RHCA笔记333—1加解密-创新互联

1.Hashed
   Commonly used to store passwords
   Converts an input string of any length to an output string of fixed length
      One-way:not feasible to get plaintext from hash
      Collision-free:not feasibleto find two strings that hash to the same output
   Algorithms:CRC-32,MD5,SHA-1,SHA-256,etc.
      CRC-32 is not cryptographically secure
   Utilities:sha1sum,md5sum,chsum,openssl dgst
Examples
   To hash file see if it changed
      md5sum file

[root@localhost ~]# vim file
this is a test file
[root@localhost ~]# md5sum file
79cbbfadcab143d2cc839ce5fce1c576  file
[root@localhost ~]# md5sum file
79cbbfadcab143d2cc839ce5fce1c576  file
[root@localhost ~]# md5sum file
79cbbfadcab143d2cc839ce5fce1c576  file

      同一文件，只要没有被修改，无论用md5加密多少次，所得字符串都一致
      sha1sum file
      openssl dgst -sha1

2.Message Authentication Codes(消息认证码)
   MAC is used to maintain the integrity of a network communication,preventing message from tampering
      Attacker needs secret key to forge MAC
   MAC funtion uses a shared secret key to generate MAC
      CBC-MAC:use block cipher to construct
         Encrypt the message in CBC mode and use last block
      HMAC:use keyed cryptographic hash
         HMAC(secret key,message)

3.User Authentication
   Cryptographic hash of account password is stored
      By adding random "salt" to password ,two users with the same password will have different password hashes
      MD5-based hash by default,old modified DES version also availble
   System hashes password given to login
   If passwords match,user is authenticated
   Utilities:password,openssl,openssl passwd -1

4.Asymmetric Encryption(非对称加密)
   Public key to encrypt,private key to decrypt
      Public means public,private means private
   Partial solution to key distribution problem
      Can give the public key to everybody
   Algorithms:RSA,ElGamal
      RSA is limited in the size of the message(<100 bytes)it can encrypt,much slower than symmetric algorithms
      So,it is common to use RSA to transmit a secret symmetric session key securely,and switch to the faster symmetric secret key
   Utilities:gpg openssl rsautl

   Examples
      Generate RSA key
         openssl genrsa 1024 > secret.key
      Extract public key from secret key
         openssl rsa -puboutn-in secret.key > public.key
      echo 'My secret message .' > tomylove.txt
      Encrypt using public key
         openssl rsautl -encrypt -pubin -inkey public.key -in tomylove.txt -out tomylove.encrypt
      Decrypt using secret key
         openssl rsautl -decrypt -inkey secret.key -in tomylove.enc -out tomylove.txt
         使用RSA实现加密的例子

[root@localhost ~]# useradd bob
[root@localhost ~]# useradd alice
[root@localhost ~]# su - bob

            生成bob的私钥，存放到secret.key文件中

[bob@localhost ~]$ openssl genrsa 1024 > secret.key
Generating RSA private key, 1024 bit long modulus
...................................++++++
.................++++++
e is 65537 (0x10001)

            从私钥中提取公钥，存放到public.key文件中

[bob@localhost ~]$ openssl rsa -pubout -in secret.key > public.key
writing RSA key

            切换到alice用户，生成自己的公私钥

[root@localhost ~]# su - alice
[alice@localhost ~]$ openssl genrsa 1024 > secret.key
Generating RSA private key, 1024 bit long modulus
..................................++++++
.........................................++++++
e is 65537 (0x10001)
[alice@localhost ~]$ openssl rsa -pubout -in secret.key > public.key
writing RSA key

            现在bob要给alice发送加密消息：
               bob用alice的公钥给alice发送加密消息，alice收到消息后，用自己的私钥解密即可
            现在alice将自己的公钥发送给bob

[alice@localhost ~]$ cp public.key /tmp/alice.pub

            bob现在使用alice的公钥将要发送的文件tomylove.txt加密

[root@localhost ~]# su - bob
[bob@localhost ~]$ openssl rsautl -encrypt -pubin -inkey /tmp/alice.pub -in tomylove.txt -out tomylove.enc
[bob@localhost ~]$ cp tomylove.enc /tmp
[bob@localhost ~]$ su -
[root@localhost ~]# su - alice
[alice@localhost ~]$ openssl rsautl -decrypt -inkey secret.key -in /tmp/tomylove.enc -out tomylove.txt
[alice@localhost ~]$ ll tomylove.txt 
-rw-rw-r--. 1 alice alice 19 Jul 21 23:18 tomylove.txt
[alice@localhost ~]$ cat tomylove.txt 
My secret message。

            使用GPG实现加密的例子
               Generate GPG keys
                  pgp --gen-key(RSA encrypt and sign)
               Export public key
                  gpg --export -a > pulic.key
               echo 'My secret message.' > tomylove.txt
               Encrypt using public key
                  gpg -r keyID -e tomylove.txt(you got tomylove.gpg)
               Import public key
                  gpg --import public.key
               Decrypt using secret key
                  gpg -r keyID -o tomylove.txt -d tomylove.gpg

另外有需要云服务器可以了解下创新互联scvps.cn，海内外云服务器15元起步，三天无理由+7*72小时售后在线，公司持有idc许可证，提供“云服务器、裸金属服务器、高防服务器、香港服务器、美国服务器、虚拟主机、免备案服务器”等云主机租用服务以及企业上云的综合解决方案，具有“安全稳定、简单易用、服务可用性高、性价比高”等特点与优势，专为企业上云打造定制，能够满足用户丰富、多元化的应用场景需求。