Original address: http://xxrenzhe.blog.51cto.com/4036116/1370114
No more nonsense, first.
Illustration 1: The blue part is the main process, the yellow arrow points to the specific procedure
What is OpenSSL
1. A security protocol that provides security and data integrity for network communications, encompassing key cryptographic algorithms, common key and certificate encapsulation management functions, and SSL protocols, and provides a rich range of applications for testing or other purposes;
2. OpenSSL is only a multi-function command tool in the OpenSSL open source suite;
3. The components of the OpenSSL suite are:
Libcrypto: Cryptographic libraries for common functions
Libssl: A library for implementing TSL/SSL functions;
OpenSSL: Multifunctional command tool
Why OpenSSL is required
1. There is a lot of data interaction in the network communication, if there is not a complete set of data encryption and decryption mechanism, will lead to the leakage of sensitive information and data, network security communication can not be discussed;
2. Fortunately, the suite of OpenSSL provides a powerful feature in this area, and is open source, now widely used in the network communication mechanism;
3. By deploying a CA (Certificate authority) server within a certain scope, the certificate authentication and authorization can be realized in the LAN, and the security of data transmission can be ensured, and the working principle of the international large CA institution may be understood through specific deployment practices. Provides knowledge accumulation for enterprise-level certificate management.
The main content of this blog
This time just deploy the CA server within the LAN, you can understand the data encryption, decryption process, as well as the security of public key in the network transfer; If you are an enterprise application, you will need to purchase its services from a professional CA institution and obtain internationally recognized certificates.
Encryption and decryption process of data
Illustration 1: Blue is the main encryption and decryption process; Black is generally a description of the content of the comment
Illustration 2: Description of the encryption decryption process that user Bob needs to communicate with Alice and pass to Alice data for secure communication
Workflow for CAs
Note 1: The blue part is mainly the certificate request and the distribution process, the yellow part is mainly the inter-user certificate authentication process, the black part is the explanation explanation text
OpenSSL implements a private CA (see first picture) description
Illustration 2: When an enterprise (or user) discovers that its private key has been stolen and is lost, it will issue a certificate invalidation request to the CA institution, then the CA authority will revoke the certificate before it needs to perform the related operation of revoking the certificate.
Schematic OpenSSL implementation Private CA