The application of the OpenSSL---------Linux

Inter-process communication

650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M02/06/93/wKiom1m6RW2TaAlAAAAQWG--UQ4563.png "title=" Qq20170914170031.png "alt=" Wkiom1m6rw2taalaaaaqwg--uq4563.png "/>

Socket communication

Client-to-server, request-to-service, pull-out, and package-to-client request messages from the Receive-request port

650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M02/A5/44/wKioL1m6RjKB-41mAABLq3OggfE129.png "title=" Qq20170914170448.png "alt=" Wkiol1m6rjkb-41maablq3oggfe129.png "/>

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M02/A5/44/wKioL1m6Rrby-lV-AACMTie_iDM553.png "title=" Qq20170914170701.png "alt=" Wkiol1m6rrby-lv-aacmtie_idm553.png "/>

NIST-Developed security standards: confidentiality, integrity, availability

The risks faced in the socket communication model: eavesdropping, spoofing, replay, message tampering, denial of service

Secure means (security mechanism): encryption, authentication, access control, integrity check, routing control, notarization

Services that provide security: authentication, access control, confidentiality, integrity, non-repudiation

Guaranteed service security (algorithms and protocols): symmetric, asymmetric, unidirectional, key exchange

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M01/A5/44/wKioL1m6SOPhiJBCAAAxLepL5OY922.png "title=" Qq20170914171416.png "alt=" Wkiol1m6sophijbcaaaxlepl5oy922.png "/>

650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M00/A5/44/wKioL1m6SNKxWhAPAABK7S4St_k923.png "style=" float : none; "title=" Qq20170914171440.png "alt=" Wkiol1m6snkxwhapaabk7s4st_k923.png "/>

650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M01/06/94/wKiom1m6SP2QlrdYAAB2HouEZYQ322.png "style=" float : none; "title=" Qq20170914171459.png "alt=" Wkiom1m6sp2qlrdyaab2houezyq322.png "/>

650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M02/A5/44/wKioL1m6SVnzb1t7AAA_FZPY5kU310.png "style=" float : none; "title=" Qq20170914171810.png "alt=" Wkiol1m6svnzb1t7aaa_fzpy5ku310.png "/>

650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M01/06/94/wKiom1m6SYSSGUX_AAAqgrZ-wPY068.png "style=" float : none; "title=" Qq20170914171816.png "alt=" Wkiom1m6syssgux_aaaqgrz-wpy068.png "/>

Basic principles of cryptographic decryption

Symmetric encryption, asymmetric encryption, one-way encryption, key exchange

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M00/A5/44/wKioL1m6TJOBA4n1AAB-GYkNdk4353.png "title=" Qq20170914173159.png "alt=" Wkiol1m6tjoba4n1aab-gykndk4353.png "/>

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M01/06/94/wKiom1m6TyHg8z44AACfXiKV0xM247.png "title=" Qq20170914174209.png "alt=" Wkiom1m6tyhg8z44aacfxikv0xm247.png "/>

650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M00/06/94/wKiom1m6UGSReRO7AABunbaw4Kk039.png "title=" Qq20170914174732.png "alt=" Wkiom1m6ugsrero7aabunbaw4kk039.png "/>

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M02/06/94/wKiom1m6UVnTBd7KAAAvN5XGtw8855.png "title=" Qq20170914175141.png "alt=" Wkiom1m6uvntbd7kaaavn5xgtw8855.png "/>

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M00/06/94/wKiom1m6UYmyM7u6AABblPy4SEE771.png "title=" Qq20170914175219.png "alt=" Wkiom1m6uymym7u6aabblpy4see771.png "/>

The role of the certification authority CA, certificate

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M00/A5/45/wKioL1m6UYrzxQwoAAAlhP3S88k688.png "title=" Qq20170914175312.png "alt=" Wkiol1m6uyrzxqwoaaalhp3s88k688.png "/>

Pki

650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M01/06/95/wKiom1m6UfDDO03gAAArzsWOzys930.png "title=" Qq20170914175410.png "alt=" Wkiom1m6ufddo03gaaarzswozys930.png "/>

Specification of certificates

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M02/A5/45/wKioL1m6UkaB0Mm-AABOrfeMfhU781.png "title=" Qq20170914175618.png "alt=" Wkiol1m6ukab0mm-aaborfemfhu781.png "/>

Communication mechanism based on public key cryptography

650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M01/06/95/wKiom1m6UufSygJOAABJldsH0zw273.png "title=" Qq20170914175819.png "alt=" Wkiom1m6uufsygjoaabjldsh0zw273.png "/>

