Soul painter: cartoon illustration SSH

Shoot the clouds again 2021-09-15 10:01:04

OpenSSL Itself is a software library , This software is widely used in the system server , His main function is in the process of network communication , Ensure data consistency and security during data transmission . The software itself is made up of C Language writing , This makes it cross platform ,OpenSSL It mainly includes the following three functions :

  • encryption : OpenSSL It has a rich encryption and decryption algorithm library , Support different encryption and decryption methods and ways to store secret keys , Such as symmetric encryption , Asymmetric encryption , Information summary, etc

  • SSL agreement : OpenSSL Realized SSL Agreed SSLv2 and SSLv3, It supports most of them

  • Certificate Operation : OpenSSL It provides a text database , Support certificate management function , Including the generation of certificate secret key 、 Request generation 、 Certificate issue 、 Revocation and verification .

Several forms of encryption and decryption

The forms of encryption and decryption are usually divided into the following :

  • Symmetric encryption algorithm

  • Asymmetric encryption algorithm

  • Irreversible encryption algorithm

  • Let's look at these encryption algorithms one by one .

Symmetric algorithm

Symmetric algorithm means that the sender and receiver of information use the same secret key to encrypt and decrypt data .AES、DES And so on are commonly used symmetric encryption algorithms .

The advantage of symmetric algorithm is fast encryption and decryption , Suitable for large amount of data encryption . The disadvantage is that there is only one secret key , So key management is difficult , As long as it's exposed , It's easy to crack the encrypted information .

Asymmetric algorithm

Asymmetric algorithm means that the sender and receiver of information hold a secret key respectively . A public release , Call it public key ; A private , Called secret key . The secret key can export the corresponding public key .RSA、DSA And so on are commonly used asymmetric encryption algorithms .

In general , The sender uses a public key to encrypt , The receiver decrypts the message with a private key . The public key mechanism is flexible , But the speed of encryption and decryption is much slower than symmetric key encryption . Under different usage scenarios , Other methods of use will also be derived , Such as private key encryption , Public key decryption .

RSA Encryption and decryption algorithm

RSA It is a popular asymmetric encryption algorithm , The contents of the generated public-private key are as follows :

# Generate secret key 
OpenSSL genrsa -out test.key 1024
# Export the public key from the secret key 
OpenSSL rsa -in test.key -pubout -out test_pub.key
# Public key encryption file 
echo "test" > hello
OpenSSL rsautl -encrypt -in hello -inkey test_pub.key -pubin -out hello.en
# Decrypt the file with the private key 
OpenSSL rsautl -decrypt -in hello.en -inkey test.key -out

Irreversible encryption algorithm

Irreversible encryption algorithm is mainly used to verify the consistency of files , Abstract algorithm is one of them . The common summary algorithms are MD5.

Abstract algorithm

The algorithm is used to change any length of plaintext into a fixed length string of characters with certain rules . When doing file consistency verification , We usually use the summary algorithm first , Get a fixed length string of characters , Then sign the string of characters . After the recipient receives the document , It will also execute the digest algorithm once before signing . The data are consistent , It means that the file has not been tampered with during transmission .


One thing in particular to note ,base64 Not encryption algorithm , It's a coding method . It can facilitate the transmission process ASCII Conversion between code and binary code . Similar to pictures or some text protocols , In the process of transmission, you can usually use base64 Conversion to binary code process transmission .

SSH Encryption process

  • The client sends its own key ID To the server

  • The server is in its own authorized_keys Find out if this... Exists in the file ID The public key

  • If there is , Then the server generates a random number , Use current ID Public key encryption

  • The server sends the encrypted random number to the client

  • The client decrypts the random number with the private key , Then do... Locally for random numbers MD5 encryption

  • The client will MD5 The hash is sent to the server

  • The server also makes a for the random number generated at the beginning MD5 Hash , Then use the communication channel “ Public key ” Encrypt the hash , Then compare with the content sent by the client . If both parties agree , Then through verification , Open access to clients

Deepen understanding OpenSSL after , Its functional support for cryptography technology will excite you , If you are interested, you can have a deeper understanding of the content and test the use of different encryption methods in different scenarios . Put a little notice : A follow-up article with pyo3 Here it is python To write rsa Forward and reverse encryption and decryption module .

Recommended reading

webpack from 0 To 1 structure vue

MySQL Those common wrong design specifications

Please bring the original link to reprint ,thank
Similar articles