1. Encryption method
symmetric encryption : encryption algorithm + password
DES (56bits), 3des,aes (128bits), Blowfish
Characteristics:
Encrypt, decrypt using the same password
Partition the original text into a fixed-size block of data to encrypt the blocks
Disadvantages:
1. Password transmission
2. Too many passwords
Key exchange: (IKE) DH algorithm
User authentication:
Data integrity:
Asymmetric encryption (public key cryptography): Key pair, the public key is generated in the private key,
Encryption algorithm: RSA,EIGAMAL,DSA,
One-way encryption: the ability to produce ciphertext from the plaintext, and vice versa, in strict sense, it is to extract the data signature code
The same data, using the same algorithm, the results of multiple computations must be the same, so often used to verify data integrity
Fixed-length output, regardless of the original data size, the result input size is the same after encryption
$ cryptographic Algorithm $8 bit random character $ encrypted password
Algorithm: MD5: (CENTOS5)
SHA1:
SHA512:(centos6,7 adopted)
:public key infrastucture Public Key Infrastructure
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/73/6C/wKiom1X9IWqgXqbsAAC4gR1hU9s975.jpg "title=" U) V ' wwzm50c8]7fs][@S8PW. png "alt=" wkiom1x9iwqgxqbsaac4gr1hu9s975.jpg "/>
Data-to-one-way encryption-signature--private key encryption--symmetric encryption--the other's public key encryption
Integrity Sender identity authentication Private password transfer
One encrypted communication process
Sent by:
1, using a one-way encryption algorithm to extract the generated data signature;
2, the use of their own private key encryption signature appended to the data;
3. Generate a temporary key for symmetric encryption;
4. Use this temporary key to encrypt the data and the signature that has been encrypted with the private key;
5, using the receiver's public key to encrypt the temporary key, appended to the symmetric encrypted data behind;
Receiving Party:
1, the use of their own private key to decrypt the encrypted temporary key, thereby obtaining a symmetric key;
2, using symmetric key to decrypt symmetric encrypted data and private key encryption of the signature cipher, thus obtaining data and signature cipher;
3. Using the sender's public key to decrypt the signature cipher text, thus obtaining the characteristic code generated from the calculation;
4, using the same one-way encryption algorithm with the other side of the data to calculate the characteristics of the code, and decrypted with the comparison;
Two, OPENSSL
Nist:
Confidentiality:
Data privacy
The privacy of
Integrity:
Data integrity
System integrity
Availability of:
osi:x.800
Security attacks:
Passive attack: monitoring
Active attacks: Spoofing, replay, message tampering, denial of service
Security Mechanisms:
Encryption/decryption, digital signature, access control, data integrity, authentication switching, traffic filling, routing control, notarization
Security services:
Certification
Access control
Data privacy
Connection privacy
No connection confidentiality
Select Domain Privacy
Traffic confidentiality
Data integrity
Non-repudiation
Cryptographic algorithms and protocols:
Symmetric encryption
Public Key Cryptography
One-way encryption
Authentication protocol
Cryptographic algorithms and protocols:
Symmetric encryption: Encryption and decryption using the same key;
Dependent on: Algorithms and Keys;
Security depends on the key, not the algorithm;
1. OpenSSL: Kit, open source program
Libcrypto: A confidential library of common functions
LIBSSL: Functions to implement TLS/SSL
OpenSSL: Multifunctional command tool
Generate keys, create digital certificates, manually encrypt and decrypt data
2, encryption and decryption technology commonly used functions and algorithms :
Symmetric encryption:
Algorithm: DES,3DES,AES,BLOWFISH,TWOFISH,RC6,CAST5
OpenSSL enc-des3-a-salt-in/path/to/input_file-out/path/to/cipher_) file
OpenSSL enc-d-des3-a Salt in/path/to/cipher_file-ouut/path/to/clear_file
One-way encryption:
Algorithm: Md5:128bits
Sha1:160bits
Sha512:512bits
Tool: Sha1sum,md5sum,cksum,openssl dgst
[Email protected]_110 ~]# sha1sum/etc/fstab4c0f1460d21e1141fcd3f93182cb87128702091f/etc/fstab[[email protected]_ ~]# OpenSSL dgst-sha1/etc/fstab SHA1 (/etc/fstab) = 4c0f1460d21e1141fcd3f93182cb87128702091f
3, one-way encryption extension application
MAC: Message Digest Code
Used to ensure the integrity of the data transferred in network communication
Mechanism:
Cbc-mac
Hmac:md5,sha1
User authentication:
Tool: Passwd,openssl passwd
[Email protected]_110 ~]# OpenSSL Passwd-1password:verifying-password: $1$xoanq50h$fzkdh.p7i20vod94ljl6b/[[email protected]_110 ~]# OpenSSL passwd-1 #随机加盐Password: Verifying-password: $1$DBZWMZRR$RBP9WNYETYA9ZC9ICSHVG /[[email protected]_110 ~]# OpenSSL passwd-1-salt 123abc Password: $1$123abc$rloks30ubzu06dor0weqd/[[email protecte d]_110 ~]# OpenSSL passwd-1-salt 123abc "123456" $1$123abc$rloks30ubzu06dor0weqd/
Public Key cryptography: (slow encryption, mainly used for: Identity authentication, key exchange,)
Public key: Pkey
Private key: Skey
Algorithm: Rsa,eigmal
Tool: Gpg,openssl Rsautl
Digital Signature: Private key encryption, public key decryption
Algorithm: RSA,EIGMAL,DSA
Tools:
Data encryption and decryption and CA fundamentals