Encryption, decryption, and the establishment of a private CA based on OpenSSL for Linux network data transmission

the security of network data transmission is an important subject in the field of computer communication, and data encryption is the main method to ensure data security. The so-called data encryption, that is, through a certain algorithm and key to the data plaintext processing, thus obtaining ciphertext process. The encryption forms in the process of computer network communication mainly include the following types:

    1, symmetric encryption, information encryption and decryption, this encryption method is called symmetric encryption, also known as a single key encryption

Common algorithms:

Des:data Encryption Standard, 56bits

3DES:

aes:advanced encrpytion Standard, (128bits, 192, 384, 512bits)

Blowfish

Twofish

Idea

RC6

CAST5

         2, asymmetric encryption, the symmetric encryption algorithm uses the same secret key when encrypting and decrypting, while the asymmetric encryption algorithm requires two keys for encryption and decryption, both public keys (publicly key, referred to as public key) and private key (privately key, referred to as private key) .

Asymmetric encryption is more secure than symmetric encryption: Both sides of the symmetric encrypted communication use the same secret key, and if a party's secret key is compromised, the entire communication will be cracked. Instead of symmetric encryption, which uses a pair of keys, one for encryption, one for decryption, and a public key that is public, the secret key is stored on its own and does not need to be synchronized with the secret key before communication like symmetric encryption.

The disadvantage of asymmetric encryption is that encryption and decryption take a long time and are slow, and are only suitable for encrypting small amounts of data.

The main algorithms are: Rsa,dsa,elgamal, etc.

3, one-way encryption: that is, the characteristics of data such as MD5, etc., the main features are:

Fixed-length output: No matter how large the original data is, its encryption results in the same length;

Avalanche effect: Small changes in raw data will result in great changes in results;

Non-reversible:

For asymmetric encryption, the distribution of public key becomes an important problem. The technology of digital certificate authentication based on CA Visa institution is the way to solve public key issue. The following is a private CA certificate production distribution process to illustrate the specific process of digital certificate certification:

On the service side:

# (Umask 077;openssl genrsa-out/etc/pki/ca/private/cacert.key 2048)

# OpenSSL Req-new-x509-key/etc/pki/ca/private/cakey.pem-out/etc/pki/ca/cacert.pem-days 1000

# Touch Index.txt

# echo "Serial" >

On the client:

# (Umask 077;openssl genrsa-out/etc/httpd/httpd.key 2048)

#openssl REQ-NEW-KEY/ETC/HTTPD/HTTPD.KEY-OUT/ETC/HTTPD/HTTPD.CSR

Upload the HTTPD.CSR to the service-side signature:

On the service side:

# OpenSSL Ca-in/root/httpd.csr-out/root/httpd.crt-days 1000

Pass the signed certificate, HTTPD.CRT back to the client

Encryption, decryption, and the establishment of a private CA based on OpenSSL for Linux network data transmission