Shulou(Shulou.com)05/31 Report--

This article mainly analyzes how to encrypt and decrypt the OpenSSL foundation, the content is detailed and easy to understand, the operation details are reasonable, and it has certain reference value. If you are interested, you may wish to follow Xiao Bian to have a look. Let's follow Xiao Bian to learn more about "how to encrypt and decrypt OpenSSL basics".

Speaking of OpenSSL, the first thing to mention is SSL. When we go online on a daily basis, I'm afraid no one wants to be monitored by others on the Internet. Therefore, we need a protocol to protect our network communication. SSL protocol is based on this background development, it can make the user and server application communication between the attacker can not be eavesdropped, and always authenticate the server, optionally authenticate the user.

SSL is usually built on top of the reliable Transport Layer Protocol (TCP). The advantage of SSL is that it is independent of application layer protocols, and high-level application layer protocols (e.g. HTTP, FTP, TELNET, etc.) can be transparently built on top of SSL. SSL protocol has completed encryption algorithm, communication key negotiation and server authentication before application layer protocol communication. After that, the data transmitted by the application layer protocol is encrypted, thus ensuring the confidentiality of the communication.

S so-called encryption, but is the plaintext through some mechanism into ciphertext, network communication, the use of encryption security mechanisms are: symmetric encryption, public key encryption, one-way encryption.

Symmetric encryption characteristics and defects: encryption and decryption use the same key, the plaintext is divided into fixed-size blocks, one by one encryption. Its defect lies in the excessive number of keys to be managed by both sides of communication, and the difficulty of key distribution. The encryption algorithms are DES, 3DES, AES.

The characteristics of public key encryption: key pairs appear, its encryption algorithms are: RSA, DSA. Its uses are: one is for identity authentication: the sender uses its own private key to encrypt data, and the receiver uses its public key to decrypt; the other is for key exchange: the sender uses the receiver's public key to encrypt data, and the receiver uses its own private key to decrypt. Public key extracted from private key

Unidirectional encryption characteristics: directional output, avalanche effect. The encryption algorithms are MD5, SHA1, SHA256, SHA384, SHA512. A signature commonly used to extract data.

On April 10 this year, the security protocol OpenSSL broke the most serious security vulnerability of the year,"Heartbleed." to get people to take this open source protocol seriously. So what exactly is OpenSSL? OpenSSL can be regarded as SSL library, composed of openssl multipurpose command-line tool, public encryption library libcrypto, and ssl protocol library libssl three major components.

Openssl is a versatile command-line tool that can be used to implement symmetric encryption:

openssl enc -e -symmetric encryption algorithm-a -salt -in file to be encrypted-out encrypted file output path

For example, the file/etc/fstab is encrypted using DES3: openssl enc -e -des3 -a -salt -in /etc/fstab -out /tmp/fstab

Encryption result:

Decryption: openssl enc -d -symmetric encryption algorithm-a -salt -in file to be decrypted-out output path of decrypted file

For example, decrypt the file encrypted above: openssl enc -d -des3 -a -salt -in /tmp/fstab -out /tmp/Fstab

Decryption result:

It can also be used for key exchange in public key encryption: (umask 077;openssl genrsa -out output private key file path)

Extract public key from private key: openssl rsa -in Private key file path-pubout

Note: () indicates that the command is executed in the subshell, umask 077 guarantees access to the private key file

Also available for one-way encryption: openssl dgst -md5|-sha1 -out file output path file to encrypt

For example, encrypt/etc/passwd with md5: openssl dgst -md5 -out /tmp/md5passwd /etc/passwd

It can also be used to generate user passwords: openssl passwd -1 -salt SALT_STRING User password

It can also be used to generate random numbers: openssl rand -hex number of bytes

This article mainly analyzes how to encrypt and decrypt the OpenSSL foundation, the content is detailed and easy to understand, the operation details are reasonable, and it has certain reference value. If you are interested, you may wish to follow Xiao Bian to have a look. Let's follow Xiao Bian to learn more about "how to encrypt and decrypt OpenSSL basics".

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.