The encryption and decryption of OpenSSL under Linux

First, why to encrypt

In the network of the Big Forest, all the data transmission is not safe, in the data transmission must be encrypted to prevent theft by others hijacked

Ii. how data is transmitted in the network

What steps have been taken to get the data from the sending to the destination?

1, ISO International standard organization defines the data in the network transmission seven layer model: the data from the application layer--session layer--expression layer-----------------------------------

2, in the TCP/IP definition of the four-layer model, data transmission is the same truth, application Layer-the Transport layer-the network layer-the physical layer. But this does not define the data security aspect, in the network development process, has produced to the data encryption decrypts the SSL layer (SSL is not really a layer, only in the application layer and the transport layer gives the data to specify the load protocol the standard).

650) this.width=650; "src="/e/u261/themes/default/images/spacer.gif "style=" Background:url ("/e/u261/lang/zh-cn/ Images/localimage.png ") no-repeat center;border:1px solid #ddd;" alt= "Spacer.gif"/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/6B/D0/wKioL1U3jA3xDUCxAAEodFEhTjI313.jpg "title="    A3985c6e55624503823c940fc1a6ee45.jpg "alt=" Wkiol1u3ja3xducxaaeodfehtji313.jpg "/> We encrypt data by adding an SSL layer between the transport layer and the application layer. The data is generated and encapsulated by the application layer, and the data stream is processed two times, encrypted or decrypted by the SSL protocol before transmission via the TCP,UDP protocol.

SSL is an abbreviation of Secure Sockets layer (Secure Sockets level protocol) that provides covert transmission over the Internet. Netscape Company introduced the SSL protocol standard while launching its first web browser. The goal is to ensure the confidentiality and reliability of communication between two applications, enabling simultaneous support both on the server side and on the client side. has become an industry standard for secure communications on the Internet.

SSL enables communication between user/server applications to be intercepted by attackers and always authenticates the server and optionally authenticates the user. The SSL protocol is required to be based on a reliable Transport Layer protocol (TCP). The advantage of the SSL protocol is that it is independent of the application-layer protocol, and that high-level application-layer protocols (such as http,ftp,telnet, etc.) can be transparently built on top of the SSL protocol. The SSL protocol has completed the encryption algorithm, the communication key negotiation and the server authentication work before the application layer protocol communication. After this, the data transmitted by the application layer protocol will be encrypted, thus guaranteeing the privacy of the communication.

Third, the classification of encryption and decryption and corresponding algorithm

1, symmetric encryption: Using the same algorithm with a password to encrypt the data decryption;

Algorithms: DES, 3DES, AES, Blowfish, towfish, Idea, RC6, CAST5

2, asymmetric encryption of public key cryptography: The public key is extracted from the private key, the use of private key encrypted files, can only use the public key decryption, and vice versa;

Algorithms: RSA, DSA, ELGamal, DH

3, asymmetric encryption of one-way encryption: can only be encrypted, not decrypted, to extract the data signature.

Algorithms: MD5, SHA series 256, 384, 512, 128

四、一次 Encrypted communication process

Sent by:

1. Extracting data signatures using a one-way encryption algorithm

2. Use your own private key encryption signature attached to the data behind

3. Generate a temporary key for symmetric encryption

4. Encrypt the data with this temporary key and the signature after it has been encrypted with the private key

5. Encrypt this temporary key with the receiver's public key, append to the symmetric encrypted data and put

Accepted by:

1. Use your private key to decrypt the encrypted temporary key to obtain the symmetric key

2. Use symmetric key to decrypt symmetric encrypted data and private key encryption of the signature ciphertext to obtain data and signature cipher text

3. Use the public key sent by the other side to decrypt the signature ciphertext to obtain the data signature

4. Use the same Dangxiang encryption algorithm as the other side to calculate the data signature and compare it with the decrypted signature code.

Five, OpenSSL

OpenSSL on Linux is a cryptography-based installation package

OpenSSL is a strong Secure Sockets Layer cipher library that includes key cryptographic algorithms, common key and certificate encapsulation management functions, and SSL protocols, and provides a rich set of applications for testing or other purposes.

