RHCA笔记333—1加解密-创新互联
1.Hashed
Commonly used to store passwords
Converts an input string of any length to an output string of fixed length
One-way:not feasible to get plaintext from hash
Collision-free:not feasibleto find two strings that hash to the same output
Algorithms:CRC-32,MD5,SHA-1,SHA-256,etc.
CRC-32 is not cryptographically secure
Utilities:sha1sum,md5sum,chsum,openssl dgst
Examples
To hash file see if it changed
md5sum file
[root@localhost ~]# vim file this is a test file [root@localhost ~]# md5sum file 79cbbfadcab143d2cc839ce5fce1c576 file [root@localhost ~]# md5sum file 79cbbfadcab143d2cc839ce5fce1c576 file [root@localhost ~]# md5sum file 79cbbfadcab143d2cc839ce5fce1c576 file
同一文件,只要没有被修改,无论用md5加密多少次,所得字符串都一致
sha1sum file
openssl dgst -sha1
2.Message Authentication Codes(消息认证码)
MAC is used to maintain the integrity of a network communication,preventing message from tampering
Attacker needs secret key to forge MAC
MAC funtion uses a shared secret key to generate MAC
CBC-MAC:use block cipher to construct
Encrypt the message in CBC mode and use last block
HMAC:use keyed cryptographic hash
HMAC(secret key,message)
3.User Authentication
Cryptographic hash of account password is stored
By adding random "salt" to password ,two users with the same password will have different password hashes
MD5-based hash by default,old modified DES version also availble
System hashes password given to login
If passwords match,user is authenticated
Utilities:password,openssl,openssl passwd -1
4.Asymmetric Encryption(非对称加密)
Public key to encrypt,private key to decrypt
Public means public,private means private
Partial solution to key distribution problem
Can give the public key to everybody
Algorithms:RSA,ElGamal
RSA is limited in the size of the message(<100 bytes)it can encrypt,much slower than symmetric algorithms
So,it is common to use RSA to transmit a secret symmetric session key securely,and switch to the faster symmetric secret key
Utilities:gpg openssl rsautl
Examples
Generate RSA key
openssl genrsa 1024 > secret.key
Extract public key from secret key
openssl rsa -puboutn-in secret.key > public.key
echo 'My secret message .' > tomylove.txt
Encrypt using public key
openssl rsautl -encrypt -pubin -inkey public.key -in tomylove.txt -out tomylove.encrypt
Decrypt using secret key
openssl rsautl -decrypt -inkey secret.key -in tomylove.enc -out tomylove.txt
使用RSA实现加密的例子
[root@localhost ~]# useradd bob [root@localhost ~]# useradd alice [root@localhost ~]# su - bob
生成bob的私钥,存放到secret.key文件中
[bob@localhost ~]$ openssl genrsa 1024 > secret.key Generating RSA private key, 1024 bit long modulus ...................................++++++ .................++++++ e is 65537 (0x10001)
从私钥中提取公钥,存放到public.key文件中
[bob@localhost ~]$ openssl rsa -pubout -in secret.key > public.key writing RSA key
切换到alice用户,生成自己的公私钥
[root@localhost ~]# su - alice [alice@localhost ~]$ openssl genrsa 1024 > secret.key Generating RSA private key, 1024 bit long modulus ..................................++++++ .........................................++++++ e is 65537 (0x10001) [alice@localhost ~]$ openssl rsa -pubout -in secret.key > public.key writing RSA key
现在bob要给alice发送加密消息:
bob用alice的公钥给alice发送加密消息,alice收到消息后,用自己的私钥解密即可
现在alice将自己的公钥发送给bob
[alice@localhost ~]$ cp public.key /tmp/alice.pub
bob现在使用alice的公钥将要发送的文件tomylove.txt加密
[root@localhost ~]# su - bob [bob@localhost ~]$ openssl rsautl -encrypt -pubin -inkey /tmp/alice.pub -in tomylove.txt -out tomylove.enc [bob@localhost ~]$ cp tomylove.enc /tmp [bob@localhost ~]$ su - [root@localhost ~]# su - alice [alice@localhost ~]$ openssl rsautl -decrypt -inkey secret.key -in /tmp/tomylove.enc -out tomylove.txt [alice@localhost ~]$ ll tomylove.txt -rw-rw-r--. 1 alice alice 19 Jul 21 23:18 tomylove.txt [alice@localhost ~]$ cat tomylove.txt My secret message。
使用GPG实现加密的例子
Generate GPG keys
pgp --gen-key(RSA encrypt and sign)
Export public key
gpg --export -a > pulic.key
echo 'My secret message.' > tomylove.txt
Encrypt using public key
gpg -r keyID -e tomylove.txt(you got tomylove.gpg)
Import public key
gpg --import public.key
Decrypt using secret key
gpg -r keyID -o tomylove.txt -d tomylove.gpg
另外有需要云服务器可以了解下创新互联scvps.cn,海内外云服务器15元起步,三天无理由+7*72小时售后在线,公司持有idc许可证,提供“云服务器、裸金属服务器、高防服务器、香港服务器、美国服务器、虚拟主机、免备案服务器”等云主机租用服务以及企业上云的综合解决方案,具有“安全稳定、简单易用、服务可用性高、性价比高”等特点与优势,专为企业上云打造定制,能够满足用户丰富、多元化的应用场景需求。
当前题目:RHCA笔记333—1加解密-创新互联
标题来源:http://hbruida.cn/article/dojogd.html