OpenSSL: Unterschied zwischen den Versionen

Zur Navigation springen Zur Suche springen
(50 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 1: Zeile 1:
== '''OpenSSL Version 1.1.1''' ==
== '''OpenSSL Version 1.1.1''' ==
  '''Encryption for:'''
  '''Encryption for'''
  - data
  - data
  - communication
  - communication
Zeile 8: Zeile 8:
  - signing
  - signing
  '''''plain --> cipher'''''
  '''''plain --> cipher'''''
Plain text (human readable)
Cipher text (not human readable)
Encryption (process)
Symmetric encryption (type of encryption)
Asymmetric encryption (type of encryption)
Symmetric key (symmetric encryption)
AES - Advanced Encryption Standard (algorithm for encryption)
== '''Types of encryption''' ==
== '''Types of encryption''' ==
Zeile 29: Zeile 38:
   - SHA-256
   - SHA-256
   - SHA-512
   - SHA-512
  - Diffie-Hellman
  - ElGamal
  - ECC
== '''Key length & keyspace''' ==
Binary System -> 0|1
1 Bit -> 0|1 # on|off # true|false #
128-bit key
Key length =
Key space =
== '''Classification of symmetric algorithms''' ==
Stream ciphers -> RC4, A5/1, E0
  '''$ whereis openssl'''
  '''$ whereis openssl'''
Zeile 53: Zeile 75:
   -options val            List options for specified command
   -options val            List options for specified command
== '''Terminology of asymmetric encryption''' ==
Asymmetric key/keys (1 for encryption, 1 for decryption)
Key pair, private and public key
Public key, part of asymmetric key, for encryption
Private key for decryption
== '''Symmetric encryption/decryption with gpg''' ==
'''$ gpg --symmetric --cipher-algo AES256 --output file.gpg file.txt'''
'''$ gpg --decrypt --output file.txt file.gpg'''
== '''Symmetric encryption with openssl''' ==
== '''Symmetric encryption with openssl''' ==
   '''$ openssl enc -aes-256-cbc -in sslmessage -out sslmessage.enc'''
   '''$ openssl enc -aes-256-cbc -in sslmessage -out sslmessage.enc'''
  '''$ openssl enc -aes-256-cbc -salt -pbkdf2 -in msg.txt -out msg.txt.enc'''
== '''Symmetric decryption with openssl''' ==
== '''Symmetric decryption with openssl''' ==
  '''$ openssl enc -aes-256-cbc -d -in sslmessage -pass pass:test'''
'''$ openssl enc -aes-256-cbc -d -in sslmessage -pass pass:test'''
'''$ openssl aes-256-cbc -d -salt -pbkdf2 -in msg.txt.enc -out'''
'''$ openssl aes-256-cbc -d -salt -pbkdf2 -in msg.txt.enc -out -pass pass:test'''
== '''Asymmetric encryption with openssl, generate private key''' ==
== '''Asymmetric encryption with openssl''' ==
===== Kopfzeile =====
===== Generate a private key =====
  $ openssl genrsa -out key1.pem 512
  [ OpenSSL Quick Reference Guide]
  $ openssl genrsa -out key1.pem 4096
  [ Creating private keys and certificates IBM]
  generate public key from private key
  When generating a key, you have to decide three things: the key algorithm, the key size, and whether to use a passphrase.
  $ openssl rsa -in key1.pem -outform PEM -pubout -out
  1. Key Algorithm
2. Key Size
3. Passphrase
  $ openssl rsa -in key1.pem  -text
  '''[  PEM, DER, CRT und CER: X.509-Codierungen und -Konvertierungen]'''
  $ openssl rsa -in key1.pem  -noout
'''PEM (ursprünglich “PRivalität Everbessert Mail ”) '''
'''DER (Distinguished Encoding Rules) '''
[ Can we have multiple public keys with a single private key for RSA?]
'''In practice and with respect to security, no, mathematically, yes'''
[ Use RSA private key to generate public key?]
'''Private-Key with RSA'''
'''$ openssl genrsa -out key1.pem 512'''
  '''$ openssl genrsa -out key1.pem 4096'''
  '''$ openssl genrsa -des3 -out key1.pem 2048''' (With password)
'''Private-Key with ECDSA'''
For a list of possible curve names, run:
'''$ openssl ecparam -list_curves'''
  '''$ openssl ecparam -name secp521r1 -genkey -noout -out my.key.pem'''
'''$ openssl ecparam -genkey -name secp521r1 | openssl ec -aes256 -out my.key.pem''' (With password)
'''$ openssl ecparam -name prime256v1 -genkey -noout -out key.pem'''
  [ openssl-generated-key-file What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?]
  $ openssl rsa -in key1.pem -des3 -out key1.enc
  $ openssl genrsa -des3 -out key1.enc
===== Generate a public key from private key =====
'''$ openssl rsa -in key1.pem -outform PEM -pubout -out'''
'''$ openssl rsa -in key1_private_key.pem -outform PEM -pubout -out key1_public_key.pem'''
  ''Generate random key''
'''$ openssl rand -hex -out key1_random_key.bin 64'''
''Display information''
  '''$ openssl rsa -in key1.pem  -text'''
  '''$ openssl rsa -in key1.pem  -text -noout'''
===== Encrypt =====
  '''$ openssl rsa -in key1.pem -des3 -out key1.enc'''
  '''$ openssl genrsa -des3 -out key1.enc'''
'''$ openssl enc -aes-256-cbc -salt -in SecretFile -out SecretFile.enc -pass file:user1_random_key.bin'''
'''$ file SecretFile.enc'''
===== Decrypt =====
'''$ openssl rsa -in key1_enc.pem -outform PEM -pubout -out mypublickey1.pem'''
===== Datenintegrität =====
Was ist Datenintegrität?
  Der Begriff Datenintegrität bezieht sich auf die Korrektheit, Vollständigkeit und Konsistenz von Daten.
- '''Nicht verändert worden'''
- '''Identifizierung des Senders'''
  Identifizierung oder Identifikation (von lateinisch identitas „Wesenheit" und facere „machen") steht für: . Identifikation (Psychologie), das Einfühlen in eine andere Person oder Figur der Nachweis oder die  Verifizierung einer behaupteten Eigenschaft einer Entität, die Authentifizierung; bei Personen die amtliche Identitätsfeststellung
  [ Identifizierung | Wikipedia]
- '''repudiation attack'''
===== Hashing =====
===== CHECKSUM =====
'''echo -n "TEXT" | cksum'''
'''md5sum SecretFile > checksum.txt'''
'''md5sum -c checksum.txt'''
===== Digitale Signatur =====
'''openssl rsautl'''
'''openssl dgst'''
'''openssl genrsa -des3 -out user2_private_key.pem 2048'''
'''openssl rsa -in user2_private_key.pem -outform PEM -pubout -out user2_public_key.pem'''
'''openssl rand -hex -out user1_random_key.bin 64'''
'''openssl enc -aes-256-cbc -salt -in SecretFile -out SecretFile.enc -pass file:user1_random_key.bin'''
'''openssl rsautl -encrypt -inkey user'''

