File encryption and decryption of Linux security mechanism

"What is encrypted decryption"

encryption: that is, the process of converting plaintext into redact is to use a special algorithm to change the original information data, so that unauthorized users even obtain the encrypted information, but because of the unknown method of decryption, still can not understand the content of the information.

decryption: is the process of converting ciphertext into plaintext, authorizing users to translate plaintext by using an algorithm corresponding to ciphertext encryption.

"Common cryptographic algorithms and protocols"

Symmetric encryption: The same key can be used as the encryption and decryption of information, which is called symmetric encryption;

used in symmetric encryption algorithm: DES (56), 3DES, AES (128,192,256,384,512), Blowfish, Twofish, Idea, RC6, CAST5, etc.;

    Public Key cryptography: also called Asymmetric encryption, which is the corresponding pair of uniqueness keys (i.e. public key

used in Public key encryption algorithm: RSA, DSA, eigamal, etc.;

One-way encryption: is a non-decrypted encryption method, non-reversible;

used in Public key encryption algorithm: MD5, SHA1, SHA256, SHA384, SHA512, etc.;

Authentication protocol:

IKE protocol (Internet Key Exchange Protocol): commonly used to ensure the security of virtual private network VPN and remote network or host for communication;

SSL (Secure Sockets Layer): A security protocol for network communication that provides security and data integrity.

TLS (Transport Layer Security): is modeled after SSL and is used to provide confidentiality and data integrity between two communication applications.

"Encryption and decryption process"

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/6C/97/wKiom1VMd6zzXPspAAOafGQFKCk158.jpg "title=" Encrypt decrypt. png "alt=" wkiom1vmd6zzxpspaaoafgqfkck158.jpg "/>

"Simple use of the OpenSSL command tool"

OpenSSL is a strong Secure Sockets Layer cipher library that includes key cryptographic algorithms, common key and certificate encapsulation management functions, and SSL protocols, and provides a rich set of applications for testing or other purposes.

1. View OpenSSL version information:

OpenSSL version

[[email protected] ~]# OpenSSL Versionopenssl 1.0.1e-fips #版本信息, when we make a patch or version upgrade will be viewed first;

2, the file is symmetric encryption:

Encryption:OpenSSL enc-des3-a-salt-in/path/from/somefile-out/path/to/somecipherfile

Decryption:OpenSSL enc-d-des3-a-salt-in/path/from/somecipherfile-out/path/to/somefile

[Email protected] tmp]# openssl enc -des3 -a -salt -in /tmp/fstab  -OUT /TMP/FSTAB.SC #-DES3: For the encryption algorithm (can choose according to their own needs), #-a: The encrypted data is Base64 encoded, or decrypted before the data base64 decoding. #-salt: Add salt, this is a magical option, after adding salt, the same plaintext can get different ciphertext. By default, the salt value is generated with the # machine, and you can specify the salt value explicitly using the-s option. #-in: Specifies the file to encrypt, #-out: Specifies the file;enter des-ede3-cbc encryption password:  output after encryption #要求用户输入加密密码 ;verifying - enter des-ede3-cbc encryption password:  #密码确认;[[email  protected] tmp]# cat /tmp/fstab.sc  #下面就是生成的密文了, is not able to understand ~ ~ u2fsdgvkx188aceq1i9xj4wbvbqtjouwe3ka7z9qekwthogv7hwyoasba6f+24rg9icl+4bxyz1vw+ mlcpeaaqotxcplzb7symtpd71jpmuejkdtyrsp4ulwlfnmpa1g#----Slightly---7n9jdtkhbyxlwojabzxqmfcroyf8ri2hge/ 6tlxuq31rniwouxcoz/eux3ixdf2jxfafl6abzqgx1oztm+454w==[[email protected] tmp]# openssl enc  -d -des3 -a -salt -in /tmp/fstab.sc -out /tmp/fstab1 #-d: Decryption ; enter des-ede3-cbc decryption password:  #输入加密使用的密码, the correct input can be decrypted;[[email protected] tmp]# cat fstab1  #解密出来了!! ## /etc/fstab# created by anaconda on mon mar 16 13:43:08  2015## accessible filesystems, by reference, are maintained under  '/ Dev/disk ' # see man pages fstab (5),  findfs (8),  mount (8)  and/or blkid (8)  for more info#/dev/mapper/vg_centos6-lv_root /                        ext4     defaults        1 1#----

3. One-way encryption of files:

OpenSSL dgst [-MD5|-SHA1] [-out/path/to/filename]/path/from/somefile

[[email protected] tmp]# OpenSSL dgst-md5/tmp/fstab #使用md5算法进行单向加密 without-out specifying output # file, default output to desktop; MD5 (/tmp/fstab) = 1dc8426edc4278081c898bdf9806682c[[email protected] tmp]# md5sum/tmp/fstab #用md5sum工具给文件加密 ; 1dc8426edc4278081c898bdf9806682c/tmp/fstab# you can find that no matter what tool you use to encrypt files in one way, the same file will be output the same as the algorithm.

4. Hash the user's password:

OpenSSL passwd-1 [-salt Salt]

-1: indicates the hash algorithm used is MD5;

-salt Salt: Enter a string as a salt ;

[[email protected] tmp]# OpenSSL passwd-1 #使用md5来hash密码; Password: #输入要hash的密码; Verifying-password: #确认输入; $1$mgyuagde$o hkcitf3gv9yzkmzupyw./#hash后的结果; [[email protected] tmp]# OpenSSL passwd-1-salt aapassword: $1$aa$9dcbvi.wtnpfk0cdguo/ W0

5. Generate Random Numbers:

OpenSSL Rand-base64|-hex num

-base64|-hex: base64 encode random strings or display them in hex format;

Num: Specifies a random character that produces a specified length of num bytes;

[[email protected] tmp]# OpenSSL Rand-hex 5 #表示随机生成5bytes的随机数 and displayed with base64 code; C0a6f4c166[[email protected] tmp]# OpenSSL RA Nd-base64 5 #表示随机生成5bytes的随机数 and displayed with hex code; mcpanqi=

6. Generate the private key:

(umask 077; OpenSSL genrsa-out/path/to/keyfile numberofbits)

(command): Indicates that the command inside () runs in a child shell and does not affect the current shell;

Numberofbits: Key Length (unit bit);

[[Email protected] tmp]# (umask 077;openssl genrsa-out/tmp/key) generating RSA private key, bit long modulus.++++++ +++++++++++++++++++++.+++++++++++++++++++++++++++e is 65537 (0x10001) [[email protected] tmp]# Cat/tmp/key #查看生成的密钥文件 ;-----BEGIN RSA PRIVATE KEY-----mcwcaqacbqcyittnagmbaaecbgc3ukucawdsewidamdxagmawq0cakwhagi/og==-----END RSA PRIVATE KEY-----

7. Extract the public key:

      openssl rsa-in/path/from/private_key_file-pubout-out /path/to/ Pub_key_file   

[email protected] ~]# OpenSSL rsa-in/tmp/key-pubout #不指定输出到文件, directly output the public key to the screen; writing RSA key-----BEGIN publicly key-----mcawd qyjkozihvcnaqebbqaddwawdaifalii200caweaaq==-----END Public KEY-----[[E-mail protected] ~]# man OpenSSL rsa[[email Protected] ~]# OpenSSL rsa-in/tmp/key-pubout-out/tmp/key_pub #提取公钥输出至文件; writing RSA Key[[email protected] ~]# CAT/TM P/key_pub-----BEGIN Public Key-----mcawdqyjkozihvcnaqebbqaddwawdaifalii200caweaaq==-----END Public Key-----

This article is from the "Flying Snail" blog, please be sure to keep this source http://ljmsky.blog.51cto.com/2878/1649703

File encryption and decryption of Linux security mechanism