First, the basic knowledge:
1, the Internet man-in-the-middle attacks usually three ways:1) eavesdropping 2) data Tampering 3) session hijacking
2, data encryption commonly used three ways are: symmetric encryption, asymmetric encryption, one-way encryption.
3,ssl:secure socket layer, secure socket layers.
4. TLS:Transport Layer Security, which functions like SSL.
5, random number generator:/dev/random and /dev/urandom. -salt: Dependent on the random number generator.
6. Source of random number: entropy pool and pseudo-random number generator. The random number in the entropy pool comes from the block device interrupt and the keystroke interval between the keyboard and the mouse, and the random number in the pseudo-random number generator comes from the entropy pool and software generation.
7. OpenSSL rand [base64] num can also be used to generate random numbers.
8,echo–n "QQ" |openssl Base64, said to do base64 code QQ.
Second, symmetric encryption:
1, the encrypting party and the decryption party use the same key.
2, encryption and decryption speed is relatively fast, suitable for long-time data use.
3, the process of key transmission is not safe, and easy to be cracked, key management is also more troublesome.
4, encryption algorithm:DES (Data Encryption Standard),3DES,AES (AdvancedEncryption Standard, support 128,192, 256,512-bit key encryption),Blowfish.
5. Cryptographic tools:OpenSSL,gpg (PGP tools )
Third, asymmetric encryption (public key cryptography):
1, each user with a pair of key encryption: public and private keys.
2, public key encryption, private key decryption, private key encryption, public key decryption.
3, the process of public key transmission is unsafe, easy to be stolen and replaced.
4, because the key used by the public key length is very long, so the public key encryption speed is very slow, generally do not use it to encrypt.
5, a user with their private key encryption, other users with their public key decryption, to achieve the role of digital signature.
6. Another function of public key cryptography is to implement key exchange.
7, encryption and Signature algorithm:RSA,ELGamal.
8, Public key signature algorithm:DSA.
9. Encryption tools:GPG,OpenSSL
Four, one-way encryption:
1, Characteristics: avalanche effect, fixed-length output and irreversible.
2, the role is: to ensure the integrity of the data.
3, encryption algorithm:MD5 (standard key length 128 bits),SHA1 (standard key length 160 bits),MD4,CRC-32
4, encryption tools:md5sum,sha1sum,OpenSSL dgst.
5, calculate the hash value of a file , for example:md5sum/shalsum filename,openssl dgst–md5/-sha1 FileName.
V. Two mechanisms for key exchange:
1, the Public key encryption implementation: The sender uses the receiver's public key to encrypt its own key, the receiver uses its own private key to decrypt the sender's key, and vice versa, thus realizing the key exchange.
2, using the DH algorithm: the precondition sender and the receiving party to negotiate the use of the same large prime number p and generate a few g, the respective generated random number x and Y. The sender sends the value generated by the X-square mod p of G to the receiver, and the recipient sends the value generated by the G's Y-order mod p to the sender, and the sender takes an x- square operation on the received result . the y-square operation, the final password formation, the key exchange is complete.
Vi. the mechanisms used to achieve data integrity, data encryption, and authentication are as follows:
Suppose Bob and Rose are communicating:
1 "Encryption Process:
Bob uses a one-way encryption algorithm to derive the signature that sends the data (for data integrity detection), andBob encrypts the signature (for authentication) with his private key, and puts the signature behind the data. Bob regenerates a password D, encrypts the encrypted signature and data with this password (for data encryption), the resulting data is called Q, and finally encrypts the password D with Rose's public key and puts D behind the Q.
2 "Decryption process:
Rose uses her private key to decrypt the D, then decrypts the data and encrypts the signature with D, then decrypts the signature with Bob's public key, and if it can be decrypted, the data is sent by Bob, and vice versa. Finally, a one-way encryption algorithm is used to calculate the characteristic code of the data, by comparing the sent signatures and rose by the computed signatures to determine if the data has been tampered with, if the signature is consistent, the data has not changed, if the signature is inconsistent, the data has changed.
Seven,OpenSSL:
1) Component:Libcrypto: Encryption library.
LIBSSL: A library that implements SSL functionality.
OpenSSL: A versatile encryption tool that provides symmetric encryption, public-key encryption, one-way encryption, and can be used as a simple local ca.
2) in symmetric encryption, use OpenSSL to encrypt a file:
OpenSSL enc-des3-salt-a-in plaintext-out Ciphertext.des3
Use OpenSSL for decryption:
OpenSSL enc-d-des3-salt-a-in ciphertext.des3-out plaintext
3)OpenSSL version: View the release information for OpenSSL.
4)OpenSSL: Enter the command line mode of OpenSSL.
5)OpenSSL speed: Test the rate at which a cryptographic algorithm encrypts different length keys.
6) In public key cryptography,OpenSSL can be used to generate the private key.
OpenSSL GENRSA Specifies the generated private key length > file name saved to
OpenSSL Genrsa [Des3]-out the file name saved to specifies the length of the generated private key
Modify the permissions of the key file while generating the key file: (umask 077; OpenSSL genrsa Specifies the length of the generated private key > The file name saved to)
OpenSSL GENRSA Specifies the generated private key length [-DES3] (Encrypted private key file ) > saved to the file name.
OpenSSL Genrsa [-des3]-out the file name saved to specifies the length of the generated private key
When the private key is generated and the file is not encrypted, the unencrypted private key file can be encrypted and saved using the following format: Thefile name that the OpenSSL RSA in unencrypted private key holds –des3-out /c1>
Decrypt private key:OpenSSL RSA in need to decrypt the private key file –out The file name that you saved to.
7) The public key is extracted from the private key:OpenSSL rsa–in my.key-pubout Specifies the file name that holds the public key.
Three encryption algorithms and two key exchange mechanisms explained