This article provides a detailed analysis of the role of php_openssl.dll in php.
I. INTRODUCTION to openssl
Data encryption is an important part of information transmission. any information is transmitted in plain text, which is indeed very insecure,
Data must be encrypted. plaintext data must be converted to ciphertext data before transmission.
OpenSSL is a set of encryption tools for SSL/TLS protocols. Its functions include:
1. generate a private key.
2. generate a certificate, that is, a digital signature certificate, which contains a public key that can be used to encrypt and decrypt data in one way. that is, data encrypted using a public key can only be used
Private key decryption. data encrypted using the private key can be decrypted using the public key.
3. computing information summary.
4. SSL/TLS client and server test.
5. encrypt S/MIME tags and emails.
II. Introduction to encryption technology.
The process of converting plaintext data into ciphertext data to protect plaintext data.
Encryption algorithm: an algorithm used in the data encryption process to convert plaintext to ciphertext.
Key: the encryption algorithm encrypts plaintext data by performing some operations with the key. when the encrypted data is generated, the encryption algorithm uses the key,
Convert encrypted data to plain text data.
Today's encryption technology, encryption algorithms are open, that is, everyone knows the encryption method, but only the key can be used.
Ciphertext decryption. Therefore, key protection is the core of data security.
III. Introduction to openssl tools
1. private key generation method
You can use different digital signature algorithms to generate private keys;
# Using the DSA algorithm
$ Openssl dsaparam-noout-out dsakey0.pem-genkey 1024
# Using RSA algorithms
$ Openssl genrsa-out rsakey0.pem 1024
# Use the RSA algorithm and password protection. when generating a private key, you must enter a password to protect the private key.
# Enter this password when using this private key for encryption/decryption.
$ Openssl genrsa-des3-out rsakey1.pem 10242. public key generation method
Generate a public key based on the private key
# Generate the public key of the dsa algorithm
$ Openssl dsa-in dsakey0.pem-pubout-out dsakey0-pub.pem
# Generate the public key of the rsa algorithm
$ Openssl rsa-in rsakey0.pem-pubout-out rsakey0-pub.pem3. method for generating a self-signed certificate
# Generate a certificate for the DSA algorithm
$ Openssl req-x509-key dsakey0.pem-days 365-out mycert-dsa.pem-new
# Generate the RSA algorithm certificate
$ Openssl req-x509-key rsakey0.pem-days 365-out mycert-rsa.pem-new
4. use certificates for email encryption
Our plain text mail content:
$ Cat test.txt
111111
222222
333333
444444
Aaaaaa
Use the certificate to encrypt the plaintext and output it to the etest.txt file:
$ Openssl smime-encrypt-in test.txt-out etest.txt mycert-rsa.pem view encrypted ciphertext content:
$ Cat etest.txt
MIME-type: 1.0
Content-Disposition: attachment; filename = "smime. p7m"
Content-Type: application/x-pkcs7-mime; smime-type = enveloped-data; name = "smime. p7m"
Content-Transfer-Encoding: base64
Bytes
EwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lk
Z2l0cyBQdHkgTHRkAgkAr71mh4NRX/UwDQYJKoZIhvcNAQEBBQAEgYCbrA1WBwQK
Zj7TcNtrxiDzqMBc/lu063slkvbk6mqmqmqt + npFOOFtzIKdFVkldH0YyQhMZDSCyq
YUtGwOaDw6Jn0AHRt64UwPOKoaeL9RVqp9vgtiFC/uXis5UeyZCWS1z7Jsih8Aa +
Da/DQN0sOCX85OdK/tdewnx8m?bbvf4jbzbgkqhkig9w0bbwewggyikozihvcn
AwIwDgICAKAECNxsgiJ2s + 1ugDC6JknPL + rDYBCddcyPH + bMYjqrUP0hE/GQ5WSj
Sv8cdkoudvy5xg440yial3z3ysi.pdf use a private token to perform encryption and export the data to the dtest.txt file:
$ Openssl smime-decrypt-in etest.txt-inkey rsakey0.pem-out dtest.txt view the decrypted mail content, which is exactly the same as the original plain text mail content.
$ Cat dtest.txt
111111
222222
333333
444444
Aaaaaa
5. simple file encryption
Plaintext file content:
$ Cat test.txt
1
22
333
4444
55555
Hello, the plaintext file is encrypted, and the output is the test. enc file. enter "123123" as the encryption password:
$ Openssl enc-aes-256-cbc-salt-in test.txt-out test. enc
Enter aes-256-cbc encryption password:
Verifying-enter aes-256-cbc encryption password: decrypt the ciphertext, enter "123123" as the decryption password:
$ Openssl enc-d-aes-256-cbc-in test. enc
Enter aes-256-cbc decryption password:
1
22
333
4444
55555
Hello
6. simple string encryption
Base64 encryption:
$ Echo "encode me" | openssl enc-base64
ZW5jb2RlIG1lCg = decryption, you need to know the encryption algorithm before decryption:
$ Echo "ZW5jb2RlIG1lCg =" | openssl enc-base64-d
Encode me
7. test the SSL client and server
Use the private key and certificate to start the SSL server. "-www" is used to send a status information webpage to the client when the client connects to the server.
Openssl s_server-key mykey. pem-cert mycert. pem-www connects to the SSL server, and the client will obtain the server certificate:
Openssl s_client-connect localhost: 4433