How to perform encryption and decryption in OpenSSL basics

When mentioning OpenSSL, SSL must first be mentioned. Probably no one wants their online activities to be monitored by other Internet users when we go online on a daily basis. Therefore, a protocol is needed to protect our network communications. The SSL protocol was developed based on this working background. It can prevent the communication between the user and the server application from being eavesdropped by attackers, and always authenticate the server and optionally authenticate the user.

Normally, the SSL protocol is based on the reliable Transport Layer Protocol (TCP). The advantage of the SSL protocol is that it is independent of application layer protocols. High-level application layer protocols (such as HTTP, FTP, TELNET, etc.) can be transparently built on the SSL protocol. Before application layer protocol communication, the SSL protocol has already completed the processing of encryption algorithms, negotiation of communication keys, and server authentication. All data transmitted through application layer protocols will be encrypted to ensure the confidentiality of communication.

sThe so-called encryption is nothing more than converting plaintext into ciphertext through some mechanism. During network communication, the encryption security mechanisms used are: symmetric encryption, public key encryption, and one-way encryption.

Characteristics and defects of symmetric encryption: Encryption and decryption use the same key to divide the plaintext into fixed-size blocks and encrypt them one by one. The disadvantage is that both communicating parties have too many keys to manage, and key distribution is difficult. Its encryption algorithms are: DES, 3DES, and AES.

Public key encryption has the following characteristics: its keys appear in pairs, and commonly used encryption algorithms include RSA and DSA. Its uses are: first, for identity authentication: the sender uses its own private key to encrypt data, and the receiver uses its public key to decrypt; second, for key exchange: the sender uses the receiver's public key to encrypt data, and the receiver The party decrypts it using its own private key. The public key is extracted from the private key

Characteristics of one-way encryption: directional output, with avalanche effect. The encryption algorithms include MD5, SHA1, SHA256, SHA384 and SHA512. Characteristics commonly used to extract data.

On April 10 this year, the security protocol OpenSSL exposed the most serious security vulnerability of the year, "Heartbleed". Make people start to pay attention to this open source protocol. So what exactly is OpenSSL? In fact, OpenSSL can be regarded as an SSL library, consisting of three major components: the openssl multi-purpose command line tool, the public encryption library libcrypto, and the SSL protocol library libssl.

openssl multi-purpose command line tool can be used to implement symmetric encryption:

                                                                                                 File-out encrypted file output path

For example, use the DES3 algorithm to encrypt the file /etc/fstab: openssl enc -e -des3 -a -salt -in /etc /fstab -out /tmp/fstab

Encryption result:

Decryption:

openssl enc -d -Symmetric encryption algorithm-a -salt -in File to be decrypted -out Decrypted file output path

For example, decrypt the above encrypted file: openssl enc -d -des3 -a -salt -in /tmp/fstab -out /tmp/Fstab

Decryption result:

Can also be used for

Key exchange in public key encryption: (umask 077; openssl genrsa -out output private key file path)

           

Extract the public key from the private key: openssl rsa -in private Key file path-pubout

Note: () indicates that the command is executed in a subshell, umask 077 ensures access to the private key file

It can also be used for

one-way encryption: openssl dgst -md5|-sha1 -out file output path file to be encrypted

For example, Encrypt /etc/passwd using md5: openssl dgst -md5 -out /tmp/md5passwd /etc/passwd

## It can also be used to generate user passwords: openssl passwd -1 -salt SALT_STRING user password

It can also be used togenerate random numbers: openssl rand -hex number of bytes

The above is the detailed content of How to perform encryption and decryption in OpenSSL basics. For more information, please follow other related articles on the PHP Chinese website!