Home > Others

OpenSSL and CA

Source: Internet
Author: User
Tags openssl enc openssl rsa openssl x509 sha1 asymmetric encryption
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Openssl

Gpg

One-way encryption:

MD4

MD5

SHA1

SHA192, sha256,sha384

CRC-32

Public Key Cryptography (Asymmetric Encryption): (encryption / signature)

identity Authentication (digital signature)

Data Encryption

Key Exchange

RSA: encryption, signing

DSA: Signature

ELGamal

Openssl:ssl 's Open source combat

Libcrpto: Universal Encryption Library

the realization of Libssl:tls/ssl

session-based, identity authentication, data confidentiality and session integrity are implemented Tls/ssl Library

OpenSSL: Multi-purpose command-line tools

Implement a private certification authority,

[[Email protected]~]# openssl speed check encryption of all encryption methods of the current system

[[Email protected]~]# OpenSSL speed des only checks des algorithm

View command Help

[Email protected]~]# Whatis ENC

ENC (1SSL)-Symmetric cipher routines

[[Email protected]~]# man ENC

[Email protected]~]# whatis passwd

passwd (1)-Update user ' s authentication tokens

passwd (5)-Password file

PASSWD[SSLPASSWD] (1SSL)-Compute password hashes

[[Email protected]~]# man sslpasswd

[[Email protected]~]#

[Email protected] ~]# cp/etc/inittab/tmp

[Email protected] ~]# cd/tmp

[[email protected] tmp]# OpenSSL enc-des3-salt-a-in inittab-out inittab.des3 (-des3 encryption algorithm,-a means Base64 encoded data )

Enter DES-EDE3-CBC encryption Password:

Verifying-enter DES-EDE3-CBC Encryptionpassword:

[[email protected] tmp]# ls

b file.pci Inittab Inittab.des3

[Email protected] tmp]#

decrypt the above file. -D decryption

[email protected] tmp]# OpenSSL enc-des3-d-salt-a-in inittab.des3-out inittab

Enter DES-EDE3-CBC decryption Password:

[[email protected] tmp]# ls

b file.pci Inittab Inittab.des3

To calculate the signature of a file:

Md5sum Inittab calculates the Md5 checksum of a file

[Email protected] tmp]# sha

Sha1sum sha224sum sha256sum sha384sum sha512sum sharesec shasum

[Email protected] tmp]# sha1sum Inittab

7f1a11159e1f44a5b2f2f9de2b99ab3f23e0ef1f Inittab

As long as the encryption algorithm, regardless of using the above tools to encrypt the results are the same.

[email protected] tmp]# OpenSSL Dgst-sha1inittab

SHA1 (Inittab) =7f1a11159e1f44a5b2f2f9de2b99ab3f23e0ef1f

[[email protected] tmp]# OpenSSL passwd-1 (-1 using MD5 algorithm)

Password:

Verifying-password:

$1$FY6Z3QXZ$GWSUDSUP92DY.MRRDBTKM0 2 $ to 3 $ between the characters for ' salt '

[[email protected] tmp]# OpenSSL passwd-1-saltfy6z3qxz (-salt designation ' salt ')

Password:

$1$FY6Z3QXZ$GWSUDSUP92DY.MRRDBTKM0 (same password and same cipher string generated by the same salt)

[Email protected] tmp]#

Openssl? the option to view OpenSSL

Rsautl :RSA Encryption and decryption tool

[Email protected] tmp]# Whatis Rand

RAND (3p)-pseudo-random number generator

RAND (3)-pseudo-random number generator

Rand [Sslrand] (1SSL)-Generate pseudo-randombytes

[email protected] tmp]# man Sslrand

OpenSSL rand–base64 generate random numbers

[email protected] tmp]# OpenSSL rand-base64 back heel length

OpenSSL implements a private CA:

    1. Generate a pair of keys

    2. Generate a self-signed certificate

commands that use () only have effects on the child shell , specify the length of the private key and save to the Server.key file

[Email protected]]# (umask 077; OpenSSL genrsa 1024x768 >server1024.key)

Extracting the public key

[Email protected]]# OpenSSL rsa-in server1024.key-pubout

generate a certificate with a key valid 365 days

OpenSSL req–new–x509–key server1024.key–out server.crt–days 365

Country Name (2letter code) [XX]:CN

State or Provincename (full name) []:cq

Locality Name (eg, city) [Default CITY]:JLPQ

Organization Name (eg, company) [Default company LTD]:CQKJ

OrganizationalUnit Name (eg, section) []:it

Common name (eg,your name or your server ' s hostname) []:ca.mylinux.com

Email Address[]:[email protected]

[[Email protected]]#

View certificates

[Email protected]]# OpenSSL x509-text-in server.crt

Vi/etc/pki/tls/openssl.cnf

configuration file

[[email protected]]# ls CA directory must have these files,Cacert.pem is the generated certificate

CACERT.PEM certs CRL index.txt newcerts private serial

Make Private Ca

Executed in the /etc/pki/ca directory.

1 (umask 077; OpenSSL genrsa 2048 >server2048.key)

2 OpenSSL rsa-in Server2048.key-pubout

3 OpenSSL req-new-x509-key server2048.key-out cacert.pem-days 365

4 OpenSSL x509-text-in Server2048.key

5 Touch Index.txt

6 Touch serial

7 echo 01> serial

Sign a certificate

1 cd/etc/httpd

2 mkdir httpd

3 CD httpd

4 mkdir SSL

5 CD ssl/

6 (umask 077; OpenSSL genrsa 2048>httpd.key) server-side creation of a pair of keys

8 OpenSSL req-new-key httpd.key-out HTTPD.CSR fill out a certificate

9 OpenSSL ca-in httpd.csr-out httpd.crt-days 365 Sign Certificate


This article from "Linux operation and Maintenance" blog, declined reprint!

OpenSSL and CA

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
openssl ca bundle openssl extensions v3 ca openssl ca sign openssl create ca man openssl ca openssl ca example no client certificate ca names sent openssl

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More