SSL protocol, program, session establishment, command

650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M01/06/95/wKiom1m6U8vxaCISAAAlxm6CZ58100.png "title=" Qq20170914180203.png "alt=" Wkiom1m6u8vxacisaaalxm6cz58100.png "/>

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M00/A5/45/wKioL1m6U0miE6aLAAAgORyZcfI098.png "title=" Qq20170914180041.png "alt=" Wkiol1m6u0mie6alaaagoryzcfi098.png "/>

SSL Hand Shark : An IP address can only establish one SSL session

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M01/06/95/wKiom1m6VJGyeIGoAAAy0IRiq0U953.png "title=" Qq20170914180520.png "alt=" Wkiom1m6vjgyeigoaaay0iriq0u953.png "/>

Use of the OpenSSL tool

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M02/A5/45/wKioL1m6VMfgHOcqAAAMgKFYM_I006.png "title=" Qq20170914180702.png "alt=" Wkiol1m6vmfghocqaaamgkfym_i006.png "/>

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M01/A5/45/wKioL1m6VUqQECx8AAAmpTpQZqQ526.png "style=" float : none; "title=" Qq20170914180845.png "alt=" Wkiol1m6vuqqecx8aaamptpqzqq526.png "/>

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M00/A5/45/wKioL1m6VUrxq50_AAAdhBiTddg916.png "style=" float : none; "title=" QQ20170914180851-copy. png "alt=" Wkiol1m6vurxq50_aaadhbitddg916.png "/>

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M02/A5/45/wKioL1m6VUvzi_lwAAAdAQIF3uc493.png "style=" float : none; "title=" Qq20170914180859.png "alt=" Wkiol1m6vuvzi_lwaaadaqif3uc493.png "/>

Symmetric encryption

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M01/06/95/wKiom1m6Vp2hTWRRAAA00llInOw632.png "title=" Qq20170914181409.png "alt=" Wkiom1m6vp2htwrraaa00llinow632.png "/>

Using the example

Use Example: 1, create temporary file # MKTEMP-P/tmp LCC. Xxxx/tmp/lcc.hfdo2, encryption # OpenSSL ENC-E-seed-cfb-a-salt-in lcc.hfdo-out lcc.ciphertext3, decryption # OpenSSL enc-d-see D-cfb-a-salt-in lcc.ciphertext-out Lcc.txt

One-way encryption

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M02/06/95/wKiom1m6WJOR9kzYAABkFPWGr5M994.png "title=" Qq20170914182232.png "alt=" wkiom1m6wjor9kzyaabkfpwgr5m994.png "/> Use Example

# sha1sum Lcc.txt 5448d7dc19288c6ee87a25d4e2e990f72d786971 lcc.txt# OpenSSL dgst-sha1-hex lcc.txt SHA1 (lcc.txt) = 5448d7 dc19288c6ee87a25d4e2e990f72d786971

Generate User Password

650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M00/06/95/wKiom1m6WTaDCLCpAAAc8BFJrPo226.png "title=" Qq20170914182513.png "alt=" Wkiom1m6wtadclcpaaac8bfjrpo226.png "/>

Using the example

# OpenSSL passwd-1-salt $ (OpenSSL rand-hex 4) # OpenSSL passwd-1-salt $ (OpenSSL Rand-hex 4) 123

Generate random numbers

650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M00/A5/46/wKioL1m6WbyA9s-cAAAegW9iUB8236.png "title=" Qq20170914182809.png "alt=" Wkiol1m6wbya9s-caaaegw9iub8236.png "/>

Using the example

# OpenSSL Rand-hex 4 (8-bit) # OpenSSL rand-base64 16 | tr-d ' = '

Generate key Pair

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M02/A5/46/wKioL1m6WtDjQs8yAAA56vqJWM4956.png "title=" Qq20170914183248.png "alt=" Wkiol1m6wtdjqs8yaaa56vqjwm4956.png "/>

650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M01/06/95/wKiom1m6XFCAMmn2AABBclt0Ncg359.png "title=" Qq20170914183827.png "alt=" Wkiom1m6xfcammn2aabbclt0ncg359.png "/>

Using the example

# OpenSSL Genrsa-out lcc.private 1024

# OpenSSL rsa-in lcc.private-out lcc.pubkey-pubout

This article is from the "Reading" blog, make sure to keep this source http://sonlich.blog.51cto.com/12825953/1965404

The application of the OpenSSL---------Linux