openssl Introduction to OpenSSL
SSL is the abbreviation of Secure Socket Layer (Secure Socket Layer Protocol), which can provide confidential transmission on the Internet. When Netscape launched the first Web browser, it also proposed the SSL protocol standard, which currently has version 3.0. SSL uses public key technology. Its goal is to ensure the confidentiality and reliability of communication between two applications, and can be supported on both the server side and the user side. Currently, the SSL protocol using public key technology has become the industry standard for secure communications on the Internet. The Secure Socket Layer protocol prevents communication between user/server applications from being eavesdropped by attackers and always authenticates the server and optionally the user. The SSL protocol requires a reliable Transport Layer Protocol (TCP). The advantage of the SSL protocol is that it is independent of application layer protocols. High-level application layer protocols (such as HTTP, FTP, TELNET, etc.) can be transparently built on the SSL protocol. The SSL protocol has completed the encryption algorithm, communication key negotiation and server authentication before application layer protocol communication. After this, the data transmitted by the application layer protocol will be encrypted to ensure the privacy of communication. Through the above description, the secure channel provided by the SSL protocol has the following three characteristics: 1. Data confidentiality Information encryption is to convert the plain input file into an encrypted file using an encryption algorithm to achieve data confidentiality. The encryption process requires the use of a key to encrypt data and then decrypt it. Without the key, the encrypted data cannot be decrypted. After the data is encrypted, only the key needs to be transmitted using a secure method. Encrypted data can be transmitted publicly. 2. Data consistency Encryption can also ensure data consistency. For example: Message Verification Code (MAC) can verify the encrypted information provided by the user. The recipient can use MAC to verify the encrypted data to ensure that the data has not been tampered with during transmission. 3. Security verification Another use of encryption is as a personal identification, and the user's key can be used as his security verification identification. SSL uses public key encryption technology (RSA) as an encrypted communication protocol between the client and server when transmitting confidential information.
What is OpenSSL
There are many cryptographic algorithms, public key infrastructure standards, and SSL protocols. Perhaps these interesting features will give you the idea of implementing all these algorithms and standards. If so, while I admire you, I can’t help but remind you: this is a daunting process. This job is no longer as simple as reading a few cryptography monographs and protocol documents, but understanding every detail of all these algorithms, standards and protocol documents, and using the C language## that you may be familiar with. The # characters implement these definitions and procedures one by one. We don't know how much time you're going to need to do this fun and scary job, but it's certainly not a matter of a year or two. First of all, we should thank Eric A. Young and Tim J. Hudson, who started writing the OpenSSL software package that later had a huge impact in 1995. What makes us even more happy is that this is an open source code without too many restrictions. software package, which allows us to do many things with this software package. Eric A. Young and Tim J. Hudson are Canadians. They later became famous by writing OpenSSL and then went to big companies to make a lot of money. In 1998, the OpenSSL project team took over the development of OpenSSL and launched OpenSSL version 0.9.1. So far, the OpenSSL algorithm has been very complete and supports SSL2.0, SSL3.0 and TLS1.0.
OpenSSL uses C language as the development language, which makes OpenSSL have excellent cross-platform performance. This is a very wonderful thing for the majority of technical personnel, who can use the same familiar things on different platforms. OpenSSL supports Linux, Windows, BSD, Mac, VMS and other platforms, which makes OpenSSL widely applicable. However, for the newly grown C++ programmers, they may not be very accustomed to C language code, but getting used to C language is much easier than using C++ to rewrite a software package with the same functions as OpenSSL.
The entire OpenSSL software package can be roughly divided into three main functional parts: cryptographic algorithm library, SSL protocol library and applications. OpenSSL's
directory structure is naturally planned around these three functional parts. As a security development kit based on cryptography, OpenSSL provides quite powerful and comprehensive functions, including major cryptographic algorithms, commonly used key and certificate encapsulation management functions, and SSL protocols, and provides a wealth of application programs. Used for testing or other purposes.
1.Symmetric encryption algorithm
OpenSSL provides a total of 8 symmetric encryption algorithms, 7 of which are block cipher algorithms, and the only stream cipher algorithm is RC4. These seven block encryption algorithms are AES, DES, Blowfish, CAST, IDEA, RC2, and RC5. They all support electronic codebook mode (ECB), encrypted block chaining mode (CBC), encryption feedback mode (CFB), and output feedback mode. (OFB) Four commonly used block cipher encryption modes. Among them, the encryption feedback mode (CFB) and output feedback mode (OFB) packet length used by AES is 128 bits, while other algorithms use 64 bits. In fact, the DES algorithm is not only the commonly used DES algorithm, but also supports three-key and two-key 3DES algorithms.
2. Asymmetric encryption algorithm
OpenSSL implements a total of 4 asymmetric encryption algorithms, including DH algorithm, RSA algorithm, DSA algorithm and elliptic curve algorithm (EC). DH algorithm general user key exchange. The RSA algorithm can be used for both key exchange and digital signatures, and of course, if you can tolerate its slow speed, it can also be used for data encryption. The DSA algorithm is generally only used for digital signatures.
3. Information digest algorithm
OpenSSL implements 5 information digest algorithms, namely MD2, MD5, MDC2, SHA (SHA1) and RIPEMD. The SHA algorithm actually includes two information digest algorithms, SHA and SHA1. In addition, OpenSSL also implements the two information digest algorithms DSS and DSS1 specified in the DSS standard.
4. Key and certificate management
Key and certificate management is an important part of PKI. OpenSSL provides rich functions and supports multiple standards.
