OpenSSL introduction and compilation steps on Windows, Linux, and Mac systems

OpenSSL introduction and compilation steps on Windows, Linux, and Mac systems

OpenSSL Introduction: OpenSSL is a powerful Secure Socket Layer password library, which includes major cryptographic algorithms, common keys, certificate encapsulation management functions, and SSL protocols, and provides a wide range of applications for testing or other purposes.

SSL is the abbreviation of SecureSockets Layer (Secure Sockets Layer Protocol). It can provide confidential transmission over the Internet. The goal is to ensure the confidentiality and reliability of communications between two applications, and support can be achieved at the same time on the server side and the client side. It has become an industrial standard for secure communication on the Internet.

The Secure Sockets Layer Protocol keeps the communication between users and server applications from being eavesdropped by attackers, and always authenticates the server. You can also choose to authenticate the user. The SSL protocol must be built on a reliable transport layer protocol (TCP. The advantage of the SSL protocol is that it is independent from the application layer protocol, and high-level application layer protocols (such as HTTP, FTP, and TELNET) can be transparently built on the SSL protocol. The SSL protocol has completed encryption algorithms, communication key negotiation, and server authentication before the application layer protocol communication. After that, the data transmitted by the application layer protocol will be encrypted to ensure the privacy of the communication.

Secure channels provided by the SSL protocol have three features: (1) Data Confidentiality: Information Encryption refers to converting plaintext input files into encrypted files using encryption algorithms for data confidentiality. The encryption process requires keys to encrypt data and then decrypt the data. Without a key, the encrypted data cannot be unlocked. After data encryption, only the key must be transmitted in a secure way. Encrypted data can be publicly transmitted. (2) Data Integrity: Encryption can also ensure data consistency. For example, the message Verification Code (MAC) can verify the encrypted information provided by the user. the receiver can use MAC to verify the encrypted data to ensure that the data has not been tampered with during transmission. (3) security verification: Another purpose of encryption is to serve as a personal identity, and the user's key can be used as the identity for security verification. SSL uses public key encryption technology (RSA) as the encrypted communication protocol between the client and the server when transmitting confidential data.

OpenSSL uses C language as the development language, which makes OpenSSL have excellent cross-platform performance. OpenSSL supports Linux, Windows, BSD, Mac, VMS, and other platforms.

The entire OpenSSL software package can be divided into three main functional parts: the SSL protocol library, applications, and cryptographic algorithm library.

OpenSSL provides a complete set of solutions and supports API functions for the generation and management of random numbers. The quality of random numbers is an important prerequisite for determining whether a key is secure.

OpenSSL also provides other auxiliary functions, such as the API for generating keys from passwords, the configuration file mechanism in certificate issuance and management, and so on.

OpenSSL provides methods, functions, and applications for generating various public key pairs and symmetric keys. It also provides DER codec functions for public and private keys. OpenSSL provides encryption protection for private keys in the standard, allowing keys to be securely stored and distributed.

OpenSSL provides eight symmetric encryption algorithms, 7 of which are group encryption algorithms, the only stream encryption algorithm is RC4. these seven group encryption algorithms are AES, DES, Blowfish, CAST, IDEA, RC2, and RC5, all of which support the electronic cipher book mode (ECB), the encrypted group link mode (CBC), the encrypted feedback mode (CFB), and the output feedback mode (OFB. Among them, AES uses the encryption feedback mode (CFB) and output feedback mode (OFB). The group length is 128 bits, while other algorithms use 64 bits.

OpenSSL implements four asymmetric encryption algorithms, including DH algorithm, RSA algorithm DSA algorithm, and elliptic curve algorithm (EC ). DH algorithms are generally used for key exchange. The RSA algorithm can be used for both key exchange and digital signature. The DSA algorithm is generally used only for digital signatures.

OpenSSL Implements Five information digest algorithms: MD2, MD5, MDC2, SHA (SHA1), and RIPEMD. SHA algorithm actually includes SHA and SHA1 information digest algorithms. In addition, OpenSSL implements the two information digest algorithms DSS and DSS1.

OpenSSL applications mainly include key generation, certificate management, format conversion, data encryption and signature, SSL testing, and other auxiliary configuration functions.

The Engine mechanism aims to enable OpenSSL to transparently use third-party software encryption libraries or hardware encryption devices for encryption.

