Introduction to OpenSSL and compilation steps on Windows, Linux, Mac Systems

Source: Internet
Author: User
Tags sha1 asymmetric encryption

OpenSSL introduction : OpenSSL is a powerful Secure Sockets Layer cipher library that includes key cryptographic algorithms, common key and certificate encapsulation management functions and SSL protocols, and provides a rich set of applications for testing or other purposes.

SSL is an abbreviation for the securesockets layer (Secure Sockets Layer protocol) that can provide covert transmission over the Internet. The goal is to ensure the confidentiality and reliability of communication between two applications, enabling simultaneous support both on the server side and on the client side. has become an industry standard for secure communications on the Internet.

The Secure Sockets Layer protocol enables communication between user/server applications to be intercepted by attackers, always authenticating the server, and optionally authenticating users. The SSL protocol is required to be based on a reliable Transport Layer protocol (TCP). The advantage of the SSL protocol is that it is independent of the application-layer protocol, and that high-level application-layer protocols (for example, HTTP, FTP, Telnet, etc.) can be transparently built on top of the SSL protocol. The SSL protocol has completed the encryption algorithm, the communication key negotiation and the server authentication work before the application layer protocol communication. After this, the data transmitted by the application layer protocol will be encrypted, thus guaranteeing the privacy of the communication.

SSL protocol provides a security channel has three features: (1), the confidentiality of data: Information encryption is to use the plaintext input file encryption algorithm into encrypted files to achieve the confidentiality of data. The encryption process requires a key to encrypt the data and then decrypt it. Without the key, you cannot unlock the encrypted data. After the data is encrypted, only the keys are sent in a secure way. Encrypted data can be transmitted in a public manner. (2), data integrity: Encryption can also ensure consistency of data. For example, the message Verification Code (MAC), the ability to verify user-provided encryption information, the receiver can use the MAC to verify the encrypted data, to ensure that the data has not been tampered with during transmission. (3), Security authentication: Another use of encryption is used as a personal identity, the user's key can be used as his security authentication identification. SSL is a cryptographic protocol that leverages public key cryptography (RSA) as the encrypted communication protocol between the client and server when transmitting confidential information.

OpenSSL uses the C language as the development language, which enables OpenSSL to have excellent cross-platform performance. OpenSSL supports Linux, Windows, BSD, MAC, VMS and other platforms.

The entire OpenSSL package can be divided into three main functional parts: The SSL protocol library, the application, and the cryptographic algorithm library.

OpenSSL also provides a complete set of workarounds and support API functions for the generation and management of random numbers. The quality of random numbers is an important precondition to determine whether a key is safe or not.

OpenSSL also provides additional accessibility features, such as the API for generating keys from passwords, the configuration file mechanism in certificate issuance and management, and so on.

OpenSSL provides methods, functions, and applications that generate a variety of public key pairs and symmetric keys, while providing DER codec functionality for public and private keys. OpenSSL provides cryptographic protection of the private key in the standard so that the key can be stored and distributed securely.

OpenSSL provides a total of 8 symmetric encryption algorithms, of which 7 are packet encryption algorithms, the only one stream encryption algorithm is RC4. These 7 packet encryption algorithms are AES, DES, Blowfish, CAST, Idea, RC2, RC5, all supporting electronic cipher mode (ECB) , encrypted packet link mode (CBC), cryptographic feedback mode (CFB), and output feedback mode (OFB) four commonly used block cipher encryption modes. Where AES uses the cryptographic feedback mode (CFB) and output feedback mode (OFB) packet length is 128 bits, the other algorithm uses 64 bits.

OpenSSL has implemented 4 asymmetric encryption algorithms, including the DH algorithm, the RSA algorithm DSA algorithm and the Elliptic Curve algorithm (EC). The DH algorithm is generally used for key exchange. The RSA algorithm can be used either for key exchange or for digital signatures. The DSA algorithm is generally used only for digital signatures.

OpenSSL implements 5 information digest algorithms, namely MD2, MD5, MDC2, SHA (SHA1), and RIPEMD. The SHA algorithm actually includes two kinds of information digest algorithms in Sha and SHA1. In addition, OpenSSL implements two kinds of information digest algorithms DSS and DSS1, which are stipulated in the DSS standard.

OpenSSL's applications primarily include key generation, certificate management, format conversion, data encryption and signing, SSL testing, and other auxiliary configuration features.

The engine mechanism is designed to enable OpenSSL to transparently encrypt using a software encryption library provided by a third party or a hardware encryption device.

The compile steps for OpenSSL Win32 in Windows7 64bit + vs2010 :

1. Download the openssl-1.0.1g version of the OpenSSL source code from https://www.openssl.org/source/;

2. Download the ActivePerl5.16.3 x64 from Http://www.activestate.com/activeperl/downloads (ActivePerl is a script interpreter for Perl);

3. Install ActivePerl into the D:\ProgramFiles\Perl64 directory, open a command prompt, locate it in the D:\ProgramFiles\Perl64\eg directory, execute Perl example.pl, and if prompted Hello fromactiveperl! The Perl installation is successful, and you can begin to install the OpenSSL using the relevant Perl commands.

