Using OpenSSL to implement certificate operations

With the development of computer, computer security has been puzzling us, in the modern society of computer information security is particularly important, today's society is a information society, you and I use the computer every day, with e-mail, community games, even if communication, e-commerce and other applications of the development, Our personal information is also being transmitted over the Internet through a variety of network devices, and it is our concern to ensure the safety of these private information.

For important data such as bank accounts we can encrypt our data using encryption technology, and then pass the information through the network, modern encryption technology is usually divided into: symmetric encryption technology and symmetric encryption technology.

One of the characteristics of symmetric encryption technology is:

1. Encryption and decryption use the same key;

2. Encryption key can be pushed to the decryption key, the decryption key can also infer the encryption key;

3. Data encryption speed relative to asymmetric encryption technology faster.

The characteristics of asymmetric cryptography are:

1. Encryption and decryption using two different keys;

2. Encryption key is not possible (within the effective time) to push out the decryption key, and the decryption key is not possible (within the effective time) to push out the encryption key;

3. Data encryption is slower than symmetric encryption technology.

Note: The public key is used for encryption, the private key is used for decryption, and the public key can be used by anyone on the internet because the private key cannot be deduced through the public key.

From this we may soon be able to judge that we need symmetric encryption to encrypt our data on the Internet because she is simple and fast. If you really choose this solution, you will find another very serious problem. That is: if the communication between the two sides of the Internet to communicate with each other, it must be instituted to negotiate an encryption and decryption key can be, then your key to how to pass through the network? If you use encryption to pass out, but the other party does not know how to decrypt the method, if the use of clear text to pass the key, and right now a hacker on the Internet to listen to your information, then the listener also obtained the key, it is not very scary!

One of our sensible solutions at this point is: use; Asymmetric encryption encryption We are prepared to use the encryption of the key, namely: the use of asymmetric encryption of the public key encryption we are prepared to use the symmetric encryption technology key, the other party received after the use of private decryption, so that both sides have a symmetric encryption key, Fast encryption of our data, and encryption is really a very important data use key, because the use of asymmetric encryption technology transmission, so it is the same security!

Our problem seems to have been solved, let's assume an environment: Alice now needs to communicate with Bob about the company's confidential information. As far as we know, Alice now needs a secret key to encrypt the company's confidential documents, and Bob needs this key if he wants to open the file. So Alice generates a cryptographic key to encrypt the company data file, and in order for Bob to read the file, Alice needs to Bobson into a pair of asymmetric public and private key keys, and Bob sends his public key to Alice, So Alice uses the public key that Bob sent to encrypt the symmetric key that he used to encrypt the company files. At the same time, the encryption of the use of symmetric encryption of the file sent to Bob, Bob received the file, first use his own private key to decrypt, Alice's secret company files for the key, and then use the decryption of the key, and decryption company files. It looks perfect!

How does a bad person on the internet, he also generated a pair of asymmetric key, or steal the asymmetric key bob, and the public key to Alice, and claimed to be Bob, what will be the result?

Obviously, we have no way of knowing whether a public key or private key on the Internet is the true identity of the holder. A certificate is a technique used to establish a direct relationship between a holder and a certificate. Just like our ID card, ID card corresponding to you, you I also correspond to this only ID card, if there is any doubt, you can go to the public security organs to confirm the authenticity of this identity card! Perfect

To use a certificate we need several key factors here:

1. Certification authority (CA), where CA is an authoritative institution.

2. Entity individual (private key, only individual holder)

3. Verification mechanism.

Process: The individual generates the key pair, the user sends his information with the public key to the CA organization authentication, the application belongs to own certificate, when the certificate passes through the application can use this certificate on the Internet.

OpenSSL provides all the commands required to establish a certificate: The REQ command is the certificate request tool. The CA command is used for tool commands that accept certificate requests, approve certificate requests, issue certificates, revoke certificates, and other administrative certificates.