Introduction to OpenSSl

Article title: Introduction to OpenSSl. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
In linux, we often see a package called openssl-x.x.rpm, maybe many people think it is related to ssl, right! However, it is far from complete. openssl not only implements some ssl interfaces, but also covers the contents from the underlying symmetric and asymmetric encryption algorithms to the PKCS (Public Key Infrastrature) built on it) the implementation of interfaces (including X509 certificate, PKCS standard, and ASN.1) is all-needed, and even an example of CA is provided. The openssl package is composed of two parts: ssleay and openssl. The relationship between the two is that ssleay is a set of interface libraries, and openssl is an application built on the library interface. Today, openssl is also available in version 0.95, with more and more functions. Ssleay itself is a cross-platform thing, mainly written in standard C. It does not have to be said to support Linux itself. it is supported by most other Unix and WINNT systems, ssleay is a good choice for information security applications on different platforms. Now let's take a closer look at the functions and applications of openssl.
Ssleay in the openssl package is the core of the entire package. The ssleay encryption library involves a wide range, a complete set of functions, reasonable logic, and complex structure (which is also an advantage? Maybe the benevolent and wise may see wisdom. the complexity is that it contains more than 2000 interfaces and has repeated functions, but it will be convenient if the functions are familiar ), eric. young and Tim J. hudson is amazing. Ssleay implements common des, idea, rc2, rc4, rc5, blowfish, and CAST symmetric encryption algorithms, and implements RSA, DH, and DSA in asymmetric algorithms. MD2, MD5, SHA, SHA-1, RIPEMD, and MDC2 in the HA algorithm. From these algorithms alone, we can use it to build various data encryption applications and PKCS interfaces. More valuable, it breaks the restriction on the export of U. S. products that do not allow strong encryption. With ssleay, we can replace the low-intensity encryption library provided by Microsoft to encrypt applications, and develop our own applications by using ssleay, we can achieve ssl 128 or higher data encryption.
Ssleay implements symmetric, asymmetric, and Ha-thin encryption algorithms. Generally, standard algorithms are included, such as des, idea, md5, sha-1, rsa, and dsa. At the same time, the encryption modes of the same algorithm are also basically implemented at the same time. for example, the des encryption algorithm not only implements the block encryption Mode ECB (Electronic Codebook Mode) and CBC (Cipher Block Chaining Mode), and also implement the CFB (Cipher Feedback Mode) and OFB (Output Feedback Mode) of stream encryption ). These algorithms are basically stored in the source file unwrapped by the openssl package in an independent form. Therefore, if we are doing our own application, if you want to use algorithms such as encryption, base64 encoding, and MD5, you can easily extract the set provided by ssleay and directly use the ready-made code to serve our own programs, in fact, this is also an aspect of the idea of free software, that is, the reuse of code.
Ssleay not only provides the implementation of these underlying encryption algorithms, but also implements most PKCS (Public Key Cryptographic Standard) standards. PKCS is a set of public key encryption standards proposed by RSA. it mainly serves to regulate the processing of encryption algorithms, regulate digital certificates, data encapsulation, and digital signatures, and some standards for personal private information protection. Ssleay's PKCS1 (RSA encryption algorithm description), PKCS3 (Diffie-Hellmen Key Agreement), PKCS5 (password-based encryption standard), and PKCS6 (Extended Certificate Syntax Standard) PKCS7, PKCS8, PKCS10, and PKCS12. PKCS is used to build PKI. With the implementation of PKCS provided by ssleay, we can easily apply for and issue standard digital certificates and personal information (such as certificates and private keys) in PKI applications) security and standard storage, as standard, general data encryption, data blocking, data signature information format.
In terms of structure, ssleay is divided into three layers, the bottom is the implementation of various encryption algorithms, and the middle is the abstract interface of encryption algorithms, it classifies various algorithms based on symmetric, asymmetric, and ha algorithm and then gives a set of simple interfaces accordingly. The above is the implementation of PKCS around the encryption algorithm. Ssleay not only implements PKCS, but also provides DER-encoded interfaces for describing PKCS using ASN.1 abstraction, so that these abstract data structures can finally be transmitted over the network, data that can be stored on the hard disk.
As mentioned at the beginning of this article, ssleay also provides support for ssl, which includes a set of ssl interfaces that allow us to easily establish a secure sockets layer for secure data transmission. Repeat it again here. using these interfaces provided by ssleay, you can set the length of the encryption key to 128 bits in an ssl connection. if you like it, you can set the length to 192 bits.
After the openssl source program is compiled and installed, we not only get two useful library files libcrypto. a and libssl. a. It also contains an example of a very complete function provided by the two libraries, that is, the openssl executable file and other auxiliary files, the functions completed in this example include key pair generation, certificate application, certificate issuance, certificate revocation, certificate revocation list processing, data encryption, and verification. It can be said that it is itself an example of a CA. The only drawback is that there is no document on how to use this program. it can only be used in the prompts printed by the program.
The above is just a general introduction. In fact, openssl is very complicated. if you have a thorough understanding of the program, you need to have a wealth of information security knowledge. In terms of functionality, openssl is the most comprehensive set of interfaces I have ever seen. it makes you think it is a collection of information security. Because ssleay has such powerful functions and open source code, it is used by people with various purposes for their own purposes. the license of openssl is the combination of Ssleay license and Openssl license, the two licenses are actually bsd-type licenses. according to the instructions in the license, openssl can be used for various commercial and non-commercial purposes, but it must comply with some agreements. In fact, this is to protect the rights of free software authors and their works. If others want to develop on ssleay or openssl, they must abide by these two licenses. However, there are still a large number of manufacturers that are drawing the free software blood, and they have changed their faces and plagiarized themselves. But if you want to do something related to encryption, my recommendation is still -- openssll.