OpenSSL and CA

Source: Internet
Author: User
Tags openssl enc openssl rsa openssl x509 sha1 asymmetric encryption

Openssl

Gpg

One-way encryption:

MD4

MD5

SHA1

SHA192, sha256,sha384

CRC-32

Public Key Cryptography (Asymmetric Encryption): (encryption / signature)

identity Authentication (digital signature)

Data Encryption

Key Exchange

RSA: encryption, signing

DSA: Signature

ELGamal

Openssl:ssl 's Open source combat

Libcrpto: Universal Encryption Library

the realization of Libssl:tls/ssl

session-based, identity authentication, data confidentiality and session integrity are implemented Tls/ssl Library

OpenSSL: Multi-purpose command-line tools

Implement a private certification authority,

[[Email protected]~]# openssl speed check encryption of all encryption methods of the current system

[[Email protected]~]# OpenSSL speed des only checks des algorithm

View command Help

[Email protected]~]# Whatis ENC

ENC (1SSL)-Symmetric cipher routines

[[Email protected]~]# man ENC

[Email protected]~]# whatis passwd

passwd (1)-Update user ' s authentication tokens

passwd (5)-Password file

PASSWD[SSLPASSWD] (1SSL)-Compute password hashes

[[Email protected]~]# man sslpasswd

[[Email protected]~]#

[Email protected] ~]# cp/etc/inittab/tmp

[Email protected] ~]# cd/tmp

[[email protected] tmp]# OpenSSL enc-des3-salt-a-in inittab-out inittab.des3 (-des3 encryption algorithm,-a means Base64 encoded data )

Enter DES-EDE3-CBC encryption Password:

Verifying-enter DES-EDE3-CBC Encryptionpassword:

[[email protected] tmp]# ls

b file.pci Inittab Inittab.des3

[Email protected] tmp]#

decrypt the above file. -D decryption

[email protected] tmp]# OpenSSL enc-des3-d-salt-a-in inittab.des3-out inittab

Enter DES-EDE3-CBC decryption Password:

[[email protected] tmp]# ls

b file.pci Inittab Inittab.des3

To calculate the signature of a file:

Md5sum Inittab calculates the Md5 checksum of a file

[Email protected] tmp]# sha

Sha1sum sha224sum sha256sum sha384sum sha512sum sharesec shasum

[Email protected] tmp]# sha1sum Inittab

7f1a11159e1f44a5b2f2f9de2b99ab3f23e0ef1f Inittab

As long as the encryption algorithm, regardless of using the above tools to encrypt the results are the same.

[email protected] tmp]# OpenSSL Dgst-sha1inittab

SHA1 (Inittab) =7f1a11159e1f44a5b2f2f9de2b99ab3f23e0ef1f

[[email protected] tmp]# OpenSSL passwd-1 (-1 using MD5 algorithm)

Password:

Verifying-password:

$1$FY6Z3QXZ$GWSUDSUP92DY.MRRDBTKM0 2 $ to 3 $ between the characters for ' salt '

[[email protected] tmp]# OpenSSL passwd-1-saltfy6z3qxz (-salt designation ' salt ')

Password:

$1$FY6Z3QXZ$GWSUDSUP92DY.MRRDBTKM0 (same password and same cipher string generated by the same salt)

[Email protected] tmp]#

Openssl? the option to view OpenSSL

Rsautl :RSA Encryption and decryption tool

[Email protected] tmp]# Whatis Rand

RAND (3p)-pseudo-random number generator

RAND (3)-pseudo-random number generator

Rand [Sslrand] (1SSL)-Generate pseudo-randombytes

[email protected] tmp]# man Sslrand

OpenSSL rand–base64 generate random numbers

[email protected] tmp]# OpenSSL rand-base64 back heel length

OpenSSL implements a private CA:

    1. Generate a pair of keys

    2. Generate a self-signed certificate

commands that use () only have effects on the child shell , specify the length of the private key and save to the Server.key file

[Email protected]]# (umask 077; OpenSSL genrsa 1024x768 >server1024.key)

Extracting the public key

[Email protected]]# OpenSSL rsa-in server1024.key-pubout

generate a certificate with a key valid 365 days

OpenSSL req–new–x509–key server1024.key–out server.crt–days 365

Country Name (2letter code) [XX]:CN

State or Provincename (full name) []:cq

Locality Name (eg, city) [Default CITY]:JLPQ

Organization Name (eg, company) [Default company LTD]:CQKJ

OrganizationalUnit Name (eg, section) []:it

Common name (eg,your name or your server ' s hostname) []:ca.mylinux.com

Email Address[]:[email protected]

[[Email protected]]#

View certificates

[Email protected]]# OpenSSL x509-text-in server.crt

Vi/etc/pki/tls/openssl.cnf

configuration file

[[email protected]]# ls CA directory must have these files,Cacert.pem is the generated certificate

CACERT.PEM certs CRL index.txt newcerts private serial

Make Private Ca

Executed in the /etc/pki/ca directory.

1 (umask 077; OpenSSL genrsa 2048 >server2048.key)

2 OpenSSL rsa-in Server2048.key-pubout

3 OpenSSL req-new-x509-key server2048.key-out cacert.pem-days 365

4 OpenSSL x509-text-in Server2048.key

5 Touch Index.txt

6 Touch serial

7 echo 01> serial

Sign a certificate

1 cd/etc/httpd

2 mkdir httpd

3 CD httpd

4 mkdir SSL

5 CD ssl/

6 (umask 077; OpenSSL genrsa 2048>httpd.key) server-side creation of a pair of keys

8 OpenSSL req-new-key httpd.key-out HTTPD.CSR fill out a certificate

9 OpenSSL ca-in httpd.csr-out httpd.crt-days 365 Sign Certificate


This article from "Linux operation and Maintenance" blog, declined reprint!

OpenSSL and CA

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.