8.1 Overview of asymmetric cryptographic algorithm directivesA. Asymmetric encryption algorithm also becomes public key algorithm, which solves the problem that the symmetric encryption algorithm key needs to be pre-allocated. Asymmetric Encryption Algorithm features: A1. The encryption key and decryption key are not the same A2. A key in a key pair can be exposed (known as a public key) A3. It is difficult to derive the private key key from the public key B. Digital signature and key exchange pair public key algorithm distinguish key exchange algorithm use public key to encrypt, use private key to decrypt; digital signature calculation The law uses a private key for encryption and decryption with a public key. The key exchange algorithm requires that the decryption key (private key) is difficult to derive from the encryption key (the public key), while the digital signature algorithm requires that the encryption key is difficult to derive from the decryption key8.2 RSA Algorithm directivesRSA algorithm applications generally include two aspects:Key exchange and digital signatures. RSA key encryption is characterized by the input data cannot exceed the length of the RSA key, and the output data length is always the length of the RSA key, and the output output length is always the same as the RSA key length, so for the large amount of data, it is generally necessary to pre-segmentation data. RSA digital signature, usually with the information digest function, so that the encryption can be done in a single time, for example, for a large file, you can first use the SHA1 or MD5 algorithm to convert to 160-bit or 128-bit summary information, using the same information digest algorithm to the file operation to get the information digest value, The RSA algorithm (usually the public key) is then used to decrypt the information digest value of the signer, comparing the newly computed information digest value with the decrypted information digest value. RSAUTL directive: RSA algorithm encryption and decryption GENRSA directive: Secure generation of secure RSA key pair.8.1.1 generating RSA keys
parameter |
function |
out |
output file options |
passout |
password output options |
des,des3 , Idea, aes128,aes192, aes256 |
cryptographic algorithm type options |
f4,3 |
exponential option |
Numbits |
Key length Options |
Directive Parameters:8.1.2 managing RSA keysA. Key format options inform and Outform
data format |
OpenSSL defines |
instruction string parameter |
der encoding |
format_ ANS1 |
d |
PEM encoding |
format_ PEM |
p |
file format |
format_ TEXT |
t |
net encoding |
format_ NETSCAPE |
n |
SGC encoding |
format_ IISSGC |
|
pkcs# 12 encoding |
format_ PCKS12 |
PKCS12, P12 or 1 |
Enginge format |
format_ ENGINE |
e |
B. Information output items text, noout, and modulus use the text option to output the values of the key parameters in clear text, using the modulus option to output modulo values specifically. Use RSA key directive parameters: D. operation type Options sign\verify\ The ENCRYPT\DECRYPTRSAUTL directive provides operation of the RSA algorithm sign: Performing a digital signature operation verify: Digital signature and authentication operation encrypt: Represents the execution of a data encryption operation decrypt: Represents the perform data decryption operation E. Data completion options PKCS\SSL\OAEP and RAW8.3 DH algorithm directivesThe DH algorithm (Diffie-hellman) is one of the earliest public key algorithms for key exchange, and the algorithm is now used in various security protocols.8.3.1 generating DH algorithm parametersdirective:The A.GENDH instruction format DH algorithm parameters include primitives g and modulo n,openssl provide instructions Gendh and Dhparam both can generate DH parameters and can be encoded in a file. B. output file option outout option the DH algorithm parameter output and saved file name, can be standard output device. C. Primitive G option 2 and 5DH The main purpose of the parameter instruction is to generate a common modulus n, and the primitive gram is specified, the current commonly used primitives are 2 and 5. D. Random number file option The Randrand option specifies the random number seed file that is used to generate random numbers, and the file can generally be any type of file. E. Key length option NUMBITSDH the length of the key length of the DH algorithm parameter, so the length of the generated DH algorithm parameter determines the length of the DH key.8.3.2 managing DH algorithm ParametersA. Input and output file options in and OUTB.DH parameter detection options CHECKDH parameter file after a period of time, if you have doubts about the file, you can use the Check option to check the DH parameter. Check four aspects: The modulus is correct, the mode is safe, primitive g is correct and primitive element is appropriate.directive:8.4 DSA Algorithm directivesDSA algorithm is the United States national standard digital Signature algorithm, he has only the digital signature function, and does not have the key exchange function.8.4.1 Generating and Managing DSA key parametersA.dsaparam instruction Format8.4.2 Generating a DSA keyA.GENDSA instruction format The DSA key is generated on the basis of DSA key parameters, and a pair of DSA keys can contain three parts: DSA key parameters (p, Q and g), DSA private key and DSA public key. DSA key parameters are public and can even be shared by a group of network users, that is, the group of network users using the same DSA key parameters to generate their own DSA key pair.8.4.3 managing DSA KeysA.DSA instruction format users often have a variety of strange needs and ideas, especially for security purposes, and the same is true for DSA keys. Input and output format options inform and outform input and output key type options pubin and puout. Input and output file options in and out input and output password options passin and Passout8.5 Summary of this chapterThe key generation, management and usage methods of RSA key algorithm. DH Public key algorithm, DH algorithm is a special algorithm for key exchange. DSA Asymmetric encryption algorithm, which is specially used for digital signature asymmetric encryption algorithm.
08.openssl Asymmetric Cryptographic algorithm directives