In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-06 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
Based on the previous article, we know the encryption methods and algorithms used in data encryption, as well as some authentication bodies.
So this article is used for practical operation, how to use commands to complete the encryption and decryption of data.
First of all, before you do this, you need to know about two protocols about secure transmission: SSL and TLS.
SSL: (Secure Socket Layer, secure socket layer), a protocol layer between reliable connection-oriented network layer protocols and application layer protocols. SSL ensures privacy by authenticating each other, using digital signatures, and using encryption to ensure secure communication between the client and the server. The protocol consists of two layers:
TLS: (Transport Layer Security, transport layer security protocol), used to provide confidentiality and data integrity between two applications.
SSL is developed by Netscape to protect Web communications for users, and the current version is 3.0. The latest version of TLS 1.0 is a new protocol developed by IETF (Engineering Task Force). It is based on the SSL 3.0 protocol specification and is a successor to SSL 3.0.
After understanding the above two protocols, the next step is to use the OpenSSL program to implement the above security protocols
OpenSSL is an open source project; it mainly consists of the following three components:
Openssl; versatile command line tool
Library of encryption and decryption algorithms implemented by libcrypto;
Libssl; Library for realizing SSL/TLS function
How to use openssl:
㈠ symmetric encryption
Symmetric encryption uses openssl. The standard command is enc. The specific usage is as follows:
Openssl enc-ciphername [- in filename] [- out filename] [- e] [- d] [- a/-base64] [- salt]
Common options:
-ciphername: algorithm name, including des3, des, aes, rc4,...
-e: encryption
-d: decrypt
-a/-base64: encoding in plain text format
-salt: add random salt
-in filename: the file path to be encrypted
-out filename: the output path of the encrypted file
Example:
[root@XZC ~] # mkdir / shiyan
[root@XZC ~] # cd / shiyan/
[root@XZC shiyan] # cp-a / etc/fstab. /
[root@XZC shiyan] # ls
Fstab
[root@XZC shiyan] # openssl enc-e-des-a-salt-in. / fstab-out. / fstab.aes
Enter des-cbc encryption password:
Verifying-enter des-cbc encryption password:
[root@XZC shiyan] # ls
Fstab fstab.aes
[root@XZC shiyan] # cat fstab.aes
U2FsdGVkX1/8MReIhI8TC8rl+oSgYbU5+c/bzZut1Kv+JylxuubCqgybgIJafKEe
Db1kH6YeCtU+zoAqrQMPdVGtyQ4X3kMPbyFZSRbnv91Ouj8QJxpjkO3ja5o3/qFk
AJ7HtP8R3cyXiKynOzu7M2zNU4N7uKDz2G1QOCY/ZB1ds7mT7CkM27vnGkisjxTy
3CiFZQZ0xex6P3MGK78IoWPMyv3tYnLb0Bz9vDbfWXWnj8ImEWSg0G1SbkZyTvcm
T13PrzzaRiP11JOSB1isG3Qz9G2r8hp/0SbqduIyeZtvTr2GmsGz5AZpULakT31s
ILmgfHtGtWCN0EGEbVh9zLzS7UsAY4D/r03iePY/BiGnEPY4leFqqOFfuqBL/1ec
8LkiKB2LAvRnQI4LLWzEPXTysk67ETqiXHZrOtKWE744qFkRAK9kliUT7R8KtefQ
Gl+0dWI0ODNbbdL+j9s+VZB4YdlFYXacfOhiA5Qb1R69S52RmErx+kvjq1XmwoVx
Ld0lcctrEeSsF2jMReSpZ84gmyvMC511VYMlL9QLYn6BFFE65ycXZuQfv43GRQKu
OeYYooaswQJQ5E4SjPQDMfSBgxblZqmIxuhKBH1Mve1FQZLAo9YZsn/CrzpOTSqa
W57DkPY8U9A2Zdz5I4qC05wCQoXhoLcmXmc6f4keHLK4IVtOOHa/7OIKn3bHpUyG
O/Aw4fNXYbwyst4yROvXQEJPKpmg6lD/Som0K6tDGvEyX/BZAgJu+5pInhDGLnaR
+ OkEyTN3otEXGytApEW2gxunQS3UFHzK+swVstUzjHYipXvzTBR0C3Aq4NkxWoK2
WeSYlDr6FujaqMIY6wbUoMR+gD7WdstDyVfgZtOo+sXMpagB8VEsAXtPHSow50yn
5iQdUrMRCUb70Cda7/JUNreL+cNAc2ufZaQ7FJl1+VvlxytgZf+9gn/68jHq0D6t
CL+7rwAr+7F9hvuq3BLFrBfid1+1PjUuJABiLaArSsUrmOc7iDB08QJrz6arMQuz
CziR6tCkN6SmiVk1j93WyTvYtjo45CMIye4t8uJsXZVOYmNKmEXfutmmw2Cxfaso
2WUjp8cbank VdkJ2Oqhx8cmYOnZWg5OmIEPTQvCmbRpbhGnsfvaoxdbR2mkXEXDnq0 +
L6Hvg pH bind 0g0 =
㈡ one-way encryption
The standard command for openssl used in one-way encryption is dgst. The specific usage is as follows:
Openssl dgst-ciphername / PATH/TO/SOME_FILE
Example:
[root@XZC ~] # echo "hello gril" | openssl dgst-md5
(stdin) = 886b7588265e1ddcaeb8f0c025efc167
[root@XZC ~] # openssl dgst-md5 / shiyan/fstab
MD5 (/ shiyan/fstab) = e05f16e951766776dbb825646b21dae1
㈢ generates random numbers
Random numbers are generated using openssl's standard command rand. The specific usage is as follows:
Openssl rand [- out file] [- rand file (s)] [- base64] [- hex] num
Example:
[root@XZC ~] # openssl rand-hex 10
B957e6cd51ff87ef47bd
[root@XZC] # openssl rand-hex-out / shiyan/a.rand 10
[root@XZC ~] # cat / shiyan/a.rand
A814ddf429ce79b2f296
㈣ generates user password
The user password is generated using passwd in the openssl standard command
Openssl passwd [- 1] [- salt string] [- stdin]
Common options:
-1: use md5 encryption algorithm
-salt string: add random numbers, up to 8 digits
-stdin: encrypts the content entered by the standard
Example:
[root@XZC ~] # echo "xuzongchao123" | openssl passwd-1-stdin
$1$ kRWLNvyk$HD1pT6kFEzSquqKSyOGeZ0
[root@XZC ~] # openssl passwd-1-salt `openssl rand-base64 10`
Password:
$1 $VY1BfSc9 $lkI2LeSIk3Ye5hTBWMvcQ.
