Linux Learning Notes < 25 >--OPENSSL Services

Source: Internet
Author: User
Tags base64 md5 openssl enc openssl x509 rand sha1

OpenSSL Service: Open source implementation of SSL, official site www.openssl.org

Composition

Libcrypto: Universal Encryption Library

Implementation Library of Libssl:tls/ssl

Session-based TLS/SSL library for identity authentication, data confidentiality, and session integrity

OpenSSL: Multi-purpose Command tool

You can implement a private certification authority


OpenSSL Common subcommands:

OpenSSLversion: viewing versions of OpenSSL

[email protected] named]# OpenSSL versionopenssl 0.9.8e-fips-rhel5 Jul 2008


OpenSSL speed One-way encryption algorithm : One-way encryption algorithm Velocimetry

[[Email protected] named]# openssl speed md5 doing md5 for 3s  on 16 size blocks: 4905896 md5 ' S in 3.00sdoing md5 for  3s on 64 size blocks: 4222480 md5 ' s in 2.99sdoing md5  For 3s on 256 size blocks: 2771350 md5 ' S in 3.00sdoing md5  for 3s on 1024 size blocks: 1160221 md5 ' s in 3.00sDoing  md5 for 3s on 8192 size blocks: 178612 md5 ' s in  3.00sopenssl 0.9.8e-fips-rhel5 01 jul 2008built on: wed jan 18  10:10:56 est 2012options:bn (64,32)  md2 (int) &NBSP;RC4 (idx,int)  des (Ptr,risc1,16,long)   AES (partial)  blowfish (IDX)  compiler: gcc -fpic -dopenssl_pic -dzlib - dopenssl_threads -d_reentrant -ddso_dlfcn -dhave_dlfcn_h -dkrb5_mit -i/usr/kerberos/include -dl_endian -dtermio  -wall -o2 -g -pipe -wall -wp,-d_fortify_source=2 -fexceptions - fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=generic - Fasynchronous-unwind-tables -wa,--noexecstack -dopenssl_use_new_functions -fno-strict-aliasing  -dopenssl_bn_asm_part_words -dopenssl_ia32_sse2 -dopenssl_bn_asm_mont -dsha1_asm - dmd5_asm -drmd160_asm -daes_asmavailable timing options: times timeb hz=100  [sysconf value]timing function used: timesThe  ' numbers '  are in  1000s of bytes per second processed.type              16 bytes     64 bytes     256 bytes   1024 bytes   8192 bytesmd5               26164.78k    90380.84k   236488.53k    396022.10k   487729.83k


OpenSSL enc

-Encryption algorithm

-E: Encryption

-D: Decryption

-salt: Add salt, default option

-A: Encryption results are base64 converted and Base64 decoded before decryption

-in/path/to/file: Specify input file, default to standard input

-out/path/to/file: Specify output file, default to standard output

Example: OpenSSL enc-des3-e-salt-a-in/etc/inittab-out ~/inittab.des3


OpenSSL dgst-one-way secret algorithm/path/to/file

Example: OpenSSL dgst-sha1/etc/inittab

[email protected] named]# OpenSSL dgst-sha1/etc/inittabsha1 (/etc/inittab) = 78ef239097844c223671e99a79d6b533dced8d3b


OpenSSL passwd-#-salt xxxxxxxx: Generating an encrypted cipher string

[email protected] named]# OpenSSL passwd-1-salt 12345678Password: $1$12345678$c3c9l9h37oiwjagmmnmur0


OpenSSLrand-base64 #: Generates a random number of # bits

[[email protected] named]# OpenSSL rand-base64 10qdasm9kqtvntgq==[[email protected] named]# OpenSSL rand-base64 10nNyIpy ge2qmnsg==


OpenSSL Genrsa #: Specifies the key for the output # bit, default 512 bits

-out/path/to/file: Specify Output file


Content included in the X509 certificate:

Public key Information

Certificate Validity period

Information of the legal owner of the certificate

The purpose of the certificate and how it is used

Information about the CA

Signature of the CA


OpenSSL implements a private CA:

1. Server-side generation CA self-signed certificate

Cd/etc/pki/ca

(Umask 077;openssl genrsa-out Private/cakey.pem #): Generate # Bits of private key file in the specified directory, default 512-bit

OpenSSL req-new-x509-key/private/cakey.pem-out CACERT.PEM: Generate CA self-signed certificate

OpenSSL x509-text-in Cacert.pem: View certificates

mkdir certs Newcerts CRL

Touch Index.text Serial

echo > Serial


2. Client-generated certificate request

Cd/etc/httpd/ssl

(Umask 077;openssl genrsa-out httpd.key #): Generate client's private key file

OpenSSL req-new-key httpd.key-out HTTPD.CSR: Generate certificate request for client


3. Server-side sign the client's certificate request and return it to the client

OpenSSL ca-in httpd.csr-out httpd.crt: Signature Instructions



Linux Learning Notes < 25 >--OPENSSL Services

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.