically keep a whole variety of, you know, the public keys that you’ve imported, ok? So that’s basically how you can use it. To encrypt and decrypt files. You can then zip it up, email, delete the files, et cetera, et cetera, et cetera. You can do directories, you can apply filters if you want to find things. The only thing I don’t like about this tool, is in the trial version you have this little pop-up here, and you only get 30 days to evaluate it.