Analyzing the role of PHP Php_openssl.dll

Source: Internet
Author: User
Tags decrypt openssl enc openssl rsa
I. Introduction to OpenSSL
Data encryption is an important part of information transmission. Any information transmitted in clear text is indeed a very unsafe practice. So,
Data needs to be encrypted. Convert plaintext data to ciphertext data before transferring.

OpenSSL is a set of cryptographic tools for the SSL/TLS protocol, which functions as:
1. Generate a private key.
2. Generate a certificate, a digital signature certificate, that contains a public key that can be used to encrypt and decrypt data one-way. That is, data encrypted with the public key can only be used
Private key decryption. Data that is encrypted with the private key can be decrypted using the public key.
3. Calculate the summary of the information.
4.SSL/TLS client and server-side testing.
5. Processing of S/MIME tokens and message encryption.

Two. Introduction to encryption technology.
Encryption, the process of converting plaintext data into ciphertext data. To play a role in the secrecy of the plaintext.
Encryption algorithm: An arithmetic algorithm used in the process of data encryption. Use to convert plaintext to ciphertext.
Key: The encryption algorithm encrypts the plaintext data by doing some arithmetic with the key, and generates the encrypted data. When decrypting, the encryption algorithm passes the key,
Converts the encrypted data back into plaintext data.
Today's encryption technology, encryption algorithms are public, that is, everyone knows how encryption is used. But only with a key.
Decryption of ciphertext. Therefore, the key protection is the core of data security.

Three. Introduction to the use of OpenSSL tools
1. Private key Generation method
To generate a private key, you can use a different digital signature algorithm. The following are presented separately;

#采用DSA算法
$ OpenSSL dsaparam-noout-out dsakey0.pem-genkey 1024
#采用RSA算法
$ OpenSSL genrsa-out Rsakey0.pem 1024
#采用RSA算法 and password protected. When generating the private key, you need to enter a password to protect the private key.
You will also need to enter this password #在使用这个私钥进行加/decryption operation.
$ OpenSSL genrsa-des3-out Rsakey1.pem 10242. How to generate public keys
Generate public key based on private key
#生成dsa算法的公钥
$ OpenSSL dsa-in dsakey0.pem-pubout-out Dsakey0-pub.pem
#生成rsa算法的公钥
$ OpenSSL rsa-in rsakey0.pem-pubout-out rsakey0-pub.pem3. How to generate a self-signed certificate
#产生DSA算法的证书
$ OpenSSL req-x509-key dsakey0.pem-days 365-out mycert-dsa.pem-new
#产生RSA算法的证书
$ OpenSSL req-x509-key rsakey0.pem-days 365-out mycert-rsa.pem-new

4. Using certificates for message encryption
Our Clear letter content:

$ cat Test.txt
111111
222222
333333
444444
Aaaaaa
Use the certificate to encrypt the plaintext letter and output it to the Etest.txt file:
$ OpenSSL smime-encrypt-in test.txt-out etest.txt MYCERT-RSA.PEM View encrypted ciphertext content:

$ cat Etest.txt
mime-version:1.0
Content-disposition:attachment; Filename= "smime.p7m"
Content-type:application/x-pkcs7-mime; Smime-type=enveloped-data; Name= "smime.p7m"
Content-transfer-encoding:base64

Miibyayjkozihvcnaqcdoiibutccau0caqaxgewwgekcaqawujbfmqswcqydvqqg
Ewjbvtetmbega1uecbmku29tzs1tdgf0ztehmb8ga1uechmysw50zxjuzxqgv2lk
Z2l0cybqdhkgthrkagkar71mh4nrx/uwdqyjkozihvcnaqebbqaegycbra1wbwqk
Zj7tcntrxidzqmbc/lu063slkvbk6mqmqt+npfooftzikdfvkldh0yyqhmzdscyq
yutgwoadw6jn0ahrt64uwpokoael9rvqp9vgtifc/uxis5ueyzcws1z7jsih8aa+
Da/dqn0socx85odk/tdewnx8mtaybbvf4jbzbgkqhkig9w0bbwewggyikozihvcn
Awiwdgicakaecnxsgij2s+1ugdc6jknpl+rdybcddcyph+bmyjqrup0he/gq5wsj
The sv8cdkoudvy5xg440yial3z3ysi= uses the private key to decrypt and output to the Dtest.txt file:

$ OpenSSL smime-decrypt-in etest.txt-inkey rsakey0.pem-out dtest.txt View the decrypted message content exactly as it was in the original plaintext letter.

$ cat Dtest.txt
111111
222222
333333
444444
Aaaaaa

5. Simple File encryption
Clear Text File contents:

$ cat Test.txt
1
22
333
4444
55555
Hello encrypted plaintext file, output as Test.enc file, enter "123123" as the encryption password:

$ OpenSSL enc-aes-256-cbc-salt-in test.txt-out Test.enc
Enter AES-256-CBC encryption Password:
Verifying-enter AES-256-CBC Encryption Password: Decrypt ciphertext, enter "123123" as the decryption password:

$ OpenSSL enc-d-aes-256-cbc-in Test.enc
Enter AES-256-CBC decryption Password:
1
22
333
4444
55555
Hello

6. Simple string encryption
Encrypted using the Base64 method:

$ echo "Encode Me" | OpenSSL enc-base64
zw5jb2rlig1lcg== decryption, you need to know the encryption algorithm to decrypt:

$ echo "zw5jb2rlig1lcg==" | OpenSSL enc-base64-d
Encode me

7.SSL testing of clients and servers
Using the private key and certificate to start the SSL server, the "-www" function is to send a status information Web page to the client when the client connects to the server.

OpenSSL S_server-key Mykey.pem-cert mycert.pem-www Connect to the SSL server, the client obtains the server's certificate:

OpenSSL s_client-connect localhost:4433

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.