This article is the PHP Php_openssl.dll of the role of a detailed analysis of the introduction, the need for friends under the reference
I. OpenSSL INTRODUCTION
Data encryption is an important part of information transmission. Any information is transmitted in clear text, which is indeed a very unsafe practice. So,
The data needs to be encrypted. Converts plaintext data to ciphertext data and then transmits it.
OpenSSL is a set of cryptographic tools for the SSL/TLS protocol, which has the following functions:
1. Generate private keys.
2. Generate a certificate, a digital signature certificate, that contains a public key that can be used to encrypt and decrypt data in one direction. That is, data encrypted using the public key can only be used
Private key decryption. Data encrypted with the private key can be decrypted using the public key.
3. Summary of the calculation information.
4.SSL/TLS client and server-side testing.
5. Handling encryption of S/MIME tokens and messages.
Two. Introduction to encryption technology.
Encryption, the process of converting plaintext data into ciphertext data. To play a role in plaintext secrecy.
Encryption algorithm: An algorithm used in the process of data encryption. Converts plaintext to redaction.
Key: Encryption algorithm through the key with some kind of operation, the plaintext data encryption, generate encrypted data. When decrypting, the encryption algorithm passes the key,
Converts encrypted data to plaintext data.
Today's cryptography, encryption algorithms are public, that is, everyone knows how the encryption is used in the operation. But only using a key
Decryption of ciphertext. Therefore, the key protection is the core of data security.
Three. Introduction to the use of OpenSSL tools
1. Private key Generation method
Generate private keys, you can use different digital signature algorithms. The following are introduced separately;
#采用DSA算法
$ OpenSSL dsaparam-noout-out dsakey0.pem-genkey 1024
#采用RSA算法
$ OpenSSL genrsa-out Rsakey0.pem 1024
#采用RSA算法 and use password protection. When you generate the private key, you need to enter a password to protect the private key.
#在使用这个私钥进行加/decryption operation, you also need to enter this password.
$ OpenSSL genrsa-des3-out Rsakey1.pem 10242. Method of generating public key
To generate a public key based on the private key
#生成dsa算法的公钥
$ OpenSSL dsa-in dsakey0.pem-pubout-out Dsakey0-pub.pem
#生成rsa算法的公钥
$ OpenSSL rsa-in rsakey0.pem-pubout-out rsakey0-pub.pem3. Method of generating self-signed certificates
#产生DSA算法的证书
$ OpenSSL req-x509-key dsakey0.pem-days 365-out mycert-dsa.pem-new
#产生RSA算法的证书
$ OpenSSL req-x509-key rsakey0.pem-days 365-out mycert-rsa.pem-new
4. Use a certificate for message encryption
The contents of our clear letter:
$ cat Test.txt
111111
222222
333333
444444
Aaaaaa
use a certificate to encrypt plaintext letters to the Etest.txt file:
$ openssl smime-encrypt-in test.txt-out etest.txt MYCERT-RSA.PEM View encrypted ciphertext content:
$ cat Etest.txt
mime-version:1.0
Content-disposition:attachment; Filename= "smime.p7m"
Content-type:application/x-pkcs7-mime; Smime-type=enveloped-data; Name= "smime.p7m"
Content-transfer-encoding:base64
Miibyayjkozihvcnaqcdoiibutccau0caqaxgewwgekcaqawujbfmqswcqydvqqg
Ewjbvtetmbega1uecbmku29tzs1tdgf0ztehmb8ga1uechmysw50zxjuzxqgv2lk
Z2l0cybqdhkgthrkagkar71mh4nrx/uwdqyjkozihvcnaqebbqaegycbra1wbwqk
Zj7tcntrxidzqmbc/lu063slkvbk6mqmqt+npfooftzikdfvkldh0yyqhmzdscyq
yutgwoadw6jn0ahrt64uwpokoael9rvqp9vgtifc/uxis5ueyzcws1z7jsih8aa+
Da/dqn0socx85odk/tdewnx8mtaybbvf4jbzbgkqhkig9w0bbwewggyikozihvcn
Awiwdgicakaecnxsgij2s+1ugdc6jknpl+rdybcddcyph+bmyjqrup0he/gq5wsj
Sv8cdkoudvy5xg440yial3z3ysi= using the private key to decrypt and output to the Dtest.txt file:
$ OpenSSL smime-decrypt-in etest.txt-inkey rsakey0.pem-out dtest.txt View the contents of the decrypted letter, exactly the same as the original plaintext letter.
$ cat Dtest.txt
111111
222222
333333
444444
Aaaaaa
5. Simple File encryption
contents of clear text file:
$ cat Test.txt
1
22
333
4444
55555
Hello encrypt plaintext file, output as Test.enc file, enter "123123" as Encryption Password:
$ OpenSSL enc-aes-256-cbc-salt-in test.txt-out Test.enc
Enter AES-256-CBC encryption Password:
Verifying-enter AES-256-CBC Encryption Password: Decrypt the ciphertext and enter "123123" as the decryption password:
$ OpenSSL enc-d-aes-256-cbc-in Test.enc
Enter AES-256-CBC decryption Password:
1
22
333
4444
55555
Hello
6. Simple string encryption
to encrypt by Base64 method:
$ echo "Encode Me" | OpenSSL enc-base64
zw5jb2rlig1lcg== decryption, you need to know the encryption algorithm before you can decrypt:
$ echo "zw5jb2rlig1lcg==" | OpenSSL enc-base64-d
Encode me
7.SSL Client and server testing
using the private key and the certificate to start the SSL server, the role of "-www" is to send a status information page to the client when the client connects to the server.
OpenSSL s_server-key Mykey.pem-cert mycert.pem-www connection to the SSL server, the client obtains the server's certificate:
OpenSSL S_client-connect localhost:4433