Introduction to enterprise data encryption in open-source systems (1)

Technical Analysis of Data Protection

In enterprise data protection technology, there are two categories in essence: Data Encryption and data leakage prevention. The former is to solve the confidentiality and consistency of data. In general, it is to prevent people who are not supposed to see the data and tamper with the data. The latter is mainly to solve the confidentiality of the data, it is used to distribute data in a targeted manner and control data circulation channels. In essence, it is also used to prevent data from being obtained by illegal or unexpected users.

This year, many user account leaks, confidential data leaks, and other security events are caused by the following reasons:

Unencrypted data: data is intentionally stolen and captured in transmission channels, such as wired networks and Wi-Fi networks, or on physical servers, such as CSDN user account leakage. If the data is encrypted, hackers and illegal users can capture and steal the encrypted data;

Data leakage prevention: After data is transmitted through USB, email, instant messaging, and other media and channels, it cannot be ensured that data can only be accessed by authorized users, this leads to indirect leaks.

This article will address the first issue above and introduce in detail how enterprises can use open-source tools for data encryption.

Use GnuPG to encrypt Application Data

With the development of network and computer technology, the security of data storage and data exchange has become more and more important. encryption technology has been used for data storage and data exchange for a long time. GnuPGGNU Privacy Guard is a set of tools used to encrypt data and create certificates. Its role is similar to that of PGP. However, PGP uses a number of patented algorithms, which are listed in the "Notorious" US encryption export restrictions. GnuPG is a GPL software that does not use any patented encryption algorithm, so it has more freedom to use it.

Specifically, GnuPG is a set of tools for secure communication and data storage. It can be used for data encryption and digital signature. In terms of functionality, it is the same as PGP. Because PGP uses the IDEA patent algorithm, using PGP may cause license issues. However, GnuPG does not use this algorithm, so there is no limit for users to use GnuPG. GnuPG uses asymmetric encryption algorithms to ensure high security. Asymmetric encryption algorithms mean that every user has a pair of keys: public keys and private keys. The key is saved by the user, and the Public Key is distributed to others as much as possible to facilitate communication between users. The software can be downloaded and installed from the website http://www.gnupg.org.

1. Install GnuPG

Many open-source systems already have their own GnuPG software installation packages. You can choose to install them during system installation or later installation. Generally, there will be two installed GnuPG packages in the system, one is GnuPG 1.xand the other is GnuPG 2.x. The latter is the latest stable version of GnuPG. It is compatible with OpenPGP and S/MIME and does not conflict with the installed 1.x series. Compared with the 1.x series, because some new functions support the addition of S/MIME, the running time and package size are larger than those of the 1.x series. But in terms of function implementation, it is almost the same as 1.x. In order to explain and discuss the effectiveness and consistency, this series will use the GnuPG 1. x Series for explanation.