OpenSSL itself is a software library. This software is widely used in system servers. Its main function is to ensure data consistency and security during data transmission during network communication. The software itself is written in C language, which makes it have cross-platform features. OpenSSL mainly includes the following three functions:
- and decryption: OpenSSL has a rich encryption and decryption algorithm library, supports different encryption and decryption methods and methods of storing secret keys, such as symmetric encryption, asymmetric encryption, and information digests.
- SSL protocol: OpenSSL implements SSLv2 and SSLv3 of the SSL protocol, and supports most of the algorithm protocols
- certificate operation: OpenSSL itself provides a text database that supports certificate management functions, including certificate key generation, request generation, certificate issuance, revocation, and verification functions.
Several forms of encryption and decryption
The forms of encryption and decryption are usually divided into the following types:
- Symmetric encryption algorithm
- Asymmetric encryption algorithm
- Irreversible encryption algorithm
- Let's look at these encryption algorithms one by one.
Symmetric Algorithm
Symmetric algorithm means that the sender and receiver of information use the same secret key to encrypt and decrypt data. AES, DES, etc. are commonly used symmetric encryption algorithms.
The advantage of the symmetric algorithm is that the encryption and decryption speed is fast, and it is suitable for encrypting large amounts of data. The disadvantage is that because there is only one secret key, it is difficult to manage the secret key. As long as it is exposed, it is easy to crack the encrypted information.
Asymmetric algorithm
An asymmetric algorithm means that the sender and receiver of information each hold a secret key. One public release is called the public key; one private is called the secret key. The secret key can be derived from the corresponding public key. RSA, DSA, etc. are commonly used asymmetric encryption algorithms.
In general, the sender of the information uses the public key to encrypt, and the recipient of the information uses the private key to decrypt. The public key mechanism is flexible, but the speed of encryption and decryption is much slower than that of symmetric key encryption. In different usage scenarios, other usage methods will also be derived, such as private key encryption and public key decryption.
RSA encryption and decryption algorithm
RSA is a popular asymmetric encryption algorithm. The content of generating public and private keys is as follows:
# 生成秘钥
OpenSSL genrsa -out test.key 1024
# 从秘钥中导出公钥
OpenSSL rsa -in test.key -pubout -out test_pub.key
# 公钥加密文件
echo "test" > hello
OpenSSL rsautl -encrypt -in hello -inkey test_pub.key -pubin -out hello.en
# 私钥解密文件
OpenSSL rsautl -decrypt -in hello.en -inkey test.key -out hello.deIrreversible encryption algorithm
Irreversible encryption algorithms are mainly used to verify the consistency of files, and the digest algorithm is one of them. The commonly used digest algorithm is MD5.
Digest algorithm
The digest algorithm is used to convert plaintext of any length into a string of characters with a fixed length according to certain rules. When doing file consistency verification, we usually first use the digest algorithm to obtain a string of characters with a fixed length, and then sign the string of characters. After the receiver receives the file, it will execute the digest algorithm once before signing it. If the data is consistent before and after, it means that the file has not been tampered with during the transfer process.
base64
It should be noted that base64 is not an encryption algorithm, it is an encoding method. It can facilitate the conversion between ASCII code and binary code during transmission. Similar to pictures or some text protocols, base64 can usually be converted into binary code for transmission during transmission.
SSH encryption process
- The client sends its own key ID to the server
- The server looks for the public key of this ID in its authorized_keys file
- If so, the server generates a random number and encrypts it with the public key of the current ID
- The server sends the encrypted random number to the client
- The client uses the private key to decrypt the random number, and then locally encrypts the random number with MD5
- The client sends the MD5 hash to the server
- The server also makes an MD5 hash for the random number it generated at the beginning, then encrypts the hash with the "public key" of the communication channel, and compares it with the content sent by the client. If the content of the two parties is the same, the verification will be passed and the access authority will be opened to the client
After you have a deep understanding of OpenSSL, its functional support for cryptography technology will make you excited. If you are interested, you can learn more about the content and experiment with the use of different encryption methods in different scenarios. Put a small notice: An article using pyo3 to write rsa forward and reverse encryption and decryption modules for python will be launched in the future.
程序员
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。