OpenSSL: Unterschied zwischen den Versionen

OpenSSL Version 1.1.1

Encryption for
- data
- communication
- traffic
- secret
- signing
plain --> cipher

Terminology
Plain text (human readable)
Cipher text (not human readable)
Encryption (process)
Symmetric encryption (type of encryption)
Asymmetric encryption (type of encryption)
Symmetric key (symmetric encryption)
AES - Advanced Encryption Standard (algorithm for encryption)

Types of encryption

Symmetric encryption ==> Same key for encrypt/decrypt
 Algorithms examples:
 - AES
 - DES
 - Triple DES
 - Serpent
 - Twofish

Asymmetric encryption ==> Different key for encrypt/decrypt
 Algorithms examples:
 - RSA
 - DSA
 - PGP
 - SHA-1
 - SHA-2
 - SHA-24
 - SHA-256
 - SHA-512
 - Diffie-Hellman
 - ElGamal
 - ECC

Key length & keyspace

Binary System -> 0|1
1 Bit -> 0|1 # on|off # true|false # 
128-bit key
Key length =
Key space = 

Classification of symmetric algorithms

Stream ciphers -> RC4, A5/1, E0
Block ciphers -> AES, DES, SHA, IDEA, SERPENT, TWOFISH

$ whereis openssl
$ which openssl
$ openssl rsautl

$ openssl version
$ openssl help
$ openssl help list
$ openssl list -help
 Valid options are:
 -help                   Display this summary
 -1                      List in one column
 -commands               List of standard commands
 -digest-commands        List of message digest commands
 -digest-algorithms      List of message digest algorithms
 -cipher-commands        List of cipher commands
 -cipher-algorithms      List of cipher algorithms
 -public-key-algorithms  List of public key algorithms
 -public-key-methods     List of public key methods
 -disabled               List of disabled features
 -missing-help           List missing detailed help strings
 -options val            List options for specified command

Terminology of asymmetric encryption

Asymmetric key/keys (1 for encryption, 1 for decryption)
Key pair, private and public key
Public key, part of asymmetric key, for encryption
Private key for decryption

Symmetric encryption/decryption with gpg

$ gpg --symmetric --cipher-algo AES256 --output file.gpg file.txt
$ gpg --decrypt --output file.txt file.gpg

Symmetric encryption with openssl

 $ openssl enc -aes-256-cbc -in sslmessage -out sslmessage.enc
 $ openssl enc -aes-256-cbc -salt -pbkdf2 -in msg.txt -out msg.txt.enc

Symmetric decryption with openssl

$ openssl enc -aes-256-cbc -d -in sslmessage -pass pass:test
$ openssl aes-256-cbc -d -salt -pbkdf2 -in msg.txt.enc -out msg.read
$ openssl aes-256-cbc -d -salt -pbkdf2 -in msg.txt.enc -out msg.read -pass pass:test

Asymmetric encryption with openssl

Generate a private key

OpenSSL Quick Reference Guide
Creating private keys and certificates IBM
https://gist.github.com/briansmith/2ee42439923d8e65a266994d0f70180b

When generating a key, you have to decide three things: the key algorithm, the key size, and whether to use a passphrase.
1. Key Algorithm
2. Key Size
3. Passphrase

PEM, DER, CRT und CER: X.509-Codierungen und -Konvertierungen
PEM (ursprünglich “PRivalität Everbessert Mail ”) 
DER (Distinguished Encoding Rules) 

Can we have multiple public keys with a single private key for RSA?
In practice and with respect to security, no, mathematically, yes

Use RSA private key to generate public key?

Private-Key with RSA
$ openssl genrsa -out key1.pem 512
$ openssl genrsa -out key1.pem 4096
$ openssl genrsa -des3 -out key1.pem 2048 (With password)

Private-Key with ECDSA
For a list of possible curve names, run:
$ openssl ecparam -list_curves
$ openssl ecparam -name secp521r1 -genkey -noout -out my.key.pem
$ openssl ecparam -genkey -name secp521r1 | openssl ec -aes256 -out my.key.pem (With password)

$ openssl ecparam -name prime256v1 -genkey -noout -out key.pem

openssl-generated-key-file What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

Generate a public key from private key

$ openssl rsa -in key1.pem -outform PEM -pubout -out key1.pub
$ openssl rsa -in key1_private_key.pem -outform PEM -pubout -out key1_public_key.pem
 
 Generate random key
$ openssl rand -hex -out key1_random_key.bin 64

Display information

 $ openssl rsa -in key1.pem  -text
 $ openssl rsa -in key1.pem  -text -noout

Encrypt

$ openssl rsa -in key1.pem -des3 -out key1.enc
$ openssl genrsa -des3 -out key1.enc
$ openssl enc -aes-256-cbc -salt -in SecretFile -out SecretFile.enc -pass file:user1_random_key.bin
$ file SecretFile.enc

Decrypt

$ openssl rsa -in key1_enc.pem -outform PEM -pubout -out mypublickey1.pem

Datenintegrität

Was ist Datenintegrität?
 Der Begriff Datenintegrität bezieht sich auf die Korrektheit, Vollständigkeit und Konsistenz von Daten.
- Nicht verändert worden
- Identifizierung des Senders
 Identifizierung oder Identifikation (von lateinisch identitas „Wesenheit" und facere „machen") steht für: . Identifikation (Psychologie), das Einfühlen in eine andere Person oder Figur der Nachweis oder die  Verifizierung einer behaupteten Eigenschaft einer Entität, die Authentifizierung; bei Personen die amtliche Identitätsfeststellung
 Identifizierung | Wikipedia
- repudiation attack

Hashing

FUNCTION(DATEN)=HASHWERT

CHECKSUM

echo -n "TEXT" | cksum
md5sum SecretFile > checksum.txt
md5sum -c checksum.txt

Digitale Signatur

openssl rsautl
openssl dgst

openssl genrsa -des3 -out user2_private_key.pem 2048
openssl rsa -in user2_private_key.pem -outform PEM -pubout -out user2_public_key.pem
openssl rand -hex -out user1_random_key.bin 64
openssl enc -aes-256-cbc -salt -in SecretFile -out SecretFile.enc -pass file:user1_random_key.bin
openssl rsautl -encrypt -inkey user