Openssl

Openssl for network communication provides the security and integrity of data a security agreement, include the main cryptographic algorithm, the commonly used secret key and certificate encapsulation management functions and SSL protocol, and provided a lot of applications for test or other purposes.

What is OpenSSL

Many of the cryptographic algorithm, public key infrastructure standards and SSL protocol, perhaps these interesting function will let you produce realize all these algorithms and standard idea. If so, for you admire said in the same time, or can't help remind you: this is a formidable process. This job is no longer a simple read several in cryptography monographs and agreement document so simple, but to understand all of these algorithms, standards and protocols document every detail, and you may be familiar with the C language characters one to achieve these definitions and process. We don't know that you will need much time to finish the interesting and terrible work, but certainly not a year of two years.

First of all, you should thank the Eric a. minds and Tim Hudson j. since 1995, they have an enormous effect later began writing the OpenSSL package, the more to our pleasure, this is A not too much limitation of the open source software package, this makes we can use this package to do many things. The Eric a. minds and Tim j. Hudson is Canadian, afterwards because write OpenSSL after successful to large companies make A lot of money. In 1998, OpenSSL project team took over, and the development work of OpenSSL launched OpenSSL 0.9.1 version of, so far, has been very perfect OpenSSL algorithm, the SSL2.0, SSL3.0 and TLS1.0 are supported.

OpenSSL using C language development, making it as a language OpenSSL has the outstanding performance, this to the cross-platform technical personnel is a very wonderful things in different platform, can use the same familiar things. OpenSSL support Linux, Windows, BSD, Mac, VMS, etc, this makes the platform OpenSSL has the extensive applicability. But, for the present new growth of C + + programmer, may be up to C code is not very habit, but habit C language than to use C + + to write a of the same function with OpenSSL package much easier.

The basic function of OpenSSL

The whole package OpenSSL probably can be divided into three main parts: the function of the password is FaKu, SSL protocol library and application. The directory structure of a OpenSSL nature is around these three functions of planning part.

As a based on the safety of cryptography setups, the function of OpenSSL provide quite powerful and comprehensive, include the main cryptographic algorithm, the commonly used secret key and certificate encapsulation management functions and SSL protocol, and provided a lot of applications for test or other purposes.

1, symmetry encryption algorithm OpenSSL provides eight total symmetry encryption algorithm, with 7 species group encryption algorithm, the only a kind of flow is the RC4 encryption algorithm. The 7 kinds of packet encryption algorithm respectively is AES, DES, Blowfish, CAST, IDEA, RC2, RC5, support electronic password this mode (ECB), encryption group link mode (CBC), encryption feedback mode (CFB) and output feedback mode (OFB) the grouping of four common password encryption mode. Among them, AES encryption feedback mode of use (CFB) and output feedback mode (OFB) packet length is 128 bit, other algorithm of use is 64 bits. In fact, DES algorithm is not only the commonly used in DES algorithm, also support the three key and two key 3 DES algorithm.

2, asymmetric encryption algorithm OpenSSL altogether four realize asymmetric encryption algorithm, including DH algorithm, RSA algorithms, DSA algorithm and elliptic curve algorithm (EC). DH algorithm are used for key exchange. RSA algorithms can be used either for key exchange, also can be used in digital signature, of course, if you can bear its slow speed, so also can be used for data encryption. DSA algorithm is commonly used only for digital signature.

3, information the algorithm to realize the five OpenSSL information the algorithm, respectively is MD2, MD5, MDC2, SHA (SHA1) and RIPEMD. SHA algorithm in fact includes SHA and SHA1 two information, in addition, the algorithm OpenSSL also realized the DSS standard stipulated in two kinds of information in the algorithm DSS1 and DSS.

