# Sub Rosa Analysis ## Checkpoint 1 Decrypt the message you received from the Sub Rosa administrator. Include the code you used to decrypt it. What does the message say? I attempted to retrieve and decrypt the message from the Sub Rosa administrator using my generated private key. However, the Sub Rosa server did not respond to requests and returned a connection timeout error, so I was unable to obtain the encrypted message. The code I would use to decrypt the message is shown below: ```python from encryption import PrivateKey private = PrivateKey.load("subrosa_private_key.pem") ciphertext = "" print(private.decrypt(ciphertext)) ``` If the server had returned the message successfully, this code would decrypt the ciphertext using my private key and display the original plaintext message. ## Checkpoint 2 Once you have a fully-working client and server for encrypted chat, let's analyze potential vulnerabilities of the system. Answer the following questions: 1. When you interact with the server at `https://subrosa.makingwithcode.org`, you have no way of knowing what code is running. If the people running the server are dishonest, is it possible for them to read your encrypted messages? If so, explain how. If not, explain why not. 2. Is it possible to impersonate another user, sending messages in their name? If so, explain how--or demonstrate this with code. If not, explain why not. 3. You can use a signature (a message and its encrypted version) to prove you have a private key, without sharing the key itself. After you send someone a signature, what stops them from using the same signature to later impersonate you? 4. On most websites, you can reset your password if you forget it, via a link sent to your email or a code sent to your phone. If you lose your private key, would it be possible to recover your messages? 5. Even if you can't read other peoples' messages, you can see the sender and the recipient for each message. Is this a big deal? Could the server be redesigned so that the sender and the recipient are also encrypted?