OpenSSL Itself is a software library , This software is widely used in the system server , His main function is in the process of network communication , Ensure data consistency and security during data transmission . The software itself is made up of C Language writing , This makes it cross platform ,OpenSSL It mainly includes the following three functions :

  • encryption : OpenSSL It has a rich encryption and decryption algorithm library , Support different encryption and decryption methods and ways to store secret keys , Such as symmetric encryption , Asymmetric encryption , Information summary, etc

  • SSL agreement : OpenSSL Realized SSL Agreed SSLv2 and SSLv3, It supports most of them

  • Certificate Operation : OpenSSL It provides a text database , Support certificate management function , Including the generation of certificate secret key 、 Request generation 、 Certificate issue 、 Revocation and verification .

Several forms of encryption and decryption

The forms of encryption and decryption are usually divided into the following :

  • Symmetric encryption algorithm

  • Asymmetric encryption algorithm

  • Irreversible encryption algorithm

  • Let's look at these encryption algorithms one by one .

Symmetric algorithm

Symmetric algorithm means that the sender and receiver of information use the same secret key to encrypt and decrypt data .AES、DES And so on are commonly used symmetric encryption algorithms .

The advantage of symmetric algorithm is fast encryption and decryption , Suitable for large amount of data encryption . The disadvantage is that there is only one secret key , So key management is difficult , As long as it's exposed , It's easy to crack the encrypted information .

Asymmetric algorithm

Asymmetric algorithm means that the sender and receiver of information hold a secret key respectively . A public release , Call it public key ; A private , Called secret key . The secret key can export the corresponding public key .RSA、DSA And so on are commonly used asymmetric encryption algorithms .

In general , The sender uses a public key to encrypt , The receiver decrypts the message with a private key . The public key mechanism is flexible , But the speed of encryption and decryption is much slower than symmetric key encryption . Under different usage scenarios , Other methods of use will also be derived , Such as private key encryption , Public key decryption .

RSA Encryption and decryption algorithm

RSA It is a popular asymmetric encryption algorithm , The contents of the generated public-private key are as follows :

#  Generate secret key 
OpenSSL genrsa -out test.key 1024
# Export the public key from the secret key
OpenSSL rsa -in test.key -pubout -out test_pub.key
# Public key encryption file
echo "test" > hello
OpenSSL rsautl -encrypt -in hello -inkey test_pub.key -pubin -out hello.en
# Decrypt the file with the private key
OpenSSL rsautl -decrypt -in hello.en -inkey test.key -out

Irreversible encryption algorithm

Irreversible encryption algorithm is mainly used to verify the consistency of files , Abstract algorithm is one of them . The common summary algorithms are MD5.

Abstract algorithm

The algorithm is used to change any length of plaintext into a fixed length string of characters with certain rules . When doing file consistency verification , We usually use the summary algorithm first , Get a fixed length string of characters , Then sign the string of characters . After the recipient receives the document , It will also execute the digest algorithm once before signing . The data are consistent , It means that the file has not been tampered with during transmission .


One thing in particular to note ,base64 Not encryption algorithm , It's a coding method . It can facilitate the transmission process ASCII Conversion between code and binary code . Similar to pictures or some text protocols , In the process of transmission, you can usually use base64 Conversion to binary code process transmission .

SSH Encryption process

  • The client sends its own key ID To the server

  • The server is in its own authorized_keys Find out if this... Exists in the file ID The public key

  • If there is , Then the server generates a random number , Use current ID Public key encryption

  • The server sends the encrypted random number to the client

  • The client decrypts the random number with the private key , Then do... Locally for random numbers MD5 encryption

  • The client will MD5 The hash is sent to the server

  • The server also makes a for the random number generated at the beginning MD5 Hash , Then use the communication channel “ Public key ” Encrypt the hash , Then compare with the content sent by the client . If both parties agree , Then through verification , Open access to clients

Deepen understanding OpenSSL after , Its functional support for cryptography technology will excite you , If you are interested, you can have a deeper understanding of the content and test the use of different encryption methods in different scenarios . Put a little notice : A follow-up article with pyo3 Here it is python To write rsa Forward and reverse encryption and decryption module .

Recommended reading

webpack from 0 To 1 structure vue

MySQL Those common wrong design specifications

Soul painter : Cartoon illustration SSH More articles about

  1. The illustration SSH Principle and two login methods

    SSH(Secure Shell) It's a set of protocol standards , It can be used to achieve secure login and secure data transmission between two machines , The principle of data security is asymmetric encryption . Traditional symmetric encryption uses a set of secret keys , Data encryption and decryption use this ...