1. Components:

(1) Libcrypto: Encrypt and decrypt the library file;

(2) LIBSSL:SSL Protocol implementation

(3) OpenSSL: Multi-purpose command-line tool, each with a dedicated sub-command to achieve

2.OPENSSL Command use Format

OpenSSL command [options] [csr_file] [options] [crt_file] [options] #

openssl+ Sub-command + options + parameters

3. Sub-command, enter the OpenSSL return carriage return to view subcommands

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/6B/D4/wKiom1U3lMvDW1r3AABzDfII3s8858.jpg "title=" 36020150422203150372.jpg "alt=" Wkiom1u3lmvdw1r3aabzdfii3s8858.jpg "/>

4. Sub-command usage, using man to view

Vi. encrypting and decrypting files using OpenSSL

1. Symmetric encryption using OpenSSL ENC

(1) Encrypt files

OpenSSL enc-e cipher-a-salt-in/path/from/file-out/path/to/file

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6B/D4/wKiom1U3mRzyav_tAAA0TPWlm3s281.jpg "style=" float: none; "title=" 36020150422204928635.jpg "alt=" Wkiom1u3mrzyav_taaa0tpwlm3s281.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6B/D1/wKioL1U3mnyzk5-2AADv9gKOuKE422.jpg "style=" float: none; "title=" 36020150422204951099.jpg "alt=" Wkiol1u3mnyzk5-2aadv9gkouke422.jpg "/>

(2) Decrypt the file

OpenSSL enc-d cipher-a-salt-in/path/from/file-out/path/to/file

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/6B/D4/wKiom1U3mk2BGEWYAAHIEH69u64551.jpg "title=" 36020150422205432004.jpg "alt=" Wkiom1u3mk2bgewyaahieh69u64551.jpg "/>

2. One-way encryption

(1) Extract the file signature

OpenSSL dgst-cipher/path/to/file

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/6B/D1/wKioL1U3nL6xozXVAADF-Fpk344748.jpg "title=" 36020150422205933027.jpg "alt=" Wkiol1u3nl6xozxvaadf-fpk344748.jpg "/>

(2) Generate user password and manually specify random number

OpenSSL passwd-1-salt n random number

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/6B/D4/wKiom1U3m_3BNazjAAC8C0PbbFc201.jpg "title=" 36020150422210235737.jpg "alt=" Wkiom1u3m_3bnazjaac8c0pbbfc201.jpg "/>

(3) Generate random numbers

OpenSSL rand-hex|-base64 NUM

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/6B/D1/wKioL1U3nf_igdVVAAChKIs1xqs974.jpg "title=" 36020150422210521241.jpg "alt=" Wkiol1u3nf_igdvvaachkis1xqs974.jpg "/>

(4) Generate user password and generate random number automatically

OpenSSL passwd-1-salt $ (OpenSSL rand-hex|-base64 NUM)

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/6B/D4/wKiom1U3nT7TPLY-AADLLmuosA8167.jpg "title=" 36020150422210756384.jpg "alt=" Wkiom1u3nt7tply-aadllmuosa8167.jpg "/>

3. Public key encryption

(1) Generate private key

OpenSSL genrsa-out/path/to/private_key_file num_bits

# (Umask 077;openssl genrsa-out/path/to/private_key_file num_bits) Add permissions to the private key file

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/6B/D4/wKiom1U3n2WQdnv4AAKZsPqNhLc484.jpg "title=" 36020150422211341043.jpg "alt=" Wkiom1u3n2wqdnv4aakzspqnhlc484.jpg "/>

(2) Extracting the public key

OpenSSL rsa-in/path/from/private_key_file Pubout

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/6B/D1/wKioL1U3ojLwbgvVAAKPd8XZ26s653.jpg "title=" 36020150422212307647.jpg "alt=" Wkiol1u3ojlwbgvvaakpd8xz26s653.jpg "/>

Summary: These are just the basics of encrypting and decrypting using OpenSSL, and learning Linux must be understood and mastered.

OpenSSL enc-e|-d-des3-a-salt-in. -out. (-a = Generate base64 format,-salt add random code)

OpenSSL Dgst-md5|-sha. (Extract signatures to files)

OpenSSL passwd-1-salt. (Generate user password-1 means use MD5 algorithm)

OpenSSL rand-hex|-base64. (Extracting random codes from the entropy pool)

OpenSSL genrsa-out. Num_bits (generates a private key file by how many bytes)

OpenSSL rsa-in. -pubout-out. (Extracts the public key from the private key file and outputs it to the new file)

The encryption and decryption of OpenSSL under Linux