1.
One-way encryption: one-way hash (function: extract signatures to ensure data integrity)
2.
Asymmetric encryption: (Role: authentication, Key Exchange) eg: ECB, cbc3.
Symmetric encryption: encryption and decryption use the same key. (Role: Data Encryption) ENC symmetric encryption sub-Password: Encrypted File: [root @ station116 ~] #
OpenSSL ENC-des3-salt-a-in DF-out DF. des3Enter des-ede3-cbc encryption password: verifying-enter des-ede3-cbc encryption password: [root @ station116 ~] # Lsanaconda-ks.cfg desktop install. log. syslogbanner DF lvm1snapbanners DF. des3 mboxbin GETID. Sh nano-1.3.12-1.1.1.gls.i386.rpmdead.letter install. log to view encrypted files, ciphertext: [root @ station116 ~] # Cat DF. des3 u2fsdgvkx1 + release/lkabzln1ka/release/n7qpujjhtt + tbgmplwbgw1/release + c8f/release + release/wi5l5ru11s2x5bgm Aswlqtiyy1vevitzcyo4 + cyx8oeftb7gm3fxpcdh/samples/V/hgll/xmd9wa4qa15iv3ic + logs/logs [root @ station116 ~] # Decrypt the encrypted file: [root @ station116 ~] #
OpenSSL ENC-D-des3-salt-a-in DF. des3-out DF. RecoverEnter des-ede3-cbc decryption password: [root @ station116 ~] # Lsanaconda-ks.cfg desktop install. logbanner DF install. log. syslogbanners DF. des3 lvm1snapbin DF. Recover mboxdead. letter GETID. Sh nano-1.3.12-1.1.1.gls.i386.rpm
The encrypted file has been decrypted.: [Root @ station116 ~] # Cat DF. recover/dev/root/vg01 2.0g 680 m 1.3G 36%/dev/home/vg01 2.0g 34 m 1.9g 2%/home/dev/tmp/vg01 1.9g 36 m 1.8g 2%/tmp/dev/usr/vg01 9.7g 2.1g 7.2g 23%/usr/dev/sda1 114 M 21 m 88 m 19%/boot/dev/MD5 973 M 18 M 906 M 2%/backup/dev/lvm1/myvol 194 m 9.6 m 175 m 6%/share/dev/HDC 8.9 m 8.9 m 0 100%/Media/CDROM [root @ station116 ~] # Des, 3DES, AES, blowfish, twofish, rc6, idea, cast5
4. OpenSSLOpenSSL version-a view version and other parameter information OpenSSL version view version OpenSSL? View the supported sub-commands OpenSSL speed test the speed of the encryption algorithm on the current host OpenSSL speed type test the speed of a host encryption algorithm type: AES, md2, md3, MD5, RSA, des... OpenSSL ciphers displays encryption algorithms of all lengths.
5.
(A -- => B)To communicate with B and transmit data, perform the following steps to encrypt the data to ensure communication security: 1) perform hash calculation on the data, that is, extract the data signature. 2 .) A uses its own key to encrypt the hash. Assume that M1 is obtained and appended to the end of the data (data + M1) 3 .) generate a temporary (for a certain period of time, for security) symmetric key, use this key to encrypt data and the additional Hash (encrypted, I .e. M1) to obtain the ciphertext, assume m2 (Data + m2) (think: why not use asymmetric encryption algorithms?
Reason:Encryption of the same data. asymmetric key algorithms are thousands of times slower than symmetric key algorithms.) 4 .) A uses the public key of B to encrypt the symmetric key, which is assumed to be m3 and appended to the end of the ciphertext. (Data + M2 + m3) (think: How does a get B's public key ?) 5 .) when B receives the data, use its own private key to decrypt the ciphertext 6 .) B uses the public key of a to open the ciphertext, and then uses the symmetric key to decrypt the ciphertext. B uses the public key of a to decrypt the hash value. Hash only calculates the original data and compares the sent data, if they are the same, they are not modified in the middle, and the transmission is correct. (THINKING: How does B obtain a's public key ?) 6. How do the communication parties obtain the public key of the other party? Assume that the communication parties are still a, B1.) A and B need third-party authentication at this time, that is, Ca (the certification authority, which stores the public keys of A and B) Ca sends the CA to a respectively, B issues a certificate (this step will be introduced in the next section * certificates *) 2 .) A wants the public key of B from CA. At this time, CA needs to determine the identity of a and the certificate issued to a by CA. A sends the Certificate Information issued to the ca. After the CA obtains the certificate of a, it encrypts the certificate with the private key of A and attaches the ciphertext to the certificate of, after the certificate and attach the CA Public Key (digital signature, anti-counterfeiting technology) 3 .) after a obtains the certificate and ciphertext sent by the CA, it decrypts it with its own public key. If the obtained data is consistent with the certificate, it can determine the identity of a and send the public key of B to.
