Shulou(Shulou.com)06/01 Report--

OpenSSL: commonly known as secure socket

It can encrypt data:

The full name of SSL is: Secure Socket Layer can provide secret transmission on Internet, and its goal is to ensure the confidentiality and reliability of the communication between two applications. SSL can prevent the communication between user / server applications from eavesdropping, and always authenticate the server. You can also choose to authenticate users. The SSL protocol is based on a reliable transport layer protocol (TCP). SSL protocol has completed the encryption algorithm, communication key negotiation and server authentication before the application layer protocol communication. After that, the data transmitted by the application layer protocol will be encrypted to ensure the privacy of the communication.

1. Types of OpenSSL encryption and decryption and corresponding algorithms

1. Symmetric encryption: encrypt and decrypt data using the same algorithm and the same password

Algorithm: DES, 3DES, AES, Blowfish, Towfish, IDEA, RC6, CAST5

2. Public key encryption of asymmetric encryption: the public key is extracted from the private key. Files encrypted with the private key can only be decrypted using the public key, and vice versa.

Algorithm: RSA, DSA, ELGamal, DH

3. One-way encryption of asymmetric encryption: can only be encrypted, not decrypted, used to extract the signature of the data.

Algorithm: md5, sha series 256,384,512,128

Second, the process of OpenSSL encrypting communication at one time:

Sender:

1. Using one-way encryption algorithm to extract data signature

two。 Encrypt the signature with your own private key and append it to the data

3. Generate a temporary key for symmetric encryption

4. Encrypt the data with this temporary key and the signature that has been encrypted with the private key

5. Encrypt this temporary key using the receiver's public key and add it to the symmetrically encrypted data after

Recipient:

Use your own private key to decrypt the encrypted temporary key to obtain a symmetric key

two。 The symmetric key is used to decrypt the symmetrically encrypted data and the signature ciphertext encrypted by the private key, thus the data and signature ciphertext 3. Decrypt the signature ciphertext using the public key sent by the other party to obtain the data signature

4. The data signature is calculated using the same party term encryption algorithm as the other party, and compared with the decrypted signature.

III. OpenSSL

OpenSSL is a powerful secure socket layer cryptography library, including major cryptographic algorithms, commonly used key and certificate encapsulation management functions, and SSL protocols, and provides rich applications for testing or other purposes.

Components:

(1) libcrypto: encrypt and decrypt library files

(2) libssl: ssl protocol implementation

(3) openssl: multi-purpose command line tool, each function is implemented with special subcommands.

The 2.openssl command uses the format

Openssl command [options] [csr_file] [options] [crt_file] [options]

# openssl+ subcommand + options + parameters

3. Classification of commands:

Standard command

Message digest command

Encryption and decryption related commands

4. You can view the subcommands by typing openssl an enter

You can use the man command again to see the use of subcommands

Use OpenSSL to encrypt and decrypt files

1. Symmetrical encryption

Use the enc tool:

Encryption: # openssl enc-e-CIPHERNAME-a-salt-in / PATH/FROM/SOMEFILE-out / PATH/TO/SOMECIPHERFILE

Decryption: # openssl enc-d-CIPHERNAME-a-salt-in / PATH/FROM/SOMECIPHERFILE-out / PATH/TO/SOMEFILE

One-way encryption:

Extract file signature

# openssl dgst-CIPHER / PATH/TO/SOMEFILE...

Generate user password:

# openssl passwd-1-salt 8bits random number

-1: defaults to md5 algorithm

Generate random numbers:

# openssl rand-hex |-base64 NUM

-base64: text encoding

NUM: number of generated bits

You can use the generated random number to generate the password:

Passwords are automatically saved in / etc/shadow

Public key encryption generates key pairs:

Operation procedure: generate private key

# openssl genrsa-out / PATH/TO/PRIVATE_KEYFILE NUM_BITS

Manually extract the public key from the private key:

# openssl rsa-in / PATH/FROM/PRIVATE_KEY_FILE-pubout

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.