Shulou(Shulou.com)06/01 Report--

Curl, officially interpreted as a command line tool, is used to transfer URI resource data, support HTTP,HTTPS,FTP,FTPS,IMAP, etc. Support for HTTP GET/PUT, FTP Uploading, etc., but also support agents, SSL, etc., can be said to be a powerful network operation tool. The latest version is 7.29. The official website is http://curl.haxx.se. The corresponding Curl also provides a libcurl as an easy-to-use client-side URL transport library, which also supports the above features. There are three concepts involved in using Curl to operate GITHUP. The first concept is that GITHUP websites are HTTPS, not HTTP, but SSL encrypted websites. The second GITHUP API is authorized by OATH, and the third is some basic operations of CURL. First of all, let's look at what the concept of HTTPS is.

1) HTTPS, in the general sense, the HTTP protocol is the public text data transmitted. Any intermediate agent machine can intercept and view the data. What should we do if the data is intercepted but cannot be viewed? The only way is to encrypt it. So how to encrypt it? How to decrypt it? Obviously, the server needs to encrypt the data and send it to the client, and the client decrypts it. How does the client decrypt it? This is the SSL V2/V3 and TLS protocol. Because this piece is more complex, then first of all, in terms of data encryption and decryption. The traditional encryption and decryption process is as follows:

It is obvious that we are using the same KEY and two different encryption and decryption algorithms in the above process. In which, as shown in the following figure, KEY is public. Because KEY is public and private. So the algorithm is no longer the core key, that is to say, even if the algorithm is public, it is impossible to decrypt the data without KEY. Usually, the design of these KEY is very fastidious, because it is necessary to avoid other people's violent cracking.

The open source security library Openssl provides a tool command to perform the above encryption and decryption process. Use the following command:

The above command supports some well-known general encryption algorithms such as DES/AES. Let's try it with a text file:

As can be seen from the above operation, encryption and decryption depend heavily on this public KEY. Obviously, this method cannot be applied to the communication of HTTP websites, and it is impossible for the HTTP website server and the client to negotiate a public key in advance. Therefore, classical encryption basically does not work on HTTP websites, so there is another method of encryption and decryption, which is asymmetric encryption, corresponding to the previous encryption methods, which are usually called symmetric encryption. What about asymmetric encryption? The biggest difference between asymmetric encryption and symmetric encryption is that encryption uses a public key. Only one private key can decrypt data encrypted by this public key. As shown in the following figure:

Obviously, in the process of encryption and decryption, the public key is the key, obviously it can be made public, but it must also be ensured that it matches the private key. There is also an encrypted party that needs to confirm the source of the public key to prevent the use of illegal public keys. This process of encryption and decryption will obviously lead to the uniqueness of the public key relative to the key, which is no longer a simple password. It may also be a complex ciphertext. In other words, we must first calculate a unique pair of public and private keys through a certain algorithm. Because encryption and decryption use different keys, it is clear that performance is greatly affected. Openssl also supports this encryption, and the most commonly used is the RSA encryption algorithm. As shown in the following figure:

Do the following:

Dvkx47@FC7R5S1 / home/cipan

# openssl genrsa-out privatekey 1024

Generating RSA private key, 1024 bit long modulus

. +

. +

E is 65537 (0x10001)