First of all, OpenSSL implements the ASN.1 certificate and key related standards, providing DER, PEM and BASE64 encoding and decoding functions for certificates, public keys, private keys, certificate requests, CRL and other data objects. OpenSSL provides methods, functions and applications for generating various public key pairs and symmetric keys, and also provides DER encoding and decoding functions for public keys and private keys. And implements the PKCS#12 and PKCS#8 encoding and decoding functions of the private key. OpenSSL provides encryption protection for private keys in the standard, so that keys can be stored and distributed securely.
On this basis, OpenSSL implements the X.509 standard encoding and decoding of certificates, the encoding and decoding of PKCS#12 format, and the encoding and decoding of PKCS#7. It also provides a text database that supports certificate management functions, including certificate key generation, request generation, certificate issuance, revocation, and verification.
In fact, the CA application provided by OpenSSL is a small certificate management center (CA), which implements the entire process of certificate issuance and most of the mechanisms of certificate management.
5.SSL and TLS protocols
OpenSSL implements SSLv2 and SSLv3 of the SSL protocol and supports most of the algorithm protocols. OpenSSL also implements TLSv1.0. TLS is a standardized version of SSLv3. Although the difference is not big, there are many details that are different.
Although there are many software that have implemented the functions of OpenSSL, the SSL protocol implemented in OpenSSL can give us a clearer understanding of the SSL protocol, because there are at least two points: First, the SSL protocol implemented by OpenSSL is open For the source code, we can trace every detail of the SSL protocol implementation; secondly, the SSL protocol implemented by OpenSSL is a pure SSL protocol and is not combined with other protocols (such as HTTP), which clarifies the true nature of the SSL protocol.
6. Application
OpenSSL application has become an important part of OpenSSL, and its importance may not have been thought of by the developers of OpenSSL at first. Many of the current OpenSSL applications are based on OpenSSL applications rather than its API. For example, OpenCA is completely implemented using OpenSSL applications. OpenSSL applications are written based on OpenSSL's cryptographic algorithm library and SSL protocol library, so there are also some very good OpenSSL API usage examples. After reading all these examples, you will have a more comprehensive understanding of OpenSSL API usage. Of course, This is also a job that exercises your willpower.
OpenSSL applications provide relatively comprehensive functions. In the eyes of many people, OpenSSL has done everything for itself and does not need to do more development work. Therefore, they also put these applications Become an OpenSSL directive. OpenSSL applications mainly include key generation, certificate management, format conversion, data encryption and signature, SSL testing and other auxiliary configuration functions.
7. Engine Mechanism The Engine mechanism appeared in OpenSSL version 0.9.6. At first, the normal version was separated from the version that supports Engine. By OpenSSL version 0.9.7, the Engine mechanism was integrated into the OpenSSL kernel. , has become an indispensable part of OpenSSL. The purpose of the Engine mechanism is to enable OpenSSL to transparently use software encryption libraries or hardware encryption devices provided by third parties for encryption. OpenSSL's Engine mechanism successfully achieves this goal, which makes OpenSSL not just an encryption library, but provides a universal encryption interface that can coordinate with most encryption libraries or encryption devices. Of course, to make a specific encryption library or encryption device work with OpenSSL, you need to write a small amount of interface code, but the workload is not large, although it still requires a little knowledge of cryptography. The functions of the Engine mechanism are basically the same as the CSP function goals provided by Windows. Currently, OpenSSL version 0.9.7 supports eight types of embedded third-party encryption devices, including: CryptoSwift, nCipher, Atalla, Nuron, UBSEC, Aep, SureWare, and IBM 4758 CCA hardware encryption devices. There is also an Engine interface that supports the PKCS#11 interface, and an interface that supports Microsoft CryptoAPI is also being developed. Of course, support for all the above Engine interfaces may not be comprehensive. For example, one or two public key algorithms may be supported.
8. Auxiliary functions
The BIO mechanism is a high-level IO interface provided by OpenSSL. This interface encapsulates almost all types of IO interfaces, such as memory access, file access, Socket, etc. This greatly improves the reusability of code and reduces the complexity of the API provided by OpenSSL.
OpenSSL also provides a complete set of solutions and supporting API functions for the generation and management of random numbers. The quality of random numbers is an important prerequisite for determining whether a key is secure.
OpenSSL also provides other auxiliary functions, such as the API for generating keys from passwords, the configuration file mechanism in certificate issuance and management, etc. If you are patient enough, you will slowly discover many such small functions during the in-depth use of OpenSSL, giving you constant new surprises.
This article mainly introduces the implementation of encryption and decryption methods based on openssl in php, and analyzes the relevant techniques of phpcustom functionsimplementation of encryption and decryption operations based on openssl in the form of examples. Friends who need it can Refer to the following
The example of this article describes the encryption and decryption method based on openssl in PHP. Share it with everyone for your reference, the details are as follows:
Encryption and decryption method through openssl
1. openssl encryption method:
function encrypt($id){ $id=serialize($id); $key="1112121212121212121212"; $data['iv']=base64_encode(substr('fdakinel;injajdji',0,16)); $data['value']=openssl_encrypt($id, 'AES-256-CBC',$key,0,base64_decode($data['iv'])); $encrypt=base64_encode(json_encode($data)); return $encrypt; }
2. openssl decryption method:
function decrypt($encrypt) { $key = '1112121212121212121212';//解密钥匙 $encrypt = json_decode(base64_decode($encrypt), true); $iv = base64_decode($encrypt['iv']); $decrypt = openssl_decrypt($encrypt['value'], 'AES-256-CBC', $key, 0, $iv); $id = unserialize($decrypt); if($id){ return $id; }else{ return 0; } }
The above is the detailed content of PHP encryption and decryption method based on openssl. For more information, please follow other related articles on the PHP Chinese website!

