Introduction to openssl and cryptlib

Source: Internet
Author: User

Openssl is mainly for the implementation of the SSL protocol, and the SSL function is very perfect. the algorithm library is only an additional part. openssl is divided into three main parts. the SSL library, encrypted library, and Application Section are currently used by many users (change to your own product or re-develop). If you want to quickly get started with encryption applications, understanding the structure of openssl is helpful.

I use Cryptlib a little less, and I feel that it is mainly for the implementation of encryption and decryption algorithms. What does the SSL protocol seem to involve?
Yes.

In terms of code: Openssl is written in standard C, and the structure is chaotic. The function modules of the source program are not easily separated, and the code is not easy to read.
Understanding: Calling relationships are confusing. Cryptlib is organized by class. The structure is clear and the code is separated.
It's much easier.

Suggestion: if you do not need the SSL protocol, we recommend that you use Cryptlib to implement your own algorithms more easily.

Openssl is a good choice if it involves SSL protocols and other security standards and does not want to do too much work, but it is necessary to study its terrible source code in its initial stage.

Ssl encryption process: compression --- mac --- symmetric encryption --- TCP/IP

========================================================== ========================================================== ==========
Currently, openssl and cryptlib are popular in open-source encryption libraries. This article will compare these two libraries based on your understanding and hope they will be useful to you. The construction ideas and objectives of these two databases are not the same. openssl is mainly used to implement the SSL/TLS protocol. The SSL function is perfect, and the algorithm library is only a necessary part. Of course, it is also a very important and complete part. Crypylib implements encryption algorithms and related encoding standards.
[Composition and features of openssl]
OpenSSL is an excellent SSL/TLS open source software package. It includes three parts: the SSL library, the encryption algorithm library, and the application program. It also provides test programs and some application examples, implements the SSL/TLS Protocol and related PKI standards. Because OpenSSL was developed earlier, it uses C language as the programming language. However, many object-oriented ideas can be found in OpenSSL, such as bio encapsulation, which is a typical example. It may be a bit difficult for technical personnel who have just started to contact OpenSSL because the structure of OpenSSL is very large. Even if they have to read the incomplete documentation, the workload is very huge. We recommend that you start using some of the applications provided by OpenSSL, except for some basic cryptography and PKI concepts. In fact, OpenSSL applications have been well developed, and many CAs are built on these foundations.
For many people, OpenSSL applications are sufficient to complete the functions they need. OpenSSL applications mainly provide the following functions:
1. Generation and format conversion of various types of keys and key parameters
2. Data encryption using various encryption algorithms
3. Certificate requests, certificate generation and issuance, and certificate conversion functions related to other standards, implementing a ca Function
4. Information Digest algorithm and its related encoding implementation
5. the SSL protocol simulates the implementation of the client and server, and can be used to test the SSL server and the ssl client program.
[Composition and features of cryptlib]
Cryptlib implements various public key algorithms, symmetric encryption algorithms, digital signature algorithms, information digest algorithms, and other related algorithms. It is written in C ++. Because it is an object-oriented language, it is easier for beginners to understand its structure. The Library does not provide applications, but provides applications as library functions. Because of the C ++ object-oriented idea, the algorithm stripping is easier than OpenSSL. For technical personnel who do not need to involve the SSL protocol, using the library function application is a good choice.
[Application Status Quo and suggestions]
Currently, many CAs and other PKI commercial programs are developed based on openssl. The development based on openssl features a short period of time and powerful functions. Cryptlib is only limited to encryption algorithms, so it is not widely used in openssl. However, this is a better choice for encryption algorithms.
We recommend that you use openssl if your application involves PKI protocols such as SSL. If you only apply some encryption algorithms, we recommend that you use Cryptlib.

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.