Understand and deploy symmetric encryption 1. Prepare the symmetric encryption software FatCryptoTool and office Password Recovery to crack the office Password. 2. symmetric encryption system: dedicated encryption, fast and efficient. 3. Data
Phase 1 Using Preshared Keys
IKE's main mode has six packages, and the six packages are divided into three stages:
1: These first two packets define the algorithms and hashes used to secure the IKE communications and are agreed upon in
The online revocation service is a new component introduced in Windows Server 2008. Is the Microsoft deployment of the OCSP protocol. This feature, coupled with the new OCSP answering service, is a big boost compared to CRL based revocation. The
Understand and deploy symmetric encryption
1. Prepare the symmetric encryption software FatCryptoTool and office Password Recovery to crack the office Password.
2. symmetric encryption system:
Dedicated encryption, fast and efficient.
3. Data
Implement encryption protection for office build applications
Word:
A. By default, word uses the rc4 encryption algorithm.
B. Understand the risk of passwords.
1. Set the office password.
2. Crack the office password. Use Accent Office Password
Click to download OpenSSL
window and Linux to distinguish between the
Unzip the file
Double click:
Win32openssl-0_9_8l_95895.exe
After the installation is complete
\openssl\bin\openssl.exe
Enter a command to generate the private key
Genrsa-
currently in the field of electronic certification service, as an example, the company can currently provide enterprises with PKI/CA services in various modes, meet the actual application requirements of various types of enterprises. At the same time, tianwei integrity still spends a lot of energy on how to make users easily and conveniently use CA.
It is understood that tianwei integrity is the top partner of Ve
files:
The code is as follows
Copy Code
OpenSSL genrsa-des3-out Client.key 1024OpenSSL req-new-key client.key-out client.csr-config openssl.cnf
4.CSR files must have a CA's signature to form a certificate. This file can be sent to VeriSign and other places by it verification, to pay a lot of money, why not do their own ca.
The code is as follows
Copy Code
OpenSSL req-new-x509-keyou
Self-built CA Based on OpenSSL and SSL certificate issuance
For details about SSL/TLS, see the SSL/TLS principles.For more information about Certificate Authority (CA) and digital certificate, see OpenSSL and SSL digital certificate concepts.
Openssl is a suite of open-source programs. It consists of three parts: one islibcryto, This is a general function of the encryption library, which implements a large number of encryption libraries; secondlibsslThis implements the ssl mechanism. It is used
electronic transactions or electronic transfers need to ensure that users are securely connected to their websites. To achieve this, these organizations need to issue their own public key certificates by internationally recognized CAS (such as VeriSign. These certificates are used to establish SSL connections or decrypt electronic signatures. The process of applying for a certificate must be verified by the CA. At the same time, the CA must pay a hig
key exchange and digital signature, and of course, if you can tolerate its slow speed, it can also be used for data encryption. The DSA algorithm is generally used only for digital signatures.3. Information Digest algorithmOpenSSL implements 5 information digest algorithms, namely MD2, MD5, MDC2, SHA (SHA1), and RIPEMD. The SHA algorithm actually includes the SHA and SHA1 two kinds of information digest algorithms, in addition, OpenSSL implements two kinds of information digest algorithms, DSS
, and the other can bind the public key and its related information to the declared owner in a trusted way.This is the certificate mechanism. The certificate is an authoritative document in e-commerce. The certificate issuer must be trustworthy, it is issued by authoritative, trustable, and impartial third-party organizations. Certificates are a security mechanism that ensures the implementation and completion of PKI identity authentication, integrity
1. First to generate the server-side private key (key file):Command:OpenSSL genrsa-des3-out Server.key 1024The runtime prompts for a password, which is used to encrypt the key file (the parameter des3 is the encryption algorithm, and of course you can choose other algorithms that you think are safe). You need to enter a password whenever you need to read this file (via the command or API provided by OpenSSL)2. Generate CSR and key on the serverCommand:OpenSSL Req-new-key server.key-out server.cs
the browser can be checked through the certificate storage area. The certificate storage area provides information about the CA certificate, and the CA certificate is stored in the browser storage. At the same time, the CA website also provides browser SSL compatibility information.
The following picture shows the details of the certificate for the sample Website http://abcgen.uk. The certificate ensures that the reliability of the owner has been verified. The digital certificate is issued to A
The previous article introduced some basic questions about SSL two-way authentication and used nginx + PHP to build https-based WebService.
The previous method only implemented the mode. Yesterday, my colleagues continued to implement the N: 1 mode. Here I will record it again.
Because the ssl_client_certificate parameter of nginx can only specify one client public key, if a client is added for communication, a server is required.
The N: 1 mode is implemented through the CA cascade certificate m
the previous approach was just to implement the 1:1 pattern, and yesterday colleagues continued to implement the N:1 model, and here I'm going to sort it out. Since Nginx's ssl_client_certificate parameter can only specify a client public key, it is necessary to re-match a server if a client is added to communicate. The N:1 pattern is implemented through the CA's cascading certificate pattern, first generating a set of CA root-level certificates and then generating level two certificates as cl
This paper introduces some basic problems of SSL bidirectional authentication, and uses nginx+php to build HTTPS webservice based on it.The previous approach was just to implement the 1:1 pattern, and yesterday colleagues continued to implement the N:1 model, and here I'm going to sort it out.Since Nginx's ssl_client_certificate parameter can only specify a client public key, it is necessary to re-match a server if a client is added to communicate.The N:1 pattern is implemented through the CA's
"
Set_varEASYRSA_REQ_EMAIL "503579266@qq.com"Set_varEASYRSA_REQ_OU "MyOpenVPN"
4. Create a server certificate and key
(1) initialization
[Root @ vpneasyrsa3] # ls
Easyrsaopenssl-1.0.cnfvarsvars.examplex509-types
[Root @ vpneasyrsa3] #
[Root @ vpneasyrsa3] #./easyrsainit-pki
Note: using Easy-RSAconfiguration from:./vars
Init-pki complete; you may nowcreate a CA or requests.Your newly created
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.