4. Unzip the openssl-1.0.1g into the E:\OpenSSL\openssl-1.0.1g directory;

5. Download Nasm 2.07 from http://sourceforge.net/projects/nasm/, install it in D:\ProgramFiles\NASM, and D:\ProgramFiles\ NASM added to the system environment variable path;

6. Locate the command prompt to E:\OpenSSL\openssl-1.0.1g;

7. Enter the Perl Configure vc-win32--perfix=e:\openssl\openssl (install it to E:\OPENSSL\OPENSSL);

8. Enter ms\do_nasm;

9. Locate the command prompt to C:\Program Files (x86) \microsoft Visual Studio 10.0\vc\bin, and then enter Vcvars32.bat to display settingenvironment fo R using Microsoft Visual Studio x86 tools. Without this step, NMAKE is not an internal or external command;

10. Position the command prompt again to E:\OpenSSL\openssl-1.0.1g;

11. Enter nmake–f Ms\ntdll.mak; after execution, a Out32dll folder is generated in the OPENSSL-1.0.1G directory with some static libraries, dynamic libraries, and. exe files.

12. Enter Nmake-f Ms\ntdll.mak test; If the final display passed all tests the resulting library is correct;

13. Enter Nmake-f Ms\ntdll.mak Install, the bin, include, LIB, SSL four folders will be generated in the E:\OPENSSL\OPENSSL directory;

14. The above compiled is the release library, if compiled debug library, then the 7th step in the above Vc-win32 to Debug-vc-win32 can be changed;

15. If compiling the static library, replace the Ms\ntdll.mak with Ms\nt.mak.

16. If you generate a library without assembly support, you will need to replace the 7th and 8 steps above with Perl Configure Vc-win32 no-asm--prefix=e:\openssl\openssl and Ms\do_ms;

17. Include the corresponding assembly file under the E:\OpenSSL\openssl-1.0.1g\tmp32dll folder.

build the appropriate libraries and assembly files under Win64 :

1. Locate the command prompt to E:\OpenSSL\openssl-1.0.1g;

2. Enter Perl Configure vc-win64a--perfix=e:\openssl\openssl\win64;

3. Enter ms\do_nasm;

4. Enter ms\do_win64a;

5. Locate the command prompt to C:\Program Files (x86) \microsoft Visual Studio 10.0\vc\bin\amd64, and then enter Vcvars64.bat to display SETTINGENVIRONM ENT for using Microsoft Visual Studio x64 tools. Without this step, NMAKE is not an internal or external command;

6. Position the command prompt again to E:\OpenSSL\openssl-1.0.1g;

7. Enter nmake-f Ms\nt.mak; after execution, the Out32 and tmp32 two folders will be generated in openssl-1.0.1g directory, and two static libraries and some execution files will be generated in Out32 folder, and the corresponding assembly files will be generated in the TMP32 folder;

8. Enter Nmake-f Ms\nt.mak test; If the final display passed all tests the resulting library is correct;

9. Enter Nmake-f Ms\nt.mak Install, the bin, include, LIB, SSL four folders will be generated in the E:\OpenSSL\openssl\win64 directory;

10. The above compiled is the release library, if compiled debug library, then the 2nd step in the above vc-win64a to debug-vc-win64a can be changed;

11. If you compile the dynamic library, use Ms\ntdll.mak to replace the ms\nt.mak used above;

12. If you generate a library without assembly support, you need to replace the 2nd step above with Perl Configure vc-win64a no-asm--prefix=e:\openssl\openssl\win64;

13. Include the corresponding assembly file under the E:\OpenSSL\openssl-1.0.1g\tmp32 folder.

build the appropriate libraries and assembly files in the virtual machine Ubuntu 13.10 32bits :

1. Store the openssl-1.0.1g.tar.gz under the/home/spring/openssl;

2. Unzip the TAR-XZF openssl-1.0.1g.tar.gz;

3. The terminal is located in the openssl-1.0.1g directory;

4. Execute the./config--prefix=/home/spring/openssl/openssl/linux32 (Install it in the/home/spring/openssl/linux32 directory);

5. Implementation./config-t;

6. Execute make depend;

7. Execute make (LIBCRYPTO.A and LIBSSL.A two static libraries will be generated under the/OPENSSL-1.0.1G directory);

8. Execute make test (if the show all TESTS successful indicates that the generated library is correct);

9. Execute make install (will generate bin, include, LIB, SSL four folders in the/openssl/linux32 directory);

10. The above generates a static library under release, to generate a static library under debug, simply change the 4th step to./config--prefix=/home/spring/openssl/openssl/linux32-g3;

11. To generate the release dynamic library, simply change the 4th step to/config--prefix=/home/spring/openssl/openssl/linux32-shared, and generate the debug dynamic library by changing the 4th step to/ Config--prefix=/home/spring/openssl/openssl/linux32-g3-shared can be;

