OpenSSL (1)
Transport Layer protocol: TCP,UDP,SCTP
Port: Process address, the process registers with the kernel using a port (exclusive)
interprocess communication on the same host: IPC, Message queue, SHM, Semerphor
interprocess communication for different hosts: socket
Cip:port <----> sip:port
cip:55673 <----> sip:80
Listening mode: LISTEN (Ip:port)
Ssl:secure Sockets Layer
HTTP--SSL--and HTTPS
The goal of security:
Confidentiality: Confidentiality
Completeness: Integrity
Availability: Availability
Attack Type:
Threat privacy attacks: eavesdropping, traffic analysis;
Threat integrity attacks: change, disguise, replay, deny
Attack on threat Availability: Denial of service (DoS)
Solution:
Technology (encryption and decryption), services (services to protect against attacks, that is, security services specifically designed for the above-mentioned security objectives)
Encryption and decryption:
Traditional encryption Method: Alternative encryption method and substitution encryption method
Modern encryption Method: Modern Block encryption method
Service:
Authentication mechanism
Access control mechanism
Key algorithms and protocols
Symmetric encryption
Public Key Cryptography
One-way encryption
Authentication protocol
Linux systems: OpenSSL (SSL), GPG (PGP)
OpenSSL is made up of three parts:
Libencrypto Library
LIBSSL Library
OpenSSL multipurpose command-line tools
Cryptographic algorithms and protocols:
Symmetric encryption: Encryption and decryption using the same key;
Des:data Encryption Standard;
3des:triple DES;
aes:advanced Encryption Standard; (128bits, 192bits, 256bits, 384bits)
Blowfish
Twofish
Idea
RC6
CAST5
Characteristics:
1, encryption, decryption using the same key;
2, the original data is divided into fixed-size blocks, one by one encryption;
Defects:
1, too many keys;
2, key distribution difficulties;
Public key cryptography: keys are divided into public and private keys
Public key: Extracted from the private key; available to all; PubKey
Private key: Created by the tool, the user is retained by himself and must be kept private; secret key;
Features: Data encrypted with the public key can only be decrypted with the private key to which it is paired, and vice versa;
Use:
Digital signature: The main purpose is to let the receiver confirm the identity of the sender;
Key exchange: The sender encrypts a symmetric key with the other's public key and sends it to the other party;
Data encryption
Algorithms: RSA, DSA, ELGamal
Dss:digital Signature Standard
Dsa:digital Signature algorithm
One-way encryption: The data fingerprint is presented, can only be encrypted, not decrypted;
Characteristics: fixed-length output, avalanche effect;
function: completeness;
Algorithm:
Md5:message Digest 5, 128bits
Sha1:secure Hash algorithm 1, 160bits
sha224, sha256, sha384, sha512
Key exchange: IKE (Internet key Exchange)
Public Key Cryptography
DH (Deffie-hellman)
A:p, G
B:p, G
A:x
-P^x%g ==> B
A: (p^y%g) ^x=p^yx%g
B:y
-P^y%g ==> A
B: (p^x%g) ^y=p^xy%g
Pki:public Key Infrastructure
Public Key Infrastructure:
Visa agency: CA
Registration Authority: RA
Certificate Revocation list: CRL
Certificate Access Library:
X.509v3: Defines the structure of the certificate and the standard of the authentication protocol
Version number
Serial number
Signature Algorithm ID
Issuer Name
Validity period
Principal Name
Principal public key
Issuer's unique identity
The unique identity of the subject
Extended
Issuer's signature
Ssl:secure Sockets Layer
netscape:1994
V1.0, V2.0, V3.0
Tls:transport Layer Security
ietf:1999
V1.0, V1.1, V1.2, V1.3
Layered design:
1, the bottom: the implementation of the basic algorithm primitives, AES, RSA, MD5
2, up a layer: the realization of various algorithms;
3, and then up a layer: the combined algorithm to achieve semi-finished products;
4, with a variety of components assembled into a variety of product cryptography protocol software;
Open source implementation of the Agreement: OpenSSL
OpenSSL for Linux Services (i)