Public key encryption algorithm generated by ㈤
The private key to generate the RSA algorithm is: openssl genrsa
To extract the RSA public key from the private key is: openssl rsa
Openssl genrsa [- out filename] [- des] [- des3] [- idea] [- f4] [- 3] [numbits]
-numbits: the size of the generated private key. Default is 2048.
Example:
[root@XZC] # (umask 077; openssl genrsa-out / shiyan/ga.genrsa 4096)
# parentheses mean to run the command in a child shell and use the umask mask to modify the permissions of the generated file
Generating RSA private key, 4096 bit long modulus
.... . + +
... + +
E is 65537 (0x10001)
[root@XZC ~] # ls-dl / shiyan/ga.genrsa
-rw-. 1 root root 3243 August 11 15:41 / shiyan/ga.genrsa
[root@XZC ~] # cat / shiyan/ga.genrsa
-BEGIN RSA PRIVATE KEY-
MIIJKQIBAAKCAgEA8+W/qjcEKMnbzLmCHxf2oigkTpuA11eVtD5ZvpMSH78ZtQvU
AuyRxrwqnr7Jvge2AawA6F7JvyBEux5v1AImFXFyBZpK9yMe/WUEyjKLrToA151b
ID6KbrT8OGGE0fNdNY+UuR1hvZ1Hz/+rjVZVDYKtnhi8TxrLPuTSaA90tn4WCajh
UtSn9d7tmBhBNmW0AEZIxFc2VnX9HexGGWR1sCcYV6oeojxv+1BZHPmcyB7zeQuB
AH1cB3c/mUKMdXBEgMUXf9BMycJpAZL3qzXpig5GHN6VKsAA6ELNmXmBaCEfDhH1
Bv2jetGAwL8GaImX0I+q6qjKp56NGI3tRfi420Ut7/kDFreqm8wUXykZMRGTaQic
3s0t5Q/jBMFjD6cBEvijzyLVSfhP3C2Tsb9pdEFquj8A7O47NtH0hermujq7ycqz
Dj0CuzjCsWfBooJfn2CIylQixl109gyvYuJ5q6xyNIwKCAQA1AYuaNo4Y/EXZW2Y
M0Fx/RZCrohs2rEcTxSRTvmenH9cGYn+tKmE4PcuyrulYkV88TmpRL12f64v1V3h
-END RSA PRIVATE KEY-
Openssl rsa [- in filename] [- out filename] [- pubout]
-pubout: extract the public key according to the private key, do not generate a file, and output the result on the display screen
Example:
[root@XZC] # openssl rsa-in / shiyan/ga.genrsa-pubout
Writing RSA key
-BEGIN PUBLIC KEY-
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA8+W/qjcEKMnbzLmCHxf2
OigkTpuA11eVtD5ZvpMSH78ZtQvUauyRxrwqnr7Jvge2AawA6F7JvyBEux5v1AIm
LoR7sgFWoRASmiZCyAHPntzQUralQluU5xqinzXigO6CtKoAlyj/GU7xa+jW3aN8
G4NWwel6W9ZB9S6scPd1pj5efUwKZ+4nbzu96upppsmLdTuftDab513IYEA5iiRq
UeHCh6/oCC4ZMSiLSuOLQx8CAwEAAQ==
-END PUBLIC KEY-
㈥ establishes a private CA
① creates a private key file for CA
~] # (umask 077; openssl genrsa-out / etc/pki/CA/private/cakey.pem 4096)
② generates self-signed certificate
~] # openssl req-new-x509-key / etc/pki/CA/private/cakey.pem-out / etc/pki/CA/cacert.pem-days 3653
-new: generate a new certificate signing request
-x509: generate self-signed certificates and issue self-signed certificates for private CA
-key: specify the path to the private key file of CA
-out: generate the path saved by the self-signed certificate
-days: sets the validity period of the certificate (in days)
③ satisfies the layout of directory-level and text files necessary for CA:
~] # touch / etc/pki/CA/index.txt
~] # echo 01 > / etc/pki/CA/serial
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.