Aktuelle Version vom 11. März 2022, 11:12 Uhr

OpenSSL Version 1.1.1

Encryption for
- data
- communication
- traffic
- secret
- signing
plain --> cipher
Plain text (human readable)
Cipher text (not human readable)
Encryption (process)
Symmetric encryption (type of encryption)
Asymmetric encryption (type of encryption)
Symmetric key (symmetric encryption)
AES - Advanced Encryption Standard (algorithm for encryption)

Types of encryption

Symmetric encryption ==> Same key for encrypt/decrypt
 Algorithms examples:
 - AES
 - DES
 - Triple DES
 - Serpent
 - Twofish
Asymmetric encryption ==> Different key for encrypt/decrypt
 Algorithms examples:
 - RSA
 - DSA
 - PGP
 - SHA-1
 - SHA-2
 - SHA-24
 - SHA-256
 - SHA-512
 - Diffie-Hellman
 - ElGamal
 - ECC

Key length & keyspace

Binary System -> 0|1
1 Bit -> 0|1 # on|off # true|false # 
128-bit key
Key length =
Key space = 

Classification of symmetric algorithms

Stream ciphers -> RC4, A5/1, E0
$ whereis openssl
$ which openssl
$ openssl rsautl
$ openssl version
$ openssl help
$ openssl help list
$ openssl list -help
 Valid options are:
 -help                   Display this summary
 -1                      List in one column
 -commands               List of standard commands
 -digest-commands        List of message digest commands
 -digest-algorithms      List of message digest algorithms
 -cipher-commands        List of cipher commands
 -cipher-algorithms      List of cipher algorithms
 -public-key-algorithms  List of public key algorithms
 -public-key-methods     List of public key methods
 -disabled               List of disabled features
 -missing-help           List missing detailed help strings
 -options val            List options for specified command

