Linux Learning Notes < 25 >--OPENSSL Services

Last Update:2015-08-20 Source: Internet

Author: User

Tags base64 md5 openssl enc openssl x509 rand sha1

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

OpenSSL Service: Open source implementation of SSL, official site www.openssl.org

Composition

Libcrypto: Universal Encryption Library

Implementation Library of Libssl:tls/ssl

Session-based TLS/SSL library for identity authentication, data confidentiality, and session integrity

OpenSSL: Multi-purpose Command tool

You can implement a private certification authority

OpenSSL Common subcommands:

OpenSSLversion: viewing versions of OpenSSL

[email protected] named]# OpenSSL versionopenssl 0.9.8e-fips-rhel5 Jul 2008

OpenSSL speed One-way encryption algorithm : One-way encryption algorithm Velocimetry

[[Email protected] named]# openssl speed md5 doing md5 for 3s  on 16 size blocks: 4905896 md5 ' S in 3.00sdoing md5 for  3s on 64 size blocks: 4222480 md5 ' s in 2.99sdoing md5  For 3s on 256 size blocks: 2771350 md5 ' S in 3.00sdoing md5  for 3s on 1024 size blocks: 1160221 md5 ' s in 3.00sDoing  md5 for 3s on 8192 size blocks: 178612 md5 ' s in  3.00sopenssl 0.9.8e-fips-rhel5 01 jul 2008built on: wed jan 18  10:10:56 est 2012options:bn (64,32)  md2 (int) &NBSP;RC4 (idx,int)  des (Ptr,risc1,16,long)   AES (partial)  blowfish (IDX)  compiler: gcc -fpic -dopenssl_pic -dzlib - dopenssl_threads -d_reentrant -ddso_dlfcn -dhave_dlfcn_h -dkrb5_mit -i/usr/kerberos/include -dl_endian -dtermio  -wall -o2 -g -pipe -wall -wp,-d_fortify_source=2 -fexceptions - fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=generic - Fasynchronous-unwind-tables -wa,--noexecstack -dopenssl_use_new_functions -fno-strict-aliasing  -dopenssl_bn_asm_part_words -dopenssl_ia32_sse2 -dopenssl_bn_asm_mont -dsha1_asm - dmd5_asm -drmd160_asm -daes_asmavailable timing options: times timeb hz=100  [sysconf value]timing function used: timesThe  ' numbers '  are in  1000s of bytes per second processed.type              16 bytes     64 bytes     256 bytes   1024 bytes   8192 bytesmd5               26164.78k    90380.84k   236488.53k    396022.10k   487729.83k

OpenSSL enc

-Encryption algorithm

-E: Encryption

-D: Decryption

-salt: Add salt, default option

-A: Encryption results are base64 converted and Base64 decoded before decryption

-in/path/to/file: Specify input file, default to standard input

-out/path/to/file: Specify output file, default to standard output

Example: OpenSSL enc-des3-e-salt-a-in/etc/inittab-out ~/inittab.des3

OpenSSL dgst-one-way secret algorithm/path/to/file

Example: OpenSSL dgst-sha1/etc/inittab

[email protected] named]# OpenSSL dgst-sha1/etc/inittabsha1 (/etc/inittab) = 78ef239097844c223671e99a79d6b533dced8d3b

OpenSSL passwd-#-salt xxxxxxxx: Generating an encrypted cipher string

[email protected] named]# OpenSSL passwd-1-salt 12345678Password: $1$12345678$c3c9l9h37oiwjagmmnmur0

OpenSSLrand-base64 #: Generates a random number of # bits

[[email protected] named]# OpenSSL rand-base64 10qdasm9kqtvntgq==[[email protected] named]# OpenSSL rand-base64 10nNyIpy ge2qmnsg==

OpenSSL Genrsa #: Specifies the key for the output # bit, default 512 bits

-out/path/to/file: Specify Output file

Content included in the X509 certificate:

Public key Information

Certificate Validity period

Information of the legal owner of the certificate

The purpose of the certificate and how it is used

Information about the CA

Signature of the CA

OpenSSL implements a private CA:

1. Server-side generation CA self-signed certificate

Cd/etc/pki/ca

(Umask 077;openssl genrsa-out Private/cakey.pem #): Generate # Bits of private key file in the specified directory, default 512-bit

OpenSSL req-new-x509-key/private/cakey.pem-out CACERT.PEM: Generate CA self-signed certificate

OpenSSL x509-text-in Cacert.pem: View certificates

mkdir certs Newcerts CRL

Touch Index.text Serial

echo > Serial

2. Client-generated certificate request

Cd/etc/httpd/ssl

(Umask 077;openssl genrsa-out httpd.key #): Generate client's private key file

OpenSSL req-new-key httpd.key-out HTTPD.CSR: Generate certificate request for client

3. Server-side sign the client's certificate request and return it to the client

OpenSSL ca-in httpd.csr-out httpd.crt: Signature Instructions

Linux Learning Notes < 25 >--OPENSSL Services

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More

Linux Learning Notes < 25 >--OPENSSL Services

Contact Us

What's Trending

Top 10 Tags

Top 10 Keywords

A Free Trial That Lets You Build Big!

Sales Support

After-Sales Support

Linux Learning Notes < 25 >--OPENSSL Services

Contact Us

What's Trending

Top 10 Tags

Top 10 Keywords

Trending Topic

A Free Trial That Lets You Build Big!

Sales Support

After-Sales Support