OpenSSL-Data encryption and digital certificates

Functional Applications:

1. Message digest, which generates a message digest for the file or data, and the message digest can only verify the integrity of the data, such as Sha, MD5
2. Data encryption and decryption: Encrypt and decrypt data, OpenSSL implements all cryptographic algorithms
3. Digital certificates: Certificates can be generated from the command line or code, and the certificate contains the public key
4. Digital Signature: Use encryption algorithms to sign data to verify data source reliability, such as RSA
5. Random numbers: Generating a reliable random number

Encryption algorithm:

Hash algorithm: SHA, MD5, etc., irreversible encryption, used to verify the integrity of the data.

Symmetric encryption algorithm: DES, 3DES, Desx, and so on, both sides use the same key for encryption and decryption.

Asymmetric algorithms: RSA, ECC, and so on, both use different keys for encrypting and decrypting, public and private keys. Public key encrypted data can only be decrypted by the private key, and vice versa.

RSA is the most widely used and can be used for both data encryption and digital signatures.

Public and private keys:

Public key: Public, encrypted and decrypted key provided to others, can be provided to many people.

Private key: Can only be used by oneself, not public

Nature: Public and private keys can be encrypted and decrypted, public key encrypted data only the private key can be decrypted, private key encrypted data only the public key can be decrypted.

Application Scenarios:

• Public Key Data encryption

A digital certificate contains a public key that, when a session is connected, exchanges its own public key and retains its private key. Data is encrypted using the public key of the other party when it is transmitted. Encrypted data can only be decrypted by the other person's private key.

• Digital signature of private key

The private key encrypts data, and everyone can decrypt the data with the public key, but only the private key can generate the encrypted data. Can be used for message source validation. Encrypt the data with the private key and tell the user the ciphertext content, the user makes the public key decryption comparison confirms the data source is reliable.

Digital certificates:

The role of digital certificates: Both sides of the communication use public and private keys for encryption and decryption. There is still a risk that when the user's public key is replaced by someone else, they can impersonate the communication. The certificate contains information about the public key provider, such as address, mailbox, domain name, etc., and is provided and encrypted by a third party organization to ensure the reliability of the public key.

Using the certificate, the user compares the certificate information with the source, confirms the reliability of the public key, and the certificate is issued by a third party agency.

Certificate-related files involved in OpenSSL:

• . Key format: Key file
• . CRT Format: Certificate file that contains public key provider information but does not contain a public key
• . CSR format: Certificate signing request file, sent to CA institution for certificate visa issuance
• . CRL Format: Certificate revocation List
• . PEM format: A certificate used to establish the transfer interchange public key for both sides of the encrypted connection, including public key information

OpenSSL-Data encryption and digital certificates