Data encryption process and certificate issuance

Data Encryption Method:
1. symmetric encryption
High encryption efficiency
DES
3DES:
AES: supports encryption of 128 192 256 512 with different lengths
Blowfish
Tools
Openssl enc
Gpg
 
 
2. public key encryption (asymmetric encryption)
The algorithm is complex and the encryption process is slow. It is usually used for key exchange.
Encryption and signature: RSA ELGmal
 
 
Digital Signature: DSA
 
 
3. unidirectional encryption
The encryption process is irreversible and is usually used to implement the abstract features of files and ensure file integrity.
MD5 128
SHA1 160
CRC-32
Tools:
Md5sum
Sha1sum
Openssl dgst
 
 
File verification code:
# Md5sum FILE ==># openssl dgst-md5 FILE
# Sha1sum FILE ==># openssl dgst-sha1 FILE
 
 
Data Encryption implementation in computer networks:
User A sends encrypted files to user B:
1. User A encrypts the file with one-way encryption, generates the abstract signature of the file, and encrypts the signature with its own private key.
2. User A randomly generates A symmetric key to encrypt the file together with the encrypted signature.
3. Use the public key of B to encrypt the symmetric key.
4. Send the Encrypted Key together with the files generated in process 2 to B.
User B receives encrypted data from user:
1. Use your private key to decrypt the file and obtain the symmetric key of.
2. decrypt a file with a symmetric key
3. Use A's public key to decrypt the signature and encrypt the file one-way to form A summary signature. If the two are consistent, the file is sent by user A and has not been tampered.

The Public Key is private in the network, and is properly stored by the user.
The problem here is how the public keys of A and B are transmitted over the network and determined that the public key of A is the public key of B of.
 
 
User B can apply for a certificate from a trusted third-party CA (Certificate Authority). The certificate content includes:
 
 
1. Certificate holder information
II. Information about CA
Iii. certificate usage
Iv. Public Key
 
 
CA uses the private key to encrypt the certificate signature. User A and user B must perform data encryption and transmission. The CA will obtain the certificate of the other party, decrypt the certificate with the CA public key, and compare the signature, in order to realize the authenticity of the certificate, it is determined that it is the certificate of the other party, then you can get the other party's public key, the above process can be carried out
 
 
 
 
 
 
In Linux, you need to create a CA because it is an experiment process. This CA issues a certificate for you.
 
 
CA Server creation:
# Cd/etc/pki/CA
# Vim/etc/pki/tls/openssl. cnf
Dir =.../CA to/etc/pki/CA. This directory is the working directory of CA.
# Openssl genrsa 1024>/private/cakey. pem // generate a private key
# Chmod 600 cakey. pem
# Openssl req-new-x504-key/private/cakey. pem-out cacert. pem-days = 365 // issue your own certificate
Directories and files need to be created for the CA Server
# Mkdir certs crl newcerts
# Touch index. tst serial crlnumber
# Echo 01> the serial number of the file in which serial processes the certificate request starts from 01.
 
 
User requests to CA
Cd/etc/http
# Openssl genrsa 1024> httpd. key
# Openssl req-new-key httpd. key-out httpd. csr // you are required to enter the relevant information when generating a certificate request.
# Scp httpd. csr/CASERVERIPADD:/tmp // cp the httpd. csr file to the CA server and submit the request
 
CA processes user certificate requests
# Openssl ca-in/tmp/httpd. csr-out httpd. crt // issue a certificate
 
Author: Sun Xiang