OpenSSL Service: Open source implementation of SSL, official site www.openssl.org
Composition
Libcrypto: Universal Encryption Library
Implementation Library of Libssl:tls/ssl
Session-based TLS/SSL library for identity authentication, data confidentiality, and session integrity
OpenSSL: Multi-purpose Command tool
You can implement a private certification authority
OpenSSL Common subcommands:
OpenSSLversion: viewing versions of OpenSSL
[email protected] named]# OpenSSL versionopenssl 0.9.8e-fips-rhel5 Jul 2008
OpenSSL speed One-way encryption algorithm : One-way encryption algorithm Velocimetry
[[Email protected] named]# openssl speed md5 doing md5 for 3s on 16 size blocks: 4905896 md5 ' S in 3.00sdoing md5 for 3s on 64 size blocks: 4222480 md5 ' s in 2.99sdoing md5 For 3s on 256 size blocks: 2771350 md5 ' S in 3.00sdoing md5 for 3s on 1024 size blocks: 1160221 md5 ' s in 3.00sDoing md5 for 3s on 8192 size blocks: 178612 md5 ' s in 3.00sopenssl 0.9.8e-fips-rhel5 01 jul 2008built on: wed jan 18 10:10:56 est 2012options:bn (64,32) md2 (int)  RC4 (idx,int) des (Ptr,risc1,16,long) AES (partial) blowfish (IDX) compiler: gcc -fpic -dopenssl_pic -dzlib - dopenssl_threads -d_reentrant -ddso_dlfcn -dhave_dlfcn_h -dkrb5_mit -i/usr/kerberos/include -dl_endian -dtermio -wall -o2 -g -pipe -wall -wp,-d_fortify_source=2 -fexceptions - fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=generic - Fasynchronous-unwind-tables -wa,--noexecstack -dopenssl_use_new_functions -fno-strict-aliasing -dopenssl_bn_asm_part_words -dopenssl_ia32_sse2 -dopenssl_bn_asm_mont -dsha1_asm - dmd5_asm -drmd160_asm -daes_asmavailable timing options: times timeb hz=100 [sysconf value]timing function used: timesThe ' numbers ' are in 1000s of bytes per second processed.type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytesmd5 26164.78k 90380.84k 236488.53k 396022.10k 487729.83k
OpenSSL enc
-Encryption algorithm
-E: Encryption
-D: Decryption
-salt: Add salt, default option
-A: Encryption results are base64 converted and Base64 decoded before decryption
-in/path/to/file: Specify input file, default to standard input
-out/path/to/file: Specify output file, default to standard output
Example: OpenSSL enc-des3-e-salt-a-in/etc/inittab-out ~/inittab.des3
OpenSSL dgst-one-way secret algorithm/path/to/file
Example: OpenSSL dgst-sha1/etc/inittab
[email protected] named]# OpenSSL dgst-sha1/etc/inittabsha1 (/etc/inittab) = 78ef239097844c223671e99a79d6b533dced8d3b
OpenSSL passwd-#-salt xxxxxxxx: Generating an encrypted cipher string
[email protected] named]# OpenSSL passwd-1-salt 12345678Password: $1$12345678$c3c9l9h37oiwjagmmnmur0
OpenSSLrand-base64 #: Generates a random number of # bits
[[email protected] named]# OpenSSL rand-base64 10qdasm9kqtvntgq==[[email protected] named]# OpenSSL rand-base64 10nNyIpy ge2qmnsg==
OpenSSL Genrsa #: Specifies the key for the output # bit, default 512 bits
-out/path/to/file: Specify Output file
Content included in the X509 certificate:
Public key Information
Certificate Validity period
Information of the legal owner of the certificate
The purpose of the certificate and how it is used
Information about the CA
Signature of the CA
OpenSSL implements a private CA:
1. Server-side generation CA self-signed certificate
Cd/etc/pki/ca
(Umask 077;openssl genrsa-out Private/cakey.pem #): Generate # Bits of private key file in the specified directory, default 512-bit
OpenSSL req-new-x509-key/private/cakey.pem-out CACERT.PEM: Generate CA self-signed certificate
OpenSSL x509-text-in Cacert.pem: View certificates
mkdir certs Newcerts CRL
Touch Index.text Serial
echo > Serial
2. Client-generated certificate request
Cd/etc/httpd/ssl
(Umask 077;openssl genrsa-out httpd.key #): Generate client's private key file
OpenSSL req-new-key httpd.key-out HTTPD.CSR: Generate certificate request for client
3. Server-side sign the client's certificate request and return it to the client
OpenSSL ca-in httpd.csr-out httpd.crt: Signature Instructions
Linux Learning Notes < 25 >--OPENSSL Services