Nginx是一款广泛应用于Web服务器、负载均衡器、反向代理和缓存的软件。在网络传输过程中,数据的加密和安全性越来越受到关注。为了提高通信的安全性,可以使用OpenSSL库来实现SSL/TLS协议,从而保护敏感数据的传输。本文将讲解如何使用Nginx与OpenSSL库实现更安全的通信。安装与配置OpenSSL库首先,需要在服务器上安装OpenSSL库。可以使

php把负数转为正整数的方法:1、使用abs()函数将负数转为正数,使用intval()函数对正数取整,转为正整数,语法“intval(abs($number))”;2、利用“~”位运算符将负数取反加一,语法“~$number + 1”。

php除以100保留两位小数的方法:1、利用“/”运算符进行除法运算,语法“数值 / 100”;2、使用“number_format(除法结果, 2)”或“sprintf("%.2f",除法结果)”语句进行四舍五入的处理值,并保留两位小数。

判断方法:1、使用“strtotime("年-月-日")”语句将给定的年月日转换为时间戳格式;2、用“date("z",时间戳)+1”语句计算指定时间戳是一年的第几天。date()返回的天数是从0开始计算的,因此真实天数需要在此基础上加1。

如何使用OpenSSL生成MySQLSSL证书简介:MySQL是一种广泛应用的关系型数据库系统,在实际生产环境中使用SSL(SecureSocketsLayer)协议进行加密通信是非常重要的。本文将介绍如何使用OpenSSL工具生成MySQLSSL证书,并提供相应的代码示例。步骤:安装OpenSSL:首先,确保计算机上已安装O

LINUX作为一个开源操作系统,有着广泛的应用和用户群体,CentOS7是LINUX的一个分支版本,它是基于RedHatEnterpriseLinux(RHEL)源代码构建的,具有高度的稳定性和安全性,在CentOS7上安装和配置OpenBLAS和OpenSSL是许多开发者和系统管理员的常见需求,本文将详细介绍如何在CentOS7上安装和配置OpenBLAS和OpenSSL。OpenBLAS是一个开源的基于BLAS(BasicLinearAlgebraSubprograms)接口的高性能数学库,

php判断有没有小数点的方法:1、使用“strpos(数字字符串,'.')”语法,如果返回小数点在字符串中第一次出现的位置,则有小数点;2、使用“strrpos(数字字符串,'.')”语句,如果返回小数点在字符串中最后一次出现的位置,则有。

在PHP中,可以利用implode()函数的第一个参数来设置没有分隔符,该函数的第一个参数用于规定数组元素之间放置的内容,默认是空字符串,也可将第一个参数设置为空,语法为“implode(数组)”或者“implode("",数组)”。


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

AI Hentai Generator
Generate AI Hentai for free.

Hot Article

Hot Tools

SublimeText3 Linux new version
SublimeText3 Linux latest version

Notepad++7.3.1
Easy-to-use and free code editor

Atom editor mac version download
The most popular open source editor

WebStorm Mac version
Useful JavaScript development tools

ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment
