Soul Painter: Cartoon Illustration SSH

OpenSSL itself is a software library, which is widely used in system servers. Its main function is to ensure data consistency and security during data transmission in the process of network communication. The software itself is written in C language, which enables it to have the characteristics of cross-platform. OpenSSL mainly includes the following three functions:

Encryption and decryption: OpenSSL has a rich encryption and decryption algorithm library, supporting different encryption and decryption methods as well as the storage of secret keys, such as symmetric encryption, asymmetric encryption, information digest and so on
SSL protocol: OpenSSL implements SSLv2 and SSLv3 of SSL protocols, and supports most of them
Certificate operation: OpenSSL provides a text database that supports certificate management functions, including certificate key generation, request generation, certificate issuance, revocation, and verification.

Several forms of encryption and decryption

The forms of encryption and decryption are usually divided into the following types:

Symmetric encryption algorithm
Asymmetric encryption algorithm
Irreversible encryption algorithm
Let’s look at each of these encryption algorithms one by one.

Symmetric algorithms

Symmetric algorithm means that the sender and receiver of information use the same secret key to encrypt and decrypt data. AES and DES are commonly used symmetric encryption algorithms.

Symmetric algorithm has the advantage of fast encryption and decryption, and is suitable for large amount of data encryption. The disadvantage is that there is only one secret key, so it is difficult to manage the secret key, once exposed, it is easy to crack the encrypted information.

Asymmetric algorithm

An asymmetric algorithm is one in which the sender and receiver of a message hold a secret key. A public release, called a public key; A private copy is called a secret key. A public key can be exported. RSA and DSA are commonly used asymmetric encryption algorithms.

Generally, the sender uses the public key to encrypt and the receiver uses the private key to decrypt. The public key mechanism is flexible, but the encryption and decryption speed is much slower than symmetric key encryption. In different use scenarios, other use methods can be derived, such as private key encryption and public key decryption.

RSA encryption and decryption algorithm

RSA is a popular asymmetric encryption algorithm that generates the following public and private keys:

OpenSSL rsa in test.key -pubout test_pub.key # test_pub.key "Test" > hello OpenSSL rsautl - encrypt-in hello-inkey test_pub.key -pubin-out hello.en # Private key to decrypt the OpenSSL rsautl file -decrypt -in hello.en -inkey test.key -out hello.deCopy the code

Irreversible encryption algorithm

Irreversible encryption algorithms are mainly used to verify the consistency of files, and digest algorithm is one of them. The common digest algorithm is MD5.

The algorithm

Abstract algorithm is used to change plaintext of any length into a string of characters of fixed length according to certain rules. When doing file consistency check, we usually use the digest algorithm to obtain a string of characters of fixed length and then sign the string of characters. After receiving the file, the receiver also performs the digest algorithm before signing it. If the data is consistent, the file is not tampered during transmission.

base64

In particular, base64 is not an encryption algorithm, it is an encoding method. It can facilitate the conversion between ASCII code and binary code during transmission. Similar to pictures or some text protocols, the transmission process can usually be base64 to binary code transmission.

SSH Encryption Process

The client sends its key ID to the server
The server looks for a public key with this ID in its authorized_keys file
If so, the server generates a random number, encrypted with the public key of the current ID
The server sends the encrypted random number to the client
The client decrypts the random number with the private key and performs MD5 encryption for the random number locally
The client sends the MD5 hash to the server
The server also creates an MD5 hash for the random number it generates at the beginning, encrypts the hash with the “public key” of the communication channel, and compares it with the content sent by the client. If the content is consistent, the access permission is granted to the client

Once you get to know OpenSSL, you’ll be excited about its support for cryptography, so if you’re interested in learning more about what it’s about and experimenting with different encryption methods in different scenarios. A little warning: there will be a follow-up article on writing RSA forward and decryption modules for Python in PyO3.

mo4tech.com (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.

Soul Painter: Cartoon Illustration SSH

Several forms of encryption and decryption

SSH Encryption Process

Recommended reading

Soul Painter: Cartoon Illustration SSH

Several forms of encryption and decryption

SSH Encryption Process

Recommended reading

Related Posts

Event processing model – Event bubbling, capture

Nginx deploys a secondary directory project to access static resources 404 solution

The basic knowledge of JavaScript that the front end must have