When mentioning OpenSSL, SSL must first be mentioned. Probably no one wants their online activities to be monitored by other Internet users when we go online on a daily basis. Therefore, a protocol is needed to protect our network communications. The SSL protocol was developed based on this working background. It can prevent the communication between the user and the server application from being eavesdropped by attackers, and always authenticate the server and optionally authenticate the user.
Normally, the SSL protocol is based on the reliable Transport Layer Protocol (TCP). The advantage of the SSL protocol is that it is independent of application layer protocols. High-level application layer protocols (such as HTTP, FTP, TELNET, etc.) can be transparently built on the SSL protocol. Before application layer protocol communication, the SSL protocol has already completed the processing of encryption algorithms, negotiation of communication keys, and server authentication. All data transmitted through application layer protocols will be encrypted to ensure the confidentiality of communication.
sThe so-called encryption is nothing more than converting plaintext into ciphertext through some mechanism. During network communication, the encryption security mechanisms used are: symmetric encryption, public key encryption, and one-way encryption.
Characteristics and defects of symmetric encryption: Encryption and decryption use the same key to divide the plaintext into fixed-size blocks and encrypt them one by one. The disadvantage is that both communicating parties have too many keys to manage, and key distribution is difficult. Its encryption algorithms are: DES, 3DES, and AES.
Public key encryption has the following characteristics: its keys appear in pairs, and commonly used encryption algorithms include RSA and DSA. Its uses are: first, for identity authentication: the sender uses its own private key to encrypt data, and the receiver uses its public key to decrypt; second, for key exchange: the sender uses the receiver's public key to encrypt data, and the receiver The party decrypts it using its own private key. The public key is extracted from the private key
Characteristics of one-way encryption: directional output, with avalanche effect. The encryption algorithms include MD5, SHA1, SHA256, SHA384 and SHA512. Characteristics commonly used to extract data.
On April 10 this year, the security protocol OpenSSL exposed the most serious security vulnerability of the year, "Heartbleed". Make people start to pay attention to this open source protocol. So what exactly is OpenSSL? In fact, OpenSSL can be regarded as an SSL library, consisting of three major components: the openssl multi-purpose command line tool, the public encryption library libcrypto, and the SSL protocol library libssl.
openssl multi-purpose command line tool can be used to implement symmetric encryption:
File-out encrypted file output path
openssl enc -d -Symmetric encryption algorithm-a -salt -in File to be decrypted -out Decrypted file output path
For example, decrypt the above encrypted file: openssl enc -d -des3 -a -salt -in /tmp/fstab -out /tmp/Fstab
Key exchange in public key encryption: (umask 077; openssl genrsa -out output private key file path)
Extract the public key from the private key: openssl rsa -in private Key file path-pubout
Note: () indicates that the command is executed in a subshell, umask 077 ensures access to the private key file
one-way encryption: openssl dgst -md5|-sha1 -out file output path file to be encrypted
## It can also be used to generate user passwords: openssl passwd -1 -salt SALT_STRING user password
It can also be used togenerate random numbers: openssl rand -hex number of bytes
The above is the detailed content of How to perform encryption and decryption in OpenSSL basics. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
MantisBT
Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
Dreamweaver CS6
Visual web development tools
DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software
ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment
