OpenSSL

Aus robopagex.com
Zur Navigation springen Zur Suche springen

OpenSSL Version 1.1.1

Encryption for
- data
- communication
- traffic
- secret
- signing
plain --> cipher

Terminology
Plain text (human readable)
Cipher text (not human readable)
Encryption (process)
Symmetric encryption (type of encryption)
Asymmetric encryption (type of encryption)
Symmetric key (symmetric encryption)
AES - Advanced Encryption Standard (algorithm for encryption)

Types of encryption

Symmetric encryption ==> Same key for encrypt/decrypt
 Algorithms examples:
 - AES
 - DES
 - Triple DES
 - Serpent
 - Twofish

Asymmetric encryption ==> Different key for encrypt/decrypt
 Algorithms examples:
 - RSA
 - DSA
 - PGP
 - SHA-1
 - SHA-2
 - SHA-24
 - SHA-256
 - SHA-512
 - Diffie-Hellman
 - ElGamal
 - ECC

Key length & keyspace

Binary System -> 0|1
1 Bit -> 0|1 # on|off # true|false # 
128-bit key
Key length =
Key space =

Classification of symmetric algorithms

Stream ciphers -> RC4, A5/1, E0
Block ciphers -> AES, DES, SHA, IDEA, SERPENT, TWOFISH

$ whereis openssl
$ which openssl
$ openssl rsautl

$ openssl version
$ openssl help
$ openssl help list
$ openssl list -help
 Valid options are:
 -help                   Display this summary
 -1                      List in one column
 -commands               List of standard commands
 -digest-commands        List of message digest commands
 -digest-algorithms      List of message digest algorithms
 -cipher-commands        List of cipher commands
 -cipher-algorithms      List of cipher algorithms
 -public-key-algorithms  List of public key algorithms
 -public-key-methods     List of public key methods
 -disabled               List of disabled features
 -missing-help           List missing detailed help strings
 -options val            List options for specified command

Terminology of asymmetric encryption

Asymmetric key/keys (1 for encryption, 1 for decryption)
Key pair, private and public key
Public key, part of asymmetric key, for encryption
Private key for decryption

Symmetric encryption/decryption with gpg

$ gpg --symmetric --cipher-algo AES256 --output file.gpg file.txt
$ gpg --decrypt --output file.txt file.gpg

Symmetric encryption with openssl

 $ openssl enc -aes-256-cbc -in sslmessage -out sslmessage.enc
 $ openssl enc -aes-256-cbc -salt -pbkdf2 -in msg.txt -out msg.txt.enc

Symmetric decryption with openssl

$ openssl enc -aes-256-cbc -d -in sslmessage -pass pass:test
$ openssl aes-256-cbc -d -salt -pbkdf2 -in msg.txt.enc -out msg.read
$ openssl aes-256-cbc -d -salt -pbkdf2 -in msg.txt.enc -out msg.read -pass pass:test

Asymmetric encryption with openssl

Generate a private key
$ openssl genrsa -out key1.pem 512
$ openssl genrsa -out key1.pem 4096
$ openssl genrsa -des3 -out key1_private_key.pem 2048

openssl-generated-key-file What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?
Generate a public key from private key
$ openssl rsa -in key1.pem -outform PEM -pubout -out key1.pub
$ openssl rsa -in key1_private_key.pem -outform PEM -pubout -out key1_public_key.pem
 
 Generate random key
$ openssl rand -hex -out key1_random_key.bin 64

Display information

 $ openssl rsa -in key1.pem  -text
 $ openssl rsa -in key1.pem  -text -noout
Encrypt
$ openssl rsa -in key1.pem -des3 -out key1.enc
$ openssl genrsa -des3 -out key1.enc
$ openssl enc -aes-256-cbc -salt -in SecretFile -out SecretFile.enc -pass file:user1_random_key.bin
$ file SecretFile.enc
Decrypt
$ openssl rsa -in key1_enc.pem -outform PEM -pubout -out mypublickey1.pem
Abgerufen von „http://robopagex.com/index.php?title=OpenSSL&oldid=352