  2. ( turn ) The illustration SSH principle

    The illustration SSH principle original text : ...

  3. Explain open source projects : Let you be the soul painter JS engine :Zdog

    The author of this article :HelloGitHub-kalifun HelloGitHub Of < Explain open source projects > series , Project address : ...

  4. The illustration SSH principle

    1. first SSH SSH It's a protocol standard , Its purpose is to realize secure remote login and other secure network services . SSH Just a protocol standard , There are many specific implementations , Existing open source implementation OpenSSH, There are also commercial implementations . The most widely used of course ...

  5. CentOS6.4 Diagram of SSH No authentication two-way login configuration

    To configure SSH No login verification , It is very convenient in many scenarios , Especially when managing large cluster services , Avoid tedious password verification , On servers with higher security levels , Usually the password setting is more complex , To configure SSH, The key can not only ensure the security of communication between nodes , meanwhile ...

  6. The illustration SSH Upload and install eclipse

    install eclipse  step : 1.SSH Upload eclipse tar file 2.linux Next Computer-->FilesSystem-->soft Display the uploaded compressed package 3. decompression eclipse file ...

  7. The illustration SSH Upload and install tomcat

    Installation steps : 1.SSH Upload compressed package 2.[[email protected] soft]# tar  -zxvf apache-tomcat-7.0.61.tar.gz    // Unpack the installation Decompress results 3.[r ...

  8. Hadoop Diagram of starting SSH、 Principle and implementation of secret free login

    1. Preface emmm…. Recently, I learned about big data , Need to build Hadoop frame , When it's done linux After the system , The first thing is SSH Password free login settings . about SSH, I think I've used linux System programmers should be no stranger . But , To use ...

  9. The illustration SSH Tunnel function

    SSH Can be right SSH The network communication between client and server provides encryption function , and SSH The port forwarding function of can also transfer other TCP The network data of the port passes through SSH Connect to forward , And automatically provide corresponding encryption and decryption services , This process is also known as “ Tunnel ”(t ...

  10. The illustration SSH principle _20190613

    SSH Just a protocol standard , There are many specific implementations , Existing open source implementation OpenSSH, There are also commercial implementations . Of course, the most widely used is open source implementation OpenSSH. 2. SSH working principle In the discussion SSH Principle and before use , We need points ...

Random recommendation

  1. jQuery Common element search methods for selectors in

    jQuery Common element search methods for selectors in Basic selector : $("#myELement")    choice id The value is equal to myElement The elements of ,id The value cannot be repeated. There can only be one... In the document id The value is myE ...

  2. 【 Catalog 】 Microsoft Infer.NET Machine learning component article directory

    Links to the general catalog of all articles in this blog : 1. Microsoft Infer.NET Machine learning component catalog 1. Infer.NET Serial ( One ...

  3. jquery Set the element's readonly And diabled Attribute method

    cppy from : Jquery Of api Application to elements is provided in ...

  4. jQuery Dynamic alignment of tables Table Add or delete rows and modify column values

    jQuery, Not only can you do a lot with a small amount of code , And good compatibility ( Various browsers , Various versions ). The following is used jQuery Dynamic alignment of tables Table Add or delete rows and modify column values 1.jQuery Code <script ...

  5. CSS There are 18 moves of strange skills   I began to think I could write CSS It's been a while , We often encounter some very practical techniques that are constantly used over and over again , But I personally think it's difficult for beginners to learn from ...

  6. java The state pattern Explain the demo sample code

    package org.rui.pattern; import junit.framework.*; /** * To make the same method call produce different behaviors ,State Patterns in proxy (surrogate) Of ...

  7. Linux shell The vertical lines (|)——…

    Original address :Linux shell The vertical lines (|)-- Pipeline symbol author : Xiaoxiao Pipe symbol , yes unix A very powerful function , The symbol is a vertical line :"|". usage : command 1 | command ...

  8. python Use the context manager to implement sqlite3 Transaction mechanism

    As the title , This article records how to use python The way context manager manages sqlite3 Handle creation and release and transaction mechanism . 1.python Context management (with) python Context management (context), The solution is this kind of ...

  9. python Geographic data processing library geopy python Geographic processing python Geocoding addresses and libraries for handling latitude and longitude GeoDjan ...

  10. Ali EasyExcel Use and avoid pits

    github Address : Originally used in the project EasyPoi Read excel, Later, in order to unify the technical solution , Use Ali's EasyExcel.EasyE ...