Terminology of asymmetric encryption

Asymmetric key/keys (1 for encryption, 1 for decryption)
Key pair, private and public key
Public key, part of asymmetric key, for encryption
Private key for decryption

Symmetric encryption/decryption with gpg

$ gpg --symmetric --cipher-algo AES256 --output file.gpg file.txt
$ gpg --decrypt --output file.txt file.gpg

Symmetric encryption with openssl

 $ openssl enc -aes-256-cbc -in sslmessage -out sslmessage.enc
 $ openssl enc -aes-256-cbc -salt -pbkdf2 -in msg.txt -out msg.txt.enc

Symmetric decryption with openssl

$ openssl enc -aes-256-cbc -d -in sslmessage -pass pass:test
$ openssl aes-256-cbc -d -salt -pbkdf2 -in msg.txt.enc -out
$ openssl aes-256-cbc -d -salt -pbkdf2 -in msg.txt.enc -out -pass pass:test

Asymmetric encryption with openssl

Generate a private key
OpenSSL Quick Reference Guide
Creating private keys and certificates IBM
When generating a key, you have to decide three things: the key algorithm, the key size, and whether to use a passphrase.
1. Key Algorithm
2. Key Size
3. Passphrase
PEM, DER, CRT und CER: X.509-Codierungen und -Konvertierungen
PEM (ursprünglich “PRivalität Everbessert Mail ”) 
DER (Distinguished Encoding Rules) 
Can we have multiple public keys with a single private key for RSA?
In practice and with respect to security, no, mathematically, yes
Use RSA private key to generate public key?
Private-Key with RSA
$ openssl genrsa -out key1.pem 512
$ openssl genrsa -out key1.pem 4096
$ openssl genrsa -des3 -out key1.pem 2048 (With password)
Private-Key with ECDSA
For a list of possible curve names, run:
$ openssl ecparam -list_curves
$ openssl ecparam -name secp521r1 -genkey -noout -out my.key.pem
$ openssl ecparam -genkey -name secp521r1 | openssl ec -aes256 -out my.key.pem (With password)
$ openssl ecparam -name prime256v1 -genkey -noout -out key.pem

openssl-generated-key-file What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?
Generate a public key from private key
$ openssl rsa -in key1.pem -outform PEM -pubout -out
$ openssl rsa -in key1_private_key.pem -outform PEM -pubout -out key1_public_key.pem
 Generate random key
$ openssl rand -hex -out key1_random_key.bin 64
Display information

 $ openssl rsa -in key1.pem  -text
 $ openssl rsa -in key1.pem  -text -noout
$ openssl rsa -in key1.pem -des3 -out key1.enc
$ openssl genrsa -des3 -out key1.enc
$ openssl enc -aes-256-cbc -salt -in SecretFile -out SecretFile.enc -pass file:user1_random_key.bin
$ file SecretFile.enc
$ openssl rsa -in key1_enc.pem -outform PEM -pubout -out mypublickey1.pem
Was ist Datenintegrität?
 Der Begriff Datenintegrität bezieht sich auf die Korrektheit, Vollständigkeit und Konsistenz von Daten.
- Nicht verändert worden
- Identifizierung des Senders
 Identifizierung oder Identifikation (von lateinisch identitas „Wesenheit" und facere „machen") steht für: . Identifikation (Psychologie), das Einfühlen in eine andere Person oder Figur der Nachweis oder die  Verifizierung einer behaupteten Eigenschaft einer Entität, die Authentifizierung; bei Personen die amtliche Identitätsfeststellung
 Identifizierung | Wikipedia
- repudiation attack
echo -n "TEXT" | cksum
md5sum SecretFile > checksum.txt
md5sum -c checksum.txt
Digitale Signatur
openssl rsautl
openssl dgst
openssl genrsa -des3 -out user2_private_key.pem 2048
openssl rsa -in user2_private_key.pem -outform PEM -pubout -out user2_public_key.pem
openssl rand -hex -out user1_random_key.bin 64
openssl enc -aes-256-cbc -salt -in SecretFile -out SecretFile.enc -pass file:user1_random_key.bin
openssl rsautl -encrypt -inkey user