Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Openssl encryption mechanism

2025-04-01 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

1. Basic knowledge:

1. Three common ways of middleman on the Internet: 1) eavesdropping, 2) data tampering, 3) session hijacking

2. There are three common ways of data encryption: symmetrical encryption, asymmetric encryption and one-way encryption.

3. Ssl:secure socket layer, secure socket layer.

4. TLS:Transport Layer Security, the function is similar to ssl.

5. Random number generators: / dev/random and / dev/urandom. -salt: depends on the random number generator.

6. The source of random number: entropy pool and pseudo-random number generator. The random number in the entropy pool comes from the block device interrupt and the keystroke interval between the keyboard and mouse; the random number in the pseudo-random number generator comes from the entropy pool and software generation.

7. Openssl rand [base64] num can also be used to generate random numbers.

8. Echo-n "QQ" | openssl base64, which means to encode QQ with base64.

Second, symmetric encryption:

1. The encryption party and the secret party use the same key.

2. The speed of encryption and decryption is relatively fast, which is suitable for the use of data for a long time.

3. The process of key transmission is not secure, and it is easy to crack, and key management is also troublesome.

4. Encryption algorithms: DES (Data Encryption Standard), 3DES, AES (Advanced Encryption Standard, which supports 128,192,256,512-bit key encryption), Blowfish.

5. Encryption tools: openssl, gpg (pgp tool)

3. Asymmetric encryption (public key encryption):

1. Each user encrypts with a pair of keys: public key and private key.

2. Public key encryption, private key decryption; private key encryption, public key decryption.

3. The process of public key transmission is not secure and is easy to be stolen and replaced.

4. Because the length of the key used by the public key is very long, the encryption speed of the public key is very slow, so it is generally not used to encrypt.

5. One user encrypts it with his private key, and other users decrypt it with his public key to realize the function of digital signature.

6. Another function of public key encryption is to realize key exchange.

7. Encryption and signature algorithms: RSA, ELGamal.

8. Public key signature algorithm: DSA.

9. Encryption tools: gpg, openssl

4. One-way encryption:

1. Features: avalanche effect, fixed length output and irreversibility.

2. The function is to ensure the integrity of the data.

3. Encryption algorithm: md5 (standard key length 128bit), sha1 (standard key length 160bit), md4, CRC-32

4. Encryption tools: md5sum, sha1sum, openssl dgst.

5. Calculate the hash value of a file, for example: md5sum/shalsum FileName,openssl dgst-md5/-sha1 FileName.

5. Two mechanisms of key exchange:

1. The implementation of public key encryption: the sender encrypts his own key with the receiver's public key, and the receiver decrypts the sender's key with his own private key, and vice versa, so as to realize the key exchange.

2. Using the DH algorithm: the premise is that the sender and the receiver negotiate to use the same large prime number P and the generated number g, and the random numbers X and Y are generated respectively. The sender sends the value generated by g to the X power mod P to the receiver, the receiver sends the value generated by g to the Y power mod P to the sender, the sender does the X power operation to the received result, and the receiver does the Y power operation to the received result, the final password is formed and the key exchange is completed.

6. the mechanisms used to achieve data integrity, data encryption and authentication are as follows:

Suppose Bob and Rose communicate:

1] encryption process:

Bob uses an one-way encryption algorithm to obtain the signature of the sent data (for data integrity testing), and Bob encrypts the signature with its own private key (for authentication) and places the signature after the data. Bob regenerates into a password D, which is used to encrypt the encrypted signature and data (to achieve data encryption). The data generated at this time is called Q. finally, the password D is encrypted with the public key of Rose, and D is placed after Q.

2] decryption process:

Rose decrypts D with its own private key, then uses D to decrypt the data and encrypted signature, and then decrypts the signature with Bob's public key. If it can be decrypted, it shows that the data is sent by Bob, otherwise, it is not. Finally, the signature of the data is calculated by one-way encryption algorithm, and the data is tampered with by comparing the transmitted signature with the signature calculated by Rose. If the signature is the same, the data has not changed; if the signature is inconsistent, the data has changed.

7. Openssl:

1) component: libcrypto: encryption library.

Libssl: a library that implements ssl functions.

Openssl: a versatile encryption tool that can provide symmetric encryption, public key encryption, one-way encryption, and can be used as a simple local CA.

2) in symmetric encryption, use openssl to encrypt a file:

Openssl enc-des3-salt-a-in plaintext-out ciphertext.des3

Use openssl to decrypt:

Openssl enc-d-des3-salt-a-in ciphertext.des3-out plaintext

3) openssl version: view the version information of openssl.

4) openssl: enter the command line mode of openssl.

5) openssl speed: test the rate at which keys of different lengths are encrypted by an encryption algorithm.

6) in public key encryption, openssl can be used to generate a private key.

Openssl genrsa specifies the length of the generated private key > the file name to which it is saved

Openssl genrsa [des3]-the file name to which out is saved specifies the length of the generated private key

Modify the permissions of the key file while generating the key file: (umask 077; openssl genrsa specifies the length of the generated private key > the file name to which it is saved)

Openssl genrsa specifies the length of the generated private key [- des3] (encrypted private key file) > the file name to which it is saved.

Openssl genrsa [- des3]-the file name to which out is saved specifies the length of the generated private key

When the private key is generated and the file is not encrypted, you can encrypt and save the unencrypted private key file in the following format: file stored by openssl rsa in unencrypted private key-file name saved by des3-out

Decryption private key: the private key file that openssl rsa in needs to decrypt-the file name to which out is saved.

7) the public key is extracted from the private key: openssl rsa-in my.key-pubout specifies the file name to save the public key.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report