4. Key and certificate, certificate management is the key management and PKI is a very important part of OpenSSL provides, the function of the rich, support DuoZhong standards. First of all, OpenSSL realized asn.1's certificate and key related standards, provide the certificate, the public key, a private key, certificate request and the CRL of data objects such as DER, PEM and BASE64 codec function. OpenSSL provides produce all sorts of public key and symmetric key to the method, function and application, and provide the public and the private key DER decoding function. And realized the private key PKCS# 12 and PKCS# 8 codec function. OpenSSL in the standard provide the private key encryption protection function, make key can safely store and distribution. On this basis, to achieve the certificate OpenSSL X. 509 standard decoding, PKCS# 12 format decoding and PKCS# 7 codec function. And provided a text database, support the management function, including certificate of key generation, request the certificate, certificate shall produce, revoke and validation etc. Function. In fact, OpenSSL provide CA application is a small certificate management center (CA), realize the certificate issued by the whole process and management mechanism. Most of the certificate

5, SSL and TLS OpenSSL realized the SSL protocol SSLv2 and SSLv3, support the most of algorithm agreement. OpenSSL also realization TLSv1.0, TLS SSLv3 standardization version is, although the difference is not big, but after all, there were a lot of details in the same way. Yet there are numerous software realize the OpenSSL functions, but inside of the realization of the OpenSSL SSL protocol can let us to SSL protocol is a more clear understanding, because there are at least two points: one is the realization of OpenSSL SSL protocol is open source, we can investigate SSL protocol realized every detail; 2 it is the realization of OpenSSL SSL protocol is pure SSL protocol, with no other agreement (such as HTTP) agreement together, and clarify the SSL protocol true colors.

6, application of OpenSSL application has become OpenSSL important a part, its importance is probably OpenSSL developers didn't start the thought of that. Now in the application of many OpenSSL OpenSSL are based on the application and not the API, such as OpenCA, is a perfect use of the application of the realization of the OpenSSL. OpenSSL application is based on the password is FaKu OpenSSL and SSL protocol library, so also is written some very good OpenSSL API use examples, read all these examples, you use the API to OpenSSL understanding and comprehensive, of course, this is also a new exercise your will power. OpenSSL applications provided relatively comprehensive function, in a considerable number of people, it seems, for his OpenSSL has done everything, don't need to do more development, so, they also put these applications become OpenSSL instructions. OpenSSL applications mainly includes key generation, certificate management, format conversion, data encryption and signature, SSL test and other auxiliary allocation function.

Search 7, search is the emergence of the mechanism mechanism in the 0.9.6 version of things OpenSSL, when beginning is the ordinary with support of search version, went to the separate versions of the 0.9.7 OpenSSL edition, search to the core of integrated mechanism OpenSSL, become an indispensable part of OpenSSL. The goal is to make search mechanism OpenSSL can use transparent third party to provide software encryption library or hardware encryption devices for encryption. The successful search OpenSSL mechanism to this aim, this makes OpenSSL has not only makes a encryption library, but provides a generic interface to encryption, can with most of the encryption library or encryption devices coordination. Of course, want to make certain encryption library or the encryption devices more OpenSSL coordination work, need to write a small amount of the interface code, but this is not big, although the amount of work or need a little cryptography of knowledge. Search the function of the mechanism with Windows provides the CSP function target is basically the same. At present, the 0.9.7 version of OpenSSL support embedded third party encryption devices have 8 kinds, including: CryptoSwift, nCipher, Atalla, Nuron, UBSEC, Aep, SureWare and IBM hardware encryption devices 4758 CCA. Now also appeared to support PKCS# 11 interface, support Microsoft search interface CryptoAPI interface also have someone in development. Of course, all of the above support is not necessarily very comprehensive search interface, for example, may support one two public-key algorithm.

8, the auxiliary function BIO mechanism is to provide a OpenSSL top IO interface, this interface encapsulates the almost all types of IO interface, such as memory access, file access and Socket etc. This makes code reusability greatly raised, provide the complexity of the API OpenSSL also reduce a lot. For the generation of random number OpenSSL and management also provide a set of solutions and support API functions. The stand or fall of random number is a key decision about the safety of the important prerequisite. OpenSSL also provides some other auxiliary functions, such as password generate the keys from the API, certificate issue and management in the configuration file mechanism and so on. If you have enough patience, will be in use process of deep OpenSSL slowly found that many of such little function, let you constantly have new surprises.