Symmetric encryption: Des,3des AES
Function: Confidentiality is guaranteed only
Asymmetric encryption: (Public key cryptography): It is calculated by mathematical functions. Common RSA,DSS (only encrypted, not signed), ECC (elliptic curve algorithm, more secure than RSA, but immature)
Features: Authentication, key exchange, confidentiality
One-way encryption: Extracts the signature of the data. MD5,SHA1 SHA2 SHA3 (Secure Hash algorithm)
Features: Data integrity
1. The sender calculates the signature of the original data using the selected one-way encryption algorithm.
2. The sender uses its own private key encryption signature, appended to the original data.
3. The sender generates a one-time symmetric key and encrypts the data using this key (raw Data + code after the overweight)
4. The sender encrypts a one-time symmetric key using receiver pays's public key, appended to the encrypted data
5. Send
1. The receiver decrypts the encrypted one-time symmetric key using its own private key:
2, the use of symmetric key to decrypt the data, to obtain the encrypted signature and raw data.
3. Use the public key of the sending to decrypt the encrypted signature.
4. Use the same one-way encryption algorithm as the sender to recalculate the signature of the data and compare it with the decrypted signature. This completes the inspection data integrity operation.
Public Key Distribution
Digital certificates:
X509v3
Version number (versions)
Serial number (): The certificate itself is uniquely identified in the CA:
Signature Algorithm Flags:
Publisher Name:
Validity:
Certificate Principal Name: (Organization (body), individual)
Certificate principal public key information:
Publisher Unique logo
Unique flag for the certificate principal:
Extended:
Signature:
Pki:public Key Infrastructure
End Entity (requester)
Registration Authority (RC)--
Visa Agency (CA)
Certificate Revocation list (CRL) Publishing Authority
Certificate Access Library
Ssl:
STARTTLS: Encryption and non-encryption can be provided on one port.
SSL V1,v2,v3
Tls:transport Lanyer Security
TLS v1
Openssl:
Major packages
Libcrypto: Encrypt, decrypt
LIBSSL: Implementing SSL
openssl version #版本号OpenSSL 1.0.1e-fips 11 feb 20131, encrypt a file [email protected] ~]# openssl enc -des3 -in fstab -e -out Fstab.des3enter des-ede3-cbc encryption password:verifying - enter des-ede3-cbc encryption password:2, decrypt a file [[email protected] ~]# openssl enc -des3 -in fstab.des3 -d -out fstab.txt[[email protected] ~]# cat fstab.txt## /etc/fstab# created by anaconda on thu jun 30 10:38:23 2016 ## accessible filesystems, by reference, are maintained under '/dev/ Disk ' # see man pages fstab (5), findfs (8), mount (8) and/or blkid (8) for more info#/dev/mapper/VolGroup-lv_root / ext4 defaults 1 1UUID=fd2f1ae1-8eef-4211-a9f3-7db3f3379818 /boot Ext4 defaults 1 2........3, Encryption Algorithm openssl dgst -md5 fstab.txt[[email protected] ~]# openssl dgst - md5 fstab.txt #获取文件的特征码, as long as the algorithm is the same, the same signature, with Md5sum can also. MD5 (fstab.txt) = 085b811b0c1b10057c5aa43371234c284, testing the speed of the current host encryption algorithm Openssl speed des-ede3[[email protected] ~]# openssl speed des-ede3Doing