Data encryption and decryption and CA fundamentals

1. Encryption method

symmetric encryption : encryption algorithm + password

DES (56bits), 3des,aes (128bits), Blowfish

Characteristics:

Encrypt, decrypt using the same password

Partition the original text into a fixed-size block of data to encrypt the blocks

Disadvantages:

1. Password transmission

2. Too many passwords

Key exchange: (IKE) DH algorithm

User authentication:

Data integrity:

Asymmetric encryption (public key cryptography): Key pair, the public key is generated in the private key,

Encryption algorithm: RSA,EIGAMAL,DSA,

One-way encryption: the ability to produce ciphertext from the plaintext, and vice versa, in strict sense, it is to extract the data signature code

The same data, using the same algorithm, the results of multiple computations must be the same, so often used to verify data integrity

Fixed-length output, regardless of the original data size, the result input size is the same after encryption

$ cryptographic Algorithm $8 bit random character $ encrypted password

Algorithm: MD5: (CENTOS5)

SHA1:

SHA512:(centos6,7 adopted)

:public key infrastucture Public Key Infrastructure

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/73/6C/wKiom1X9IWqgXqbsAAC4gR1hU9s975.jpg "title=" U) V ' wwzm50c8]7fs][@S8PW. png "alt=" wkiom1x9iwqgxqbsaac4gr1hu9s975.jpg "/>

Data-to-one-way encryption-signature--private key encryption--symmetric encryption--the other's public key encryption

Integrity Sender identity authentication Private password transfer

One encrypted communication process

Sent by:

1, using a one-way encryption algorithm to extract the generated data signature;

2, the use of their own private key encryption signature appended to the data;

3. Generate a temporary key for symmetric encryption;

4. Use this temporary key to encrypt the data and the signature that has been encrypted with the private key;

5, using the receiver's public key to encrypt the temporary key, appended to the symmetric encrypted data behind;

Receiving Party:

1, the use of their own private key to decrypt the encrypted temporary key, thereby obtaining a symmetric key;

2, using symmetric key to decrypt symmetric encrypted data and private key encryption of the signature cipher, thus obtaining data and signature cipher;

3. Using the sender's public key to decrypt the signature cipher text, thus obtaining the characteristic code generated from the calculation;

4, using the same one-way encryption algorithm with the other side of the data to calculate the characteristics of the code, and decrypted with the comparison;

Two, OPENSSL

Nist:

Confidentiality:

Data privacy

The privacy of

Integrity:

Data integrity

System integrity

Availability of:

osi:x.800

Security attacks:

Passive attack: monitoring

Active attacks: Spoofing, replay, message tampering, denial of service

Security Mechanisms:

Encryption/decryption, digital signature, access control, data integrity, authentication switching, traffic filling, routing control, notarization

Security services:

Certification

Access control

Data privacy

Connection privacy

No connection confidentiality

Select Domain Privacy

Traffic confidentiality

Data integrity

Non-repudiation

Cryptographic algorithms and protocols:

Symmetric encryption

Public Key Cryptography

One-way encryption

Authentication protocol

Cryptographic algorithms and protocols:

Symmetric encryption: Encryption and decryption using the same key;

Dependent on: Algorithms and Keys;

Security depends on the key, not the algorithm;

1. OpenSSL: Kit, open source program

Libcrypto: A confidential library of common functions

LIBSSL: Functions to implement TLS/SSL

OpenSSL: Multifunctional command tool

Generate keys, create digital certificates, manually encrypt and decrypt data

2, encryption and decryption technology commonly used functions and algorithms :

Symmetric encryption:

Algorithm: DES,3DES,AES,BLOWFISH,TWOFISH,RC6,CAST5

OpenSSL enc-des3-a-salt-in/path/to/input_file-out/path/to/cipher_) file

OpenSSL enc-d-des3-a Salt in/path/to/cipher_file-ouut/path/to/clear_file

One-way encryption:

Algorithm: Md5:128bits

Sha1:160bits

Sha512:512bits

Tool: Sha1sum,md5sum,cksum,openssl dgst

[Email protected]_110 ~]# sha1sum/etc/fstab4c0f1460d21e1141fcd3f93182cb87128702091f/etc/fstab[[email protected]_ ~]# OpenSSL dgst-sha1/etc/fstab SHA1 (/etc/fstab) = 4c0f1460d21e1141fcd3f93182cb87128702091f

3, one-way encryption extension application

MAC: Message Digest Code

Used to ensure the integrity of the data transferred in network communication

Mechanism:

Cbc-mac

Hmac:md5,sha1

User authentication:

Tool: Passwd,openssl passwd

[Email protected]_110 ~]# OpenSSL Passwd-1password:verifying-password: $1$xoanq50h$fzkdh.p7i20vod94ljl6b/[[email protected]_110 ~]# OpenSSL passwd-1 #随机加盐Password: Verifying-password: $1$DBZWMZRR$RBP9WNYETYA9ZC9ICSHVG /[[email protected]_110 ~]# OpenSSL passwd-1-salt 123abc Password: $1$123abc$rloks30ubzu06dor0weqd/[[email protecte d]_110 ~]# OpenSSL passwd-1-salt 123abc "123456" $1$123abc$rloks30ubzu06dor0weqd/

Public Key cryptography: (slow encryption, mainly used for: Identity authentication, key exchange,)

Public key: Pkey

Private key: Skey

Algorithm: Rsa,eigmal

Tool: Gpg,openssl Rsautl

Digital Signature: Private key encryption, public key decryption

Algorithm: RSA,EIGMAL,DSA

Tools:

Data encryption and decryption and CA fundamentals