OpenSSL encrypts, decrypts, and establishes a private CA

OpenSSL: Commonly known as Secure sockets

it can achieve Data encryption:

SSL is all called: Secure Socket Layer can provide secret transmission on the Internet, the goal is to ensure the confidentiality and reliability of two application communication, SSL can make communication between user/server application is not intercepted by the attacker, The server is always authenticated and the user is optionally authenticated. The SSL protocol is required to be based on a reliable Transport Layer protocol (TCP). The SSL protocol has completed the encryption algorithm, the communication key negotiation and the server authentication work before the application layer protocol communication. After this, the data transmitted by the application layer protocol will be encrypted, thus guaranteeing the privacy of the communication.

I. Types and corresponding algorithms of OpenSSL encryption and decryption

1, symmetric encryption: Using the same algorithm with a password to encrypt the data decryption;

Algorithms: DES, 3DES, AES, Blowfish, towfish, Idea, RC6, CAST5

2, asymmetric encryption of public key cryptography: The public key is extracted from the private key, the use of private key encrypted files, can only use the public key decryption, and vice versa;

Algorithms: RSA, DSA, ELGamal, DH

3, asymmetric encryption of one-way encryption: can only be encrypted, not decrypted, to extract the data signature.

Algorithms: MD5, SHA series 256, 384, 512, 128

Ii. the process of encrypting the communication at one time by OpenSSL:

Sent by:

1. Extracting data signatures using a one-way encryption algorithm

2. Use your own private key encryption signature attached to the data behind

3. Generate a temporary key for symmetric encryption

4. Encrypt the data with this temporary key and the signature after it has been encrypted with the private key

5. Encrypt this temporary key with the receiver's public key, append to the symmetric encrypted data and put

Accepted by:

1. Use your own private key to decrypt the encrypted temporary key to obtain the symmetric key

2. Use symmetric key to decrypt symmetric encrypted data and private key encryption of the signature ciphertext, to obtain data and signature ciphertext 3. Use the public key sent by the other side to decrypt the signature cipher to obtain the data signature

4. Use the same Dangxiang encryption algorithm as the other side to calculate the data signature and compare it with the decrypted signature code.

Third, OpenSSL

OpenSSL is a powerful Secure Sockets Layer cipher library that includes key cryptographic algorithms, common key and certificate encapsulation management functions, and SSL protocols, and provides a rich set of applications for testing or other purposes.

1. Part:

(1) Libcrypto: Encrypt and decrypt the library file;

(2) LIBSSL:SSL Protocol implementation

(3) OpenSSL: Multi-purpose command-line tool, each with a dedicated sub-command to achieve

2.OPENSSL Command use Format

OpenSSL command [options] [csr_file] [options] [crt_file] [options]

#openssl + subcommands + options + parameters

3. Classification of commands:

Standard Commands

Message Digest Command

encrypt and decrypt related commands

4. You can view subcommands by entering OpenSSL a carriage return

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/6E/30/wKiom1V1p77Aiy0KAABKjKQMUow949.jpg "title=" 90a384cc-968e-4ec7-836c-340654cd3040.png "alt=" Wkiom1v1p77aiy0kaabkjkqmuow949.jpg "/>

You can use the man command again to see the use of subcommands

Iv. encrypting and decrypting files using OpenSSL

1. Symmetric encryption

Using the ENC tool:

Encryption: # OpenSSL enc-e-ciphername-a-salt-in/path/from/somefile-out/path/to/somecipherfile      

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/6E/2C/wKioL1V1sLzj-HfJAABp862D_oE289.jpg "title=" F7d5a95f-776e-4b6c-befc-2fbc5acfc0e4.png "alt=" Wkiol1v1slzj-hfjaabp862d_oe289.jpg "/>

decryption: # OpenSSL enc-d-ciphername-a-salt-in/path/from/somecipherfile-out/path/to/somefile

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M02/6E/30/wKiom 1v1rscbynklaack-nuy-oy911.jpg "title=" 529ee0bc-a370-490b-b736-b875a1398e03.png "alt=" Wkiom1v1rscbynklaack-nuy-oy911.jpg "/>

One-way encryption:

Extracting file signatures

# OpenSSL Dgst-cipher/path/to/somefile ...

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/6E/2C/wKioL1V1saiQXomIAAA9WWju2As596.jpg "title=" Ea384430-e389-451c-bc6d-cec509c44fb1.png "alt=" Wkiol1v1saiqxomiaaa9wwju2as596.jpg "/>

Generate User password:

# OpenSSL passwd-1-salt 8bits random number

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/6E/2C/wKioL1V1sjTyjBhiAAA_ZaBhOfY437.jpg "title=" 58ed1559-e58c-4cd8-b6e8-c8c525677957.png "alt=" Wkiol1v1sjtyjbhiaaa_zabhofy437.jpg "/>

-1 : Default is MD5 algorithm

Generate random Number:

# OpenSSL Rand-hex|-base64 NUM

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/6E/30/wKiom1V1seWABjT3AABBGiuaZfs152.jpg "title=" 7891372.png "alt=" Wkiom1v1sewabjt3aabbgiuazfs152.jpg "/>

                                         -base64 : Text encoding

NUM: number of generated bits

You can use the generated random number to generate a password:

                  650) this.width=650; src=/e/u261/themes/default/images/spacer.gif "border=" 0 "style=" background:url ("/e/u261/lang/zh-cn/images/localimage.png") no-repeat center;border:1px solid # DDD; "alt=" Spacer.gif "/>  650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/6E/30/wKiom1V1smfh4NHTAACbqCbf5c8086.jpg "title= "5ee131fd-1c53-4d3c-bd1a-318eb29b8698.png" alt= "wkiom1v1smfh4nhtaacbqcbf5c8086.jpg"/>       

Secret code automatically saved in/etc/shadow

Public Key Cryptography to generate a key pair:

Operating procedure: Generating a private key

# OpenSSL genrsa-out/path/to/private_keyfile num_bits

                                     650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/6E/2C/wKioL1V1tlbgXlmeAACNLG-gzg4278.jpg "title=" 8fb8a552-45e0-4a12-aee8-1763ab80c9aa.png "alt=" wkiol1v1tlbgxlmeaacnlg-gzg4278.jpg "/>            To manually extract the public key from the private key:

# OpenSSL Rsa-in/path/from/private_key_file-pubout

650) this.width=650; "Src= " Http://s3.51cto.com/wyfs 02/m02/6e/2c/wkiol1v1txsxulgdaafd9-zyjqa858.jpg "title=" C71bc1bc-d98b-405b-9994-a0a1ce0e96f5.png "alt=" Wkiol1v1txsxulgdaafd9-zyjqa858.jpg "/>

OpenSSL encrypts, decrypts, and establishes a private CA