12. The files in the directory/openssl-1.0.1g/crypto contain the generated 32-bit assembly files.

build the appropriate libraries and assembly files in the virtual machine Ubuntu 13.10 64bits :

1. Store the openssl-1.0.1g.tar.gz under the/home/spring/openssl;

2. Unzip the TAR-XZF openssl-1.0.1g.tar.gz;

3. The terminal is located in the openssl-1.0.1g directory;

4. Execute the./config--prefix=/home/spring/openssl/openssl/linux64-g3 (Install it in the/home/spring/openssl/linux64 directory);

5. Implementation./config-t;

6. Execute make depend;

7. Execute make (LIBCRYPTO.A and LIBSSL.A two static libraries will be generated under the/OPENSSL-1.0.1G directory);

8. Execute make test (if the show all TESTS successful indicates that the generated library is correct);

9. Execute make install (will generate bin, include, LIB, SSL four folders in the/openssl/linux64 directory);

10. The above generates a static library under debug, to generate a static library under release, simply change the 4th step to./config--prefix=/home/spring/openssl/openssl/linux64;

11. To generate the release dynamic library, simply change the 4th step to/config--prefix=/home/spring/openssl/openssl/linux64-shared, and generate the debug dynamic library by changing the 4th step to/ Config--prefix=/home/spring/openssl/openssl/linux64-g3-shared can be;

12. The files in the directory/openssl-1.0.1g/crypto contain the generated 64-bit assembly files.

build the appropriate 32bits libraries and assembly files under virtual machine mac OS X 10.8.2 64bits :

Xcode 4.5 and command linetools!! have been installed on the virtual machine mac

1. Store the openssl-1.0.1g.tar.gz under the/users/spring/desktop/openssl;

2. Unzip the TAR-XZF openssl-1.0.1g.tar.gz;

3. The terminal is located in the openssl-1.0.1g directory;

4. Execute the./configure darwin-i386-cc-shared--prefix=/users/spring/desktop/openssl/openssl/mac32 (install it to/users/spring/de SKTOP/OPENSSL/OPENSSL/MAC32 directory);

5. Execute make (the corresponding static and dynamic libraries will be generated in the/openssl-1.0.1g directory);

6. Execute make test (if the show all TESTS successful indicates that the generated library is correct);

7. Execute make install (will generate bin, include, LIB, SSL four folders in the/OPENSSL/MAC32 directory);

8. The above generates a dynamic library under release, to generate a dynamic library under debug, simply change the 4th step to./configure darwin-i386-cc-shared--prefix=/users/spring/desktop/ope Nssl/openssl/mac32-g3 can be;

9. To generate the release static library, simply change the 4th step to./configure DARWIN-I386-CC--PREFIX=/USERS/SPRING/DESKTOP/OPENSSL/OPENSSL/MAC32 To generate the debug static library, simply change the 4th step to./CONFIGUREDARWIN-I386-CC--prefix=/users/spring/desktop/openssl/openssl/mac32-g3;

10. The files in the directory/openssl-1.0.1g/crypto contain the generated 32-bit assembly files.

build the appropriate 64bits libraries and assembly files under virtual machine mac OS X 10.8.2 64bits :

1. Store the openssl-1.0.1g.tar.gz under the/users/spring/desktop/openssl;

2. Unzip the TAR-XZF openssl-1.0.1g.tar.gz;

3. The terminal is located in the openssl-1.0.1g directory;

4. Execute the./configure darwin64-x86_64-cc--prefix=/users/spring/desktop/openssl/openssl/mac64 (install it to/users/spring/desk TOP/OPENSSL/OPENSSL/MAC64 directory);

5. Execute make (LIBSSL.A and libcrypto.a two static libraries will be generated under the/OPENSSL-1.0.1G directory);

6. Execute make test (if the show all TESTS successful indicates that the generated library is correct);

7. Execute make install (will generate bin, include, LIB, SSL four folders in the/OPENSSL/MAC64 directory);

8. The above generates a static library under release, to generate a dynamic library under debug, simply change the 4th step to./configure darwin64-x86_64-cc--prefix=/users/spring/desktop/openss L/openssl/mac64-g3 can be;

9. To generate the release dynamic library, simply change the 4th step to./configure darwin64-x86_64-cc-shared--prefix=/users/spring/desktop/openssl/openssl/ma C64 to generate the debug dynamic library, simply change the 4th step to./configuredarwin64-x86_64-cc-shared--prefix=/users/spring/desktop/openssl/openssl/ Mac64-g3 can be;

10. The files in the directory/openssl-1.0.1g/crypto contain the generated 64-bit assembly files.

You can also run the. pl file directly to generate the appropriate assembly file.

Reference documents:

1. Http://baike.baidu.com/view/300712.htm?fr=aladdin

2. Install.w32, INSTALL in the source code. W64 file

Introduction to OpenSSL and compilation steps on Windows, Linux, Mac Systems

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.