des ede3 for 3s On 16 size blocks: 2296748 des ede3 ' S in 3.00sdoing des ede3 for 3s on 64 size blocks: 642682 Des ede3 ' s in 3.00sdoing des ede3 for 3s on 256 size Blocks: 160988 des ede3 ' S in 3.00sdoing des ede3 for 3s on 1024 size blocks: 40291 des ede3 ' S in 3.00sdoing des ede3 for 3s on 8192 size blocks: 5038 des ede3 ' s in 3.00sopenssl 1.0.1e-fips 11 feb 20135, sslpasswd encryption [[email protected] ~]# openssl passwd -1 -salt 12345678password:$1$12345678$xek. cpjquvgdf/p2n9kqf/random number generation [[email protected] ~]# openssl rand -base64 8sjkppyt8nio= [[email protected] ~]# openssl passwd -1 -salt ' openssl rand - Hex4 ' password:$1$openssl $IOYGACZVeLM 3hedyiv5g5.6, generating the private key [[email protected] ~]# openssl Genrsa 1024generating rsa private key, 1024 bit long modulus...................++++++.................++++++e is 65537 (0x10001)-----begin rsa private key-----miicxqibaakbgqdwaz6o19ov7omrg/n7m/ oggzhabmtxr/mekccbh4qo+nuoot/ m9fpgdaex5tnto79udgobenjhu9sjsqrvkmrhbfhgu51nfgakdaqkbd29vvna0c68zrkrmtoxorivwpwyooqris0j04v9ady9frvnbmui0+ symqj4hmaktkszpwidaqabaogbal2d99gxhkwbtvoa/nbmne4zatmx+gehkysvkumamel03xdrqys8siskt9eqy6gyrggw429zu6+ ywtyhxnxkrcmauvixbnlyishuazjx4l+wyaowffnq+1m5tidoqgocsxvlqxb9kehwmqesvxhclaor2q/ nrtoubx7fw2hwjwvbakea8wfxmhigp5ez0ez4kivfiwgizi6mxnzpxx1ioxys+/nt/xmqkhah4ganurd2dfe+kwehls/xwvgii+ tkygfahwjbaongbcsoe+flf7ynzgbyjwaf7n8jepqb/xhduhbj/rvphcddsvttwwgqn/wo+eqx1ijuni7fykxh7i+ 3vtrfauecqbcoi5b6kpqm8dzmxod/byqmsutyvwnph82rx13iyponhmdyiyl73fqh2sbqptej0fdiesnyy0uypy0k7qr6ke0cqqcvy6wufnxes +qvll191+czsewjpef0lamrnor8o7whneioz7vutnwt4pzehnkqzy7ekele5t5giu8/ XBMT87VHAKBAWT02VREXIELBSD9HKSW368SIIB0E1DMZXVMHQNVW7JSTP+/AN6S/V4PACIBDIJCP3AQNU6NG4YRAR0O60IDC-----END RSa private key-----[[email protected] ~]# openssl genrsa 1024 > mykey.privategenerating rsa private key, 1024 bit long modulus .........++++++.......++++++e is 65537 (0x10001) Encrypting private key [[email protected] ~]# Openssl genrsa -des3 2048enter pass phrase:verifying - enter pass phrase:-----Begin rsa private key-----proc-type: 4,encrypteddek-info: DES-EDE3-CBC,2D8AA1C9D62164FB7, generating the public key [[email protected] ~]# openssl rsa -in Mykey.pri -puboutwriting rsa key-----begin public KEY-----miibijanbgkqhkig9w0baqefaaocaq8amiibcgkcaqea8mgapnk2xg1a3lfy+apxfmfyl+1dwgwf03uh/mb47w+ Og0mtybpee5jqsgzr6tlq7znjkjndk9sfv19qqpjmmh+4kqa1nsfqho83ruztfqnckm9/ub3tiocstev08+r80ap7vdsloevroecb46y2vgmmr +kwdhi+ccb4mlwkrsyiixzx2bm4zrot0u/ypia5huymf/e6ig+j4chy2yqpwa1+zuacrphv6qo7n6etvbz+xhvcpeieps+slLwkydnljuf6nx1ptr+0teqchonttalxu5r6+byahdcvtzbl1b20jtg6fqsgtyx3t6j/sdjzlkrumw/lqw5hwwrmoqht0widaqab-----END public key-----Set permissions directly with Umask, be sure to add (). Umask is executed against the shell and is not valid for the current. Otherwise the operation will be 600. [[email protected] ~]# (umask 077; openssl genrsa -out /root/ mykey2.pri 2048) Generating rsa private key, 2048 bit long modulus ...................................+++.........................................+++e is 65537 ( 0X10001) [[Email protected] ~]# ll -h /root/mykey2.pri-rw-------. 1 root root 1.7k 7 month 14 11:47 /root/mykey2.pri #600
Digital certificates, CAS, and Pki,openssl use