OpenSSL Itself is a software library , This software is widely used in the system server , His main function is in the process of network communication , Ensure data consistency and security during data transmission . The software itself is made up of C Language writing , This makes it cross platform ,OpenSSL It mainly includes the following three functions :
encryption ： OpenSSL It has a rich encryption and decryption algorithm library , Support different encryption and decryption methods and ways to store secret keys , Such as symmetric encryption , Asymmetric encryption , Information summary, etc
SSL agreement ： OpenSSL Realized SSL Agreed SSLv2 and SSLv3, It supports most of them
Certificate Operation ： OpenSSL It provides a text database , Support certificate management function , Including the generation of certificate secret key 、 Request generation 、 Certificate issue 、 Revocation and verification .
Several forms of encryption and decryption
The forms of encryption and decryption are usually divided into the following ：
Symmetric encryption algorithm
Asymmetric encryption algorithm
Irreversible encryption algorithm
Let's look at these encryption algorithms one by one .
Symmetric algorithm means that the sender and receiver of information use the same secret key to encrypt and decrypt data .AES、DES And so on are commonly used symmetric encryption algorithms .
The advantage of symmetric algorithm is fast encryption and decryption , Suitable for large amount of data encryption . The disadvantage is that there is only one secret key , So key management is difficult , As long as it's exposed , It's easy to crack the encrypted information .
Asymmetric algorithm means that the sender and receiver of information hold a secret key respectively . A public release , Call it public key ; A private , Called secret key . The secret key can export the corresponding public key .RSA、DSA And so on are commonly used asymmetric encryption algorithms .
In general , The sender uses a public key to encrypt , The receiver decrypts the message with a private key . The public key mechanism is flexible , But the speed of encryption and decryption is much slower than symmetric key encryption . Under different usage scenarios , Other methods of use will also be derived , Such as private key encryption , Public key decryption .
RSA Encryption and decryption algorithm
RSA It is a popular asymmetric encryption algorithm , The contents of the generated public-private key are as follows ：
# Generate secret key OpenSSL genrsa -out test.key 1024 # Export the public key from the secret key OpenSSL rsa -in test.key -pubout -out test_pub.key # Public key encryption file echo "test" > hello OpenSSL rsautl -encrypt -in hello -inkey test_pub.key -pubin -out hello.en # Decrypt the file with the private key OpenSSL rsautl -decrypt -in hello.en -inkey test.key -out hello.de
Irreversible encryption algorithm
Irreversible encryption algorithm is mainly used to verify the consistency of files , Abstract algorithm is one of them . The common summary algorithms are MD5.
The algorithm is used to change any length of plaintext into a fixed length string of characters with certain rules . When doing file consistency verification , We usually use the summary algorithm first , Get a fixed length string of characters , Then sign the string of characters . After the recipient receives the document , It will also execute the digest algorithm once before signing . The data are consistent , It means that the file has not been tampered with during transmission .
One thing in particular to note ,base64 Not encryption algorithm , It's a coding method . It can facilitate the transmission process ASCII Conversion between code and binary code . Similar to pictures or some text protocols , In the process of transmission, you can usually use base64 Conversion to binary code process transmission .
SSH Encryption process
The client sends its own key ID To the server
The server is in its own authorized_keys Find out if this... Exists in the file ID The public key
If there is , Then the server generates a random number , Use current ID Public key encryption
The server sends the encrypted random number to the client
The client decrypts the random number with the private key , Then do... Locally for random numbers MD5 encryption
The client will MD5 The hash is sent to the server
The server also makes a for the random number generated at the beginning MD5 Hash , Then use the communication channel “ Public key ” Encrypt the hash , Then compare with the content sent by the client . If both parties agree , Then through verification , Open access to clients
Deepen understanding OpenSSL after , Its functional support for cryptography technology will excite you , If you are interested, you can have a deeper understanding of the content and test the use of different encryption methods in different scenarios . Put a little notice : A follow-up article with pyo3 Here it is python To write rsa Forward and reverse encryption and decryption module .