1.Hashed
Commonly used to store passwords
Converts an input string of any length to an output string of fixed length
One-way:not feasible to get plaintext from hash
Collision-free:not feasibleto find two strings that hash to the same output
Algorithms:CRC-32,MD5,SHA-1,SHA-256,etc.
CRC-32 is not cryptographically secure
Utilities:sha1sum,md5sum,chsum,openssl dgst
Examples
To hash file see if it changed
md5sum file
成都創(chuàng)新互聯(lián)主營阿合奇網(wǎng)站建設(shè)的網(wǎng)絡(luò)公司,主營網(wǎng)站建設(shè)方案,成都app軟件開發(fā),阿合奇h5小程序開發(fā)搭建,阿合奇網(wǎng)站營銷推廣歡迎阿合奇等地區(qū)企業(yè)咨詢
[root@localhost ~]# vim file this is a test file [root@localhost ~]# md5sum file 79cbbfadcab143d2cc839ce5fce1c576 file [root@localhost ~]# md5sum file 79cbbfadcab143d2cc839ce5fce1c576 file [root@localhost ~]# md5sum file 79cbbfadcab143d2cc839ce5fce1c576 file
同一文件,只要沒有被修改,無論用md5加密多少次,所得字符串都一致
sha1sum file
openssl dgst -sha1
2.Message Authentication Codes(消息認證碼)
MAC is used to maintain the integrity of a network communication,preventing message from tampering
Attacker needs secret key to forge MAC
MAC funtion uses a shared secret key to generate MAC
CBC-MAC:use block cipher to construct
Encrypt the message in CBC mode and use last block
HMAC:use keyed cryptographic hash
HMAC(secret key,message)
3.User Authentication
Cryptographic hash of account password is stored
By adding random "salt" to password ,two users with the same password will have different password hashes
MD5-based hash by default,old modified DES version also availble
System hashes password given to login
If passwords match,user is authenticated
Utilities:password,openssl,openssl passwd -1
4.Asymmetric Encryption(非對稱加密)
Public key to encrypt,private key to decrypt
Public means public,private means private
Partial solution to key distribution problem
Can give the public key to everybody
Algorithms:RSA,ElGamal
RSA is limited in the size of the message(<100 bytes)it can encrypt,much slower than symmetric algorithms
So,it is common to use RSA to transmit a secret symmetric session key securely,and switch to the faster symmetric secret key
Utilities:gpg openssl rsautl
Examples
Generate RSA key
openssl genrsa 1024 > secret.key
Extract public key from secret key
openssl rsa -puboutn-in secret.key > public.key
echo 'My secret message .' > tomylove.txt
Encrypt using public key
openssl rsautl -encrypt -pubin -inkey public.key -in tomylove.txt -out tomylove.encrypt
Decrypt using secret key
openssl rsautl -decrypt -inkey secret.key -in tomylove.enc -out tomylove.txt
使用RSA實現(xiàn)加密的例子
[root@localhost ~]# useradd bob [root@localhost ~]# useradd alice [root@localhost ~]# su - bob
生成bob的私鑰,存放到secret.key文件中
[bob@localhost ~]$ openssl genrsa 1024 > secret.key Generating RSA private key, 1024 bit long modulus ...................................++++++ .................++++++ e is 65537 (0x10001)
從私鑰中提取公鑰,存放到public.key文件中
[bob@localhost ~]$ openssl rsa -pubout -in secret.key > public.key writing RSA key
切換到alice用戶,生成自己的公私鑰
[root@localhost ~]# su - alice [alice@localhost ~]$ openssl genrsa 1024 > secret.key Generating RSA private key, 1024 bit long modulus ..................................++++++ .........................................++++++ e is 65537 (0x10001) [alice@localhost ~]$ openssl rsa -pubout -in secret.key > public.key writing RSA key
現(xiàn)在bob要給alice發(fā)送加密消息:
bob用alice的公鑰給alice發(fā)送加密消息,alice收到消息后,用自己的私鑰解密即可
現(xiàn)在alice將自己的公鑰發(fā)送給bob
[alice@localhost ~]$ cp public.key /tmp/alice.pub
bob現(xiàn)在使用alice的公鑰將要發(fā)送的文件tomylove.txt加密
[root@localhost ~]# su - bob [bob@localhost ~]$ openssl rsautl -encrypt -pubin -inkey /tmp/alice.pub -in tomylove.txt -out tomylove.enc [bob@localhost ~]$ cp tomylove.enc /tmp [bob@localhost ~]$ su - [root@localhost ~]# su - alice [alice@localhost ~]$ openssl rsautl -decrypt -inkey secret.key -in /tmp/tomylove.enc -out tomylove.txt [alice@localhost ~]$ ll tomylove.txt -rw-rw-r--. 1 alice alice 19 Jul 21 23:18 tomylove.txt [alice@localhost ~]$ cat tomylove.txt My secret message。
使用GPG實現(xiàn)加密的例子
Generate GPG keys
pgp --gen-key(RSA encrypt and sign)
Export public key
gpg --export -a > pulic.key
echo 'My secret message.' > tomylove.txt
Encrypt using public key
gpg -r keyID -e tomylove.txt(you got tomylove.gpg)
Import public key
gpg --import public.key
Decrypt using secret key
gpg -r keyID -o tomylove.txt -d tomylove.gpg