Dvkx47@FC7R5S1 / home/cipan

# cat privatekey

-BEGIN RSA PRIVATE KEY-

MIICXQIBAAKBgQD3wRgIhsejsP5nPE4T0Ux4Tf0B9SJYbl61v5RmQsXPR03PZwLJ

YomY65o079Yk7ePfXV674LUU4/jPMwJ9QpQR8i62oR8MMBUjbhLTQU5EusHXsxfY

Wr2xQwL3HQwrDW5gm5hqPxCX1hwPTlePnJ4wL6CFHa+30W02bRXcGqSpcQIDAQAB

AoGBAIwhf0JzWT/QwFQL2+2BmEsDcXNF/2MdKhyKe5lLcy7GGdCRZxZTpHgF6na+

ONTKaPTRjt+dPU7Pks8+/s1yduSCvOkViDfGvZ/lKXnj7jVA/TPFD6nsjh2F30mY

ZyZgag2pV9YnAvh2SIvcJXxvdUU3FMcPiZZqAhD4mE7pEQFBAkEA/YCdhcyu94fx

3TqfDpp2tJ8fh/py+fqPWksvhVbdq21Sqegpj4yqnZkTQVfWNAp+OgbPjK6PArKA

WbxOEfxHlQJBAPox+wixjO+x6qIn6IYS2plN3UDG05mPDACqMR80BrGWqBhhcTsD

A1Oh55IA6HmN8cxQp3m9aN9bMPzv66w5s20CQBjjIZPbLmo6vHH9qVPjsje1T4Eo

A1WrVZuFuhqbFpQX3X+0vS/MnYtvVcaaevsM9Kt5s7KaCIw5PgSRShDV9akCQEJl

YSk9dRlnLc06qgpqlnh5oW6/VQg7XgQPJloRhHU8df+CXHo8vg7Dt5DXjNo1QSXn

GYpdKaecm7OEOBbMeUECQQCV+UNy1TebuOJQIEKLTj7XXhcaH60fcD10OpB9zngc

EsjY+24AmZCR5sb1BRD1vh0dcgFSgaOfgUwMRtkEF/Ml

-END RSA PRIVATE KEY-

Dvkx47@FC7R5S1 / home/cipan

# openssl rsa-in privatekey-pubout > pub.key

Writing RSA key

Dvkx47@FC7R5S1 / home/cipan

# cat pub.key

-BEGIN PUBLIC KEY-

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD3wRgIhsejsP5nPE4T0Ux4Tf0B

9SJYbl61v5RmQsXPR03PZwLJyomY65o079Yk7ePfXV674LUU4/jPMwJ9QpQR8i62

OR8MMBUjbhLTQU5EusHXsxfYWr2xQwL3HQwrDW5gm5hqPxCX1hwPTlePnJ4wL6CF

Ha+30W02bRXcGqSpcQIDAQAB

-END PUBLIC KEY-

Dvkx47@FC7R5S1 / home/cipan

# openssl rsautl-in plaintext_origin-out ciphertext_rsa-inkey pub.key-pub

In-encrypt

Dvkx47@FC7R5S1 / home/cipan

# cat ciphertext_rsa

X: Q9, QE, QQ, QR, QQ, QE, QR, QQ, QR, Q.

? DI?'rFC#?r????:r?8???Y & #?'|? l} |?-#?? SM? s`-& 5XZy

Dvkx47@FC7R5S1 / home/cipan

# openssl rsautl-in ciphertext_rsa-out plaintext_new_rsa-inkey privatekey-

Decrypt

Dvkx47@FC7R5S1 / home/cipan

# cat plaintext_new_rsa

I am a plaintext,-

-

Dvkx47@FC7R5S1 / home/cipan

#

Obviously, the most critical point of asymmetric encryption is that the public key and key are unique, so it is obvious that the public key is encrypted with the private key, and if it can be unlocked by the public key, it proves that the file is over-encrypted by the private key, because a public key must solve only one private key. Of course, what needs to be determined is the algorithm guarantee. If the algorithm can not guarantee this one-to-one correspondence, it cannot be proved. Obviously, the RSA algorithm is feasible at present. As shown in the following figure:

Obviously, Openssl also provides a corresponding command line to support this operation as shown in the figure below:

The operation is as follows:

Dvkx47@FC7R5S1 / home/cipan

# ls

Ciphertext crytxt.txt plaintext_new_rsa privatekey

Ciphertext_rsa plaintext_new plaintext_origin pub.key

Dvkx47@FC7R5S1 / home/cipan

# openssl rsautl-in plaintext_origin-out ciphertext.sig-inkey privatekey-

Sign

Dvkx47@FC7R5S1 / home/cipan

# ll

Bash: ll: command not found

Dvkx47@FC7R5S1 / home/cipan

# ls

Ciphertext ciphertext_rsa plaintext_new plaintext_origin pub.key

Ciphertext.sig crytxt.txt plaintext_new_rsa privatekey

Dvkx47@FC7R5S1 / home/cipan

# cat ciphertext.sig

VNC:hj?%=???5S??

%? s?

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.