Openssl
Gpg
One-way encryption:
MD4
MD5
SHA1
SHA192, sha256,sha384
CRC-32
Public Key Cryptography (Asymmetric Encryption): (encryption / signature)
identity Authentication (digital signature)
Data Encryption
Key Exchange
RSA: encryption, signing
DSA: Signature
ELGamal
Openssl:ssl 's Open source combat
Libcrpto: Universal Encryption Library
the realization of Libssl:tls/ssl
session-based, identity authentication, data confidentiality and session integrity are implemented Tls/ssl Library
OpenSSL: Multi-purpose command-line tools
Implement a private certification authority,
[[Email protected]~]# openssl speed check encryption of all encryption methods of the current system
[[Email protected]~]# OpenSSL speed des only checks des algorithm
View command Help
[Email protected]~]# Whatis ENC
ENC (1SSL)-Symmetric cipher routines
[[Email protected]~]# man ENC
[Email protected]~]# whatis passwd
passwd (1)-Update user ' s authentication tokens
passwd (5)-Password file
PASSWD[SSLPASSWD] (1SSL)-Compute password hashes
[[Email protected]~]# man sslpasswd
[[Email protected]~]#
[Email protected] ~]# cp/etc/inittab/tmp
[Email protected] ~]# cd/tmp
[[email protected] tmp]# OpenSSL enc-des3-salt-a-in inittab-out inittab.des3 (-des3 encryption algorithm,-a means Base64 encoded data )
Enter DES-EDE3-CBC encryption Password:
Verifying-enter DES-EDE3-CBC Encryptionpassword:
[[email protected] tmp]# ls
b file.pci Inittab Inittab.des3
[Email protected] tmp]#
decrypt the above file. -D decryption
[email protected] tmp]# OpenSSL enc-des3-d-salt-a-in inittab.des3-out inittab
Enter DES-EDE3-CBC decryption Password:
[[email protected] tmp]# ls
b file.pci Inittab Inittab.des3
To calculate the signature of a file:
Md5sum Inittab calculates the Md5 checksum of a file
[Email protected] tmp]# sha
Sha1sum sha224sum sha256sum sha384sum sha512sum sharesec shasum
[Email protected] tmp]# sha1sum Inittab
7f1a11159e1f44a5b2f2f9de2b99ab3f23e0ef1f Inittab
As long as the encryption algorithm, regardless of using the above tools to encrypt the results are the same.
[email protected] tmp]# OpenSSL Dgst-sha1inittab
SHA1 (Inittab) =7f1a11159e1f44a5b2f2f9de2b99ab3f23e0ef1f
[[email protected] tmp]# OpenSSL passwd-1 (-1 using MD5 algorithm)
Password:
Verifying-password:
$1$FY6Z3QXZ$GWSUDSUP92DY.MRRDBTKM0 2 $ to 3 $ between the characters for ' salt '
[[email protected] tmp]# OpenSSL passwd-1-saltfy6z3qxz (-salt designation ' salt ')
Password:
$1$FY6Z3QXZ$GWSUDSUP92DY.MRRDBTKM0 (same password and same cipher string generated by the same salt)
[Email protected] tmp]#
Openssl? the option to view OpenSSL
Rsautl :RSA Encryption and decryption tool
[Email protected] tmp]# Whatis Rand
RAND (3p)-pseudo-random number generator
RAND (3)-pseudo-random number generator
Rand [Sslrand] (1SSL)-Generate pseudo-randombytes
[email protected] tmp]# man Sslrand
OpenSSL rand–base64 generate random numbers
[email protected] tmp]# OpenSSL rand-base64 back heel length
OpenSSL implements a private CA:
Generate a pair of keys
Generate a self-signed certificate
commands that use () only have effects on the child shell , specify the length of the private key and save to the Server.key file
[Email protected]]# (umask 077; OpenSSL genrsa 1024x768 >server1024.key)
Extracting the public key
[Email protected]]# OpenSSL rsa-in server1024.key-pubout
generate a certificate with a key valid 365 days
OpenSSL req–new–x509–key server1024.key–out server.crt–days 365
Country Name (2letter code) [XX]:CN
State or Provincename (full name) []:cq
Locality Name (eg, city) [Default CITY]:JLPQ
Organization Name (eg, company) [Default company LTD]:CQKJ
OrganizationalUnit Name (eg, section) []:it
Common name (eg,your name or your server ' s hostname) []:ca.mylinux.com
Email Address[]:[email protected]
[[Email protected]]#
View certificates
[Email protected]]# OpenSSL x509-text-in server.crt
Vi/etc/pki/tls/openssl.cnf
configuration file
[[email protected]]# ls CA directory must have these files,Cacert.pem is the generated certificate
CACERT.PEM certs CRL index.txt newcerts private serial
Make Private Ca
Executed in the /etc/pki/ca directory.
1 (umask 077; OpenSSL genrsa 2048 >server2048.key)
2 OpenSSL rsa-in Server2048.key-pubout
3 OpenSSL req-new-x509-key server2048.key-out cacert.pem-days 365
4 OpenSSL x509-text-in Server2048.key
5 Touch Index.txt
6 Touch serial
7 echo 01> serial
Sign a certificate
1 cd/etc/httpd
2 mkdir httpd
3 CD httpd
4 mkdir SSL
5 CD ssl/
6 (umask 077; OpenSSL genrsa 2048>httpd.key) server-side creation of a pair of keys
8 OpenSSL req-new-key httpd.key-out HTTPD.CSR fill out a certificate
9 OpenSSL ca-in httpd.csr-out httpd.crt-days 365 Sign Certificate
This article from "Linux operation and Maintenance" blog, declined reprint!
OpenSSL and CA