OpenSSL: Open Source project
Three components:
OpenSSL: Multi-purpose command-line tool;
Libcrypto: public encryption library;
Libssl: library, the implementation of SSL and TLS;
OpenSSL command:
OpenSSL version: Program release number
[[email protected] ~]# OpenSSL version
OpenSSL 1.0.1e-fips 2013
Standard commands, Message digest commands, cryptographic commands
Standard command:
ENC, CA, req, ...
Encrypt the Fstab file, save it in Fstab.ciphertext
OpenSSL enc-e-des3-a-salt-in fstab-out fstab.ciphertext
Command parsing as follows-E with what algorithm encryption here with the DES3 algorithm encryption-a text-salt add some magazines to go in
Decrypt:
OpenSSL enc-d-des3-a-salt-in fstab.ciphertext-out fstab
Where-D means decryption
Symmetric encryption:
Tools: OpenSSL enc, GPG
Algorithm: 3DES, AES, Blowfish, Twofish
ENC command:
Encryption: ~]# OpenSSL enc-e-des3-a-salt-in fstab-out fstab.ciphertext
Decryption: ~]# OpenSSL enc-d-des3-a-salt-in fstab.ciphertext-out fstab
-des3
Openssl?
One-way encryption:
Tools: Md5sum, Sha1sum, Sha224sum, sha256sum,..., OpenSSL dgst
DGST command:
OpenSSL dgst-md5/path/to/somefile
One-way encryption of the Fstab
[Email protected] ~]# md5sum fstab
1f0b4b8720529442b613f57c4979852e Fstab
[email protected] ~]# OpenSSL dgst-md5 fstab
MD5 (fstab) = 1f0b4b8720529442b613f57c4979852e
Mac:message authentication Code, one-way encryption extension application, used to ensure the integrity of the transmitted data in network communication;
Mechanism:
Cbc-mac
HMAC: Using the MD5 or SHA1 algorithm
Generate User password:
passwd command
OpenSSL passwd-1-salt Salt
Or
[email protected] ~]# OpenSSL passwd-1-salt 12345678
Password:
$1$12345678$xek. cpjquvgdf/p2n9kqf/
Generate random Number:
OpenSSL Rand-base64|-hex NUM
Example:
OpenSSL rand-base64 1000
OpenSSL rand-base64 16 Here you can be a code joke.
[email protected] ~]# OpenSSL rand-base64 16
lftnnydp1qosagkwzp9mra==
NUM: Represents the number of bytes,-hex, 4 bits per character, the number of characters appearing is num*2;
Public Key cryptography:
Encryption:
Algorithm: RSA, ELGamal
Tools: GPG, OpenSSL rsautl
Digital signature:
Algorithms: RSA, DSA, ELGamal
Key exchange:
Algorithm: DH
Dsa:digital Signature algorithm
Dss:digital Signature Standard
Rsa:
To generate a key pair:
OpenSSL Genrsa-out/path/to/privatekey. FILE num_bits
# (Umask 077; OpenSSL genrsa-out key.pri 2048)
Extract the Public key:
# OpenSSL Rsa-in/path/from/privatekey. File-pubout
Random number generator:
/dev/random: Only random numbers are returned from the entropy pool, and random numbers are exhausted and blocked;
/dev/urandom: A random number is returned from the entropy pool, and the random number is exhausted, the pseudo-random number is generated by the software, non-blocking;
Note:
Asymmetric encryption: The two sides took an ancient weapon, a weapon wounded only B weapons can be treated, the same B weapon wounded people only a weapon can be cured, both weapons can hurt people can also save lives. But there's only one weapon in the world, and weapon B can reproduce indefinitely.
Symmetric encryption: A and B are a pair of business partners, they live in different cities. Because of business needs, they often mail important goods between each other. In order to ensure the safety of the goods, they agreed to make a safe box and put the items into them. They created two identical keys to be held separately in order to open the safe box with the key when the parcel was received, and to lock the safe box with the key before mailing the goods.
The above is a traditional way of transferring important resources safely to a destination, so long as a B is carefully kept in the key, it cannot be opened even if someone gets a safety box. This idea was used to encrypt the information of modern computer communication. In symmetric encryption, the data sender sends the plaintext (the original data) and the encryption key together by a special encryption algorithm to make it into a complex cipher cipher. After receiving the ciphertext, if you want to interpret the original text, the encryption key and the inverse algorithm of the same algorithm will be used to decrypt the ciphertext, so that it can be restored to readable plaintext. In the symmetric encryption algorithm, only one key is used, both parties use the key to encrypt and decrypt the data.
This article is from the "Liang blog" blog, make sure to keep this source http://7038006.blog.51cto.com/7028006/1844935
Talk about the Linux open source project OpenSSL