For more details, please continue to read the highlights on the next page:

How to compile OpenSSL win32 in Windows7 64bit + vs2010:

1. Download opensslsource code openssl-1.0.1g version from https://www.openssl.org/source;

2. Download activeperl5.16.3 x64 from http://www.activestate.com/activeperl/downloads( ActivePerl is a script interpreter of perl );

3. install ActivePerl in the Directory D: \ ProgramFiles \ Perl64, open the command prompt, locate it to the Directory D: \ ProgramFiles \ Perl64 \ eg, and execute perl example. pl. If the prompt is Hello fromActivePerl! The installation of Perl is successful. You can start to install OpenSSL using Perl commands;

4. Unzip the openssl-1.0.1g to the E: \ OpenSSL \ openssl-1.0.1g directory;

5. Download NASM 2.07 from http://sourceforge.net/projects/nasm/, install it in D: \ ProgramFiles \ NASM, and add D: \ ProgramFiles \ NASM to the Path of the system environment variable;

6. Locate the command prompt to E: \ OpenSSL \ openssl-1.0.1g;

7. Enter perl Configure VC-WIN32 -- perfix = E: \ OpenSSL \ openssl (install it to E: \ OpenSSL \ openssl );

8. Input ms \ do_nasm;

9. go to C: \ Program Files (x86) \ Microsoft Visual Studio 10.0 \ VC \ bin from the command prompt, and enter vcvars32.bat. Settingenvironment for using Microsoft Visual Studio 2010x86 tools is displayed. if this step is not completed, nmake is not an internal or external command;

10. navigate the command prompt to E: \ OpenSSL \ openssl-1.0.1g again;

11. After nmake-f ms \ ntdll. mak prepare is executed, an out32dllfolder will be generated in the openssl-1.0.1gdirectory, containing a few static databases and .exe files;

12. Enter nmake-f ms \ ntdll. mak test. If passed all tests is displayed, the generated database is correct;

13. Enter nmake-f ms \ ntdll. mak install; the four folders bin, include, lib, and ssl will be generated in the E: \ OpenSSL \ openssl directory;

14. The above compilation is the release library, if the debug library is compiled, the above 7th steps in the VC-WIN32 into a debug-VC-WIN32;

15. If the static library is compiled, replace ms \ ntdll. mak with ms \ nt. mak;

16. if a library without Assembly support is generated, replace steps 7th and 8 above with perl Configure VC-WIN32 no-asm -- prefix = E: \ OpenSSL \ openssl and ms \ do_ms;

17. Include the appropriate Assembly file in the E: \ OpenSSL \ openssl-1.0.1g \ tmp32dll folder.

Compile the corresponding library and Assembly file in win64:

1. Locate the command prompt to E: \ OpenSSL \ openssl-1.0.1g;

2. Input perl Configure VC-WIN64A -- perfix = E: \ OpenSSL \ openssl \ win64;

3. Input ms \ do_nasm;

4. Input ms \ do_win64a;

5. go to C: \ Program Files (x86) \ Microsoft Visual Studio 10.0 \ VC \ bin \ amd64 from the command prompt, and enter vcvars64.bat, settingenvironment for using Microsoft Visual Studio 2010x64 tools is displayed. if this step is not completed, nmake is not an internal or external command;

6. Locate the command prompt to E: \ OpenSSL \ openssl-1.0.1g again;

7. enter nmake-f ms \ nt. mak; after the execution, the out32 and tmp32 folders are generated under the openssl-1.0.1g directory, two static libraries and some execution files are generated in the out32 folder, and the corresponding assembly files are generated in the tmp32 folder;

8. Enter nmake-f ms \ nt. mak test. If passed all tests is displayed, the generated database is correct;

9. Enter nmake-f ms \ nt. mak install. Four folders, bin, include, lib, and ssl, will be generated in the E: \ OpenSSL \ openssl \ win64 directory;

10. The above compilation is the release library, if the debug library is compiled, the above 2nd steps in the VC-WIN64A into a debug-VC-WIN64A;

11. If the dynamic library is compiled, replace ms \ nt. mak with ms \ ntdll. mak;

12. If a library without Assembly support is generated, replace the above 2nd steps with perl Configure VC-WIN64A no-asm -- prefix = E: \ OpenSSL \ openssl \ win64;

13. Include the appropriate Assembly file in the E: \ OpenSSL \ openssl-1.0.1g \ tmp32 folder.

For more details, please continue to read the highlights on the next page: