OpenSSL encryption System (not finished)

Fundamentals of Cryptography

OpenSSL ported to ARM Development Board reference http://blog.chinaunix.net/uid-27717694-id-3530600.html

1. Public and private keys :

The

Public and private keys are commonly known as asymmetric encryption, and are improved from previous symmetric encryption (using user names and Passwords). Explain the principle in e-mail.
      The purpose of using public and private keys is to implement secure e-mail, which must be done for the following purposes:
      1. The content I send to you must be encrypted and cannot be seen by others during the transmission of the message.
      2. I must be sure that I sent the mail, not others impersonating me.
      The two people who must send mail to achieve such a goal have both a public key and a private key.
      Public Key, is for everyone to use, you can publish by e-mail, can be downloaded through the website, the public key is actually used for encryption/verification. The private key, is his own, must be very careful to save, preferably with a password, the private key is used to decrypt/seal, first of all the key ownership, the private key only personal ownership. The function of public key and private key is: the content encrypted with public key can only be decrypted with private key, and the content encrypted with private key can only be decrypted with public key.
      For example, I'm going to send you an encrypted message. First, I have to have your public key, and you have to have my public key.
      First, I use your public key to encrypt this message, so that the message is not seen by others, and ensure that the message is not modified during the transfer process. After you receive the email, you can decrypt it with your private key and you can see the content.
      Next I use my private key to encrypt this message, and after sending it to your hand, you can decrypt it with my public key. Because the private key is only in my hand, this ensures that this email is sent to me.
      when a->b data, a will use B's public key encryption, so as to ensure that only B can unlock, otherwise the general public can unlock the encrypted message, is to the confidentiality of the information. Verification is the use of the mechanism of the signing of the seal, A transmission of information to everyone, will be the signature of their own private key, so that all the people who receive the message can use a's public key for verification, you can confirm that the message was sent by a.

2. Digital certificate

The principle of digital certificate----can be understood as the packaging of public key + public key owner information, issued by the authority, cannot replace

The digital certificate adopts the public key system, which uses a pair of matching keys to encrypt and decrypt. Each user sets a specific private key (private key) that is only known to me, decrypts and signs it, and sets a public key (public key) to be shared with a group of users to encrypt and verify the signature. When a confidential file is sent, the sender encrypts the data with the receiver's public key, and the receiver decrypts it with its own private key, so that the information can arrive at the destination safely and without error. The encryption process is ensured by means of a digital process, that is, only the private key can be decrypted. In the public key cryptosystem, the RSA system is commonly used.
The user can also use their own private key to the information processing, because the key is only for me, so that the others can not generate files, also formed a digital signature. With digital signatures, you can confirm the following two points:
(1) The guarantee information is sent by the signer's own signature, the signer can not deny or difficult to deny;
(2) guarantee that the information has not been modified since it was issued, and that the documents issued are real documents.

SSL protocol

The SSL protocol, which is located between the TCP/IP protocol and various application layer protocols , utilizes data encryption techniques to ensure that data is not intercepted and tapped during transmission over the network .

The SSL protocol can be divided into two tiers: SSL record Protocol (SSL recorder Protocol): It is built on a reliable transport protocol (TCP), providing support for the basic functions of data encapsulation, compression and encryption for high-level protocols . SSL Handshake Protocol (SSL handshake Protocol): It is based on the SSL logging Protocol, which is used to authenticate, negotiate cryptographic algorithms, exchange encryption keys, etc. before the actual data transfer begins.

About OpenSSL

OpenSSL is a strong Secure Sockets Layer cipher library that includes key cryptographic algorithms, common key and certificate encapsulation management functions, and SSL protocols, and provides a rich set of applications for testing or other purposes.

OpenSSL encryption System (not finished)