1. hashed
Commonly used to store passwords
Converts an input string of any length to an output string of Fixed Length
One-way: not feasible to get plaintext from hash
Collision-free: Not feasibleto find two strings that hash to the same output
Algorithms: CRC-32, MD5, SHA-1, SHA-256, etc.
CRC-32 is not cryptographically secure
Utilities: sha1sum, md5sum, chsum, OpenSSL DGST
Examples
To hash file see if it changed
Md5sum File
[[email protected] ~]# vim filethis is a test file[[email protected] ~]# md5sum file79cbbfadcab143d2cc839ce5fce1c576 file[[email protected] ~]# md5sum file79cbbfadcab143d2cc839ce5fce1c576 file[[email protected] ~]# md5sum file79cbbfadcab143d2cc839ce5fce1c576 file
The same file, as long as it is not modified, no matter how many times it is encrypted with MD5, the resulting string is consistent
Sha1sum File
OpenSSL DGST-sha1
2. Message Authentication codes (message authentication code)
Mac is used to maintain the integrity of a network communication, preventing message from tampering
Attacker needs secret key to forge Mac
Mac funtion uses a shared secret key to generate Mac
CBC-MAC: Use block cipher to construct
Encrypt the message in CBC mode and use last block
HMAC: Use keyed cryptographic hash
HMAC (secret key, message)
3. User Authentication
Cryptographic hash of account password is stored
By adding random "salt" to password, two users with the same password will have different password hashes
MD5-based hash by default, old modified DES version also availble
System hashes password given to login
If passwords match, user is authenticated
Utilities: Password, OpenSSL, OpenSSL passwd-1
4. asypolicric encryption (asymmetric encryption)
Public Key to encrypt, Private Key to decrypt
Public means public, private means private
Partial solution to Key Distribution Problem
Can give the public key to everybody
Algorithms: RSA, ElGamal
RSA is limited in the size of the message (<100 bytes) It can encrypt, much slower than equalric Algorithms
So, it is common to use RSA to transmit a secret against Ric session key securely, and switch to the faster encrypted Ric secret key
Utilities: GPG OpenSSL rsautl
Examples
Generate RSA key
OpenSSL genrsa 1024> secret. Key
Extract public key from secret key
OpenSSL RSA-puboutn-in secret. Key> Public. Key
Echo 'my secret message. '> tomylove.txt
Encrypt using public key
OpenSSL rsautl-encrypt-pubin-inkey public. Key-In tomylove.txt-out tomylove. Encrypt
Decrypt using secret key
OpenSSL rsautl-decrypt-inkey secret. Key-In tomylove. enc-out tomylove.txt
Example of using RSA for encryption
[[email protected] ~]# useradd bob[[email protected] ~]# useradd alice[[email protected] ~]# su - bob
Generate Bob's private key and store it in the secret. Key File.
[[email protected] ~]$ openssl genrsa 1024 > secret.keyGenerating RSA private key, 1024 bit long modulus...................................++++++.................++++++e is 65537 (0x10001)
Extract the public key from the private key and store it in the public. Key File.
[[email protected] ~]$ openssl rsa -pubout -in secret.key > public.keywriting RSA key
Switch to Alice user to generate your own public/private key
[[email protected] ~]# su - alice[[email protected] ~]$ openssl genrsa 1024 > secret.keyGenerating RSA private key, 1024 bit long modulus..................................++++++.........................................++++++e is 65537 (0x10001)[[email protected] ~]$ openssl rsa -pubout -in secret.key > public.keywriting RSA key
Now Bob wants to send an encrypted message to Alice:
Bob uses Alice's public key to send an encrypted message to Alice. After Alice receives the message, use her own private key to decrypt it.
Now Alice sends her own public key to Bob.
[[email protected] ~]$ cp public.key /tmp/alice.pub
Bobuses the alice's public keys to encrypt the tomylove.txt file to be sent.
[[email protected] ~]# su - bob[[email protected] ~]$ openssl rsautl -encrypt -pubin -inkey /tmp/alice.pub -in tomylove.txt -out tomylove.enc[[email protected] ~]$ cp tomylove.enc /tmp[[email protected] ~]$ su -[[email protected] ~]# su - alice[[email protected] ~]$ openssl rsautl -decrypt -inkey secret.key -in /tmp/tomylove.enc -out tomylove.txt[[email protected] ~]$ ll tomylove.txt -rw-rw-r--. 1 alice alice 19 Jul 21 23:18 tomylove.txt[[email protected] ~]$ cat tomylove.txt My secret message。
Example of using GPG for encryption
Generate GPG keys
PGP -- gen-Key (RSA encrypt and sign)
Export Public Key
GPG -- export-A> pulic. Key
Echo 'my secret message. '> tomylove.txt
Encrypt using public key
GPG-r keyid-e tomylove.txt (you got tomylove. GPG)
Import Public Key
GPG -- import public. Key
Decrypt using secret key
GPG-r keyid-O tomylove.txt-D tomylove. GPG