Home IT Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ File encryption and decryption of Linux security mechanisms     - Docker knowledge base (Server)

- php security study (Linux)

- Orionode source Linux Mint installation (Linux)

- 4 lvcreate example commonly used commands (Linux)

- How to handle special characters in JSON (Programming)

- Source MongoDB 3.2.1 installed on CentOS6.5 (Database)

- Linux add a new hard disk (Linux)

- Questions about Linux compiler u-boot (Programming)

- JavaScript common functions summary (Programming)

- SVN common commands (Linux)

- Let Linux operating system more secure (Linux)

- BackTrack (BT3, BT4) Linux installation tutorial (Linux)

- mysqldump issue a note (Database)

- Network Security: SYN attacks against under linux (Linux)

- Oracle local user login authentication fails ORA-01031 insufficient privileges (Database)

- Zabbix Agent for Linux Installation and Configuration (Server)

- Linux system security configuration (Linux)

- Installation and management of Linux applications (Linux)

- Tip: Use Cryptsetup U disk encryption (Linux)

- Java logging performance of those things (Programming)

  File encryption and decryption of Linux security mechanisms
  Add Date : 2017-01-08      
  What is encryption and decryption
    Encryption: is to convert plaintext into ciphertext process is the use of a special algorithm to change the existing information and data, so that even if an unauthorized user access to encrypted information, but I do not know decryption methods, still can not understand the information Content.
    Decryption: is to convert ciphertext into plaintext process, authorized users by using the corresponding ciphertext encryption algorithm translates the plaintext.
[Common cryptographic algorithms and protocols]

    Symmetric encryption: the same key can be used as the encryption and decryption of information, this encryption method is called symmetric encryption;
    Commonly used symmetric encryption algorithms: DES (56), 3DES, AES (128,192,256,384,512), Blowfish, Twofish, IDEA, RC6, CAST5 etc;
    Public key encryption: Also called asymmetric encryption, encryption method is by a corresponding pair of unique keys (ie, public and private keys) thereof.
    Commonly used public key encryption algorithm: RSA, DSA, EIGamal etc;
    One-way encryption: encryption method can not be decrypted, non-reversible;
    Commonly used public key encryption algorithm: MD5, SHA1, SHA256, SHA384, SHA512, etc;
    Authentication Protocol:
        IKE protocol (Internet Key Exchange protocol): used to ensure the security and virtual private network VPN remote network or host to communicate when;
        SSL (Secure Sockets Layer): to provide a secure network communications protocol security and data integrity.
        TLS (Transport Layer Security): is modeled SSL developed for communication between the two applications provide confidentiality and data integrity.

[Encryption and decryption process]

[Simple to use openssl command tool]
    OpenSSL is a powerful Secure Sockets Layer library password, include major cryptographic algorithms, key and certificate common package management functions and SSL protocols and provides rich application for testing or other purposes.

    1, views openssl version information:

openssl version
[Root @ CentOS6 ~] # openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013 # version, when we tried to patch or upgrade version will first see the next;

    2, symmetric encryption of files:
Encryption: openssl enc -des3 -a -salt -in / path / from / somefile -out / path / to / somecipherfile
Decryption: openssl enc -d -des3 -a -salt -in / path / from / somecipherfile -out / path / to / somefile
123456789101112131415161718192021222324252627 root @ CentOS6 tmp] # openssl enc -des3 -a -salt -in / tmp / fstab -out /tmp/fstab.sc
# -des3: Encryption algorithm (you can choose according to their needs);
# -a: The data will be encrypted base64 encoded before or decryption, decoding base64 data first.
# -salt: Salt, this is a wonderful option, after the salt, the same plaintext can be different ciphertext. By default, the value is with salt
#-Generated, you can use the -S option to explicitly specify the value of salt.
# -in: Specifies the file to be encrypted;
# -out: Specifies the encrypted file output;
enter des-ede3-cbc encryption password: # require the user to enter the encryption password;
Verifying - enter des-ede3-cbc encryption password: # password confirmation;
[Root @ CentOS6 tmp] # cat /tmp/fstab.sc # Here is the resulting ciphertext, is not it has been unable to understand ~~
U2FsdGVkX188aCeQ1I9XJ4wbVbQtjOUWE3kA7z9qEKwthOgV7hwYoASba6F + 24rG
9Icl + 4BXyZ1vw + mLcpEaAQotxCpLZB7sYMTpd71jpmUEJkDTYRsP4uLwlFnMPA1G
---- --- Slightly #
7N9JdTKhByxLwOJaBZxQMFCRoyF8ri2HGE / 6tlxuq31RniwOUxcOZ / eux3iXDf2J
xFafl6AbzQgX1OztM + 454w ==
[Root @ CentOS6 tmp] # openssl enc -d -des3 -a -salt -in /tmp/fstab.sc -out / tmp / fstab1 # -d: decrypt;
enter des-ede3-cbc decryption password: # Enter the password encryption used, you can enter the correct decrypted;
[Root @ CentOS6 tmp] # cat fstab1 # decrypted out! !
# / Etc / fstab
# Created by anaconda on Mon Mar 16 13:43:08 2015
# Accessible filesystems, by reference, are maintained under '/ dev / disk'
# See man pages fstab (5), findfs (8), mount (8) and / or blkid (8) for more info
/ Dev / mapper / vg_centos6-lv_root / ext4 defaults 1 1

    3, one-way encryption of the file:
      openssl dgst [-md5 | -sha1] [-out / path / to / filename] / path / from / somefile
[Root @ CentOS6 tmp] # openssl dgst -md5 / tmp / fstab # use md5 one-way encryption algorithm, do not specify the output -out
# File, the default output to the desktop;
MD5 (/ tmp / fstab) = 1dc8426edc4278081c898bdf9806682c
[Root @ CentOS6 tmp] # md5sum / tmp / fstab # md5sum tool with file encryption;
1dc8426edc4278081c898bdf9806682c / tmp / fstab
# You can see that no matter what tools you use to encrypt files in the same way files, as long as the output of the algorithm results are the same.

    4, the user's password hash:
      openssl passwd -1 [-salt SALT]
          -1: Represents hash algorithm using MD5;
          -salt SALT: salt string as input;
[Root @ CentOS6 tmp] # openssl passwd -1 # use md5 to hash passwords;
Password: # Enter the password hash;
Verifying - Password: # confirm the entry;
$ 1 $ mgYuAGde $ OHKciTF3gV9YZKMZUPyW results after #hash /;
[Root @ CentOS6 tmp] # openssl passwd -1 -salt aa
$ 1 $ aa $ 9dcbvI.WtNPFK0cdGuO / W0

    5, generates a random number:

      openssl rand -base64 | -hex num
      -base64 | -hex: base64 encoded random string or hex display format;
      num: Specifies the length of num bytes of random characters to specify a generation;
[Root @ CentOS6 tmp] # openssl rand -hex 5 # 5bytes represents randomly generated random number, and display base64 encoding;
[Root @ CentOS6 tmp] # openssl rand -base64 5 # 5bytes represents randomly generated random number, and display hex coding;
McpaNQI =

    6, to generate a private key:
      (Umask 077; openssl genrsa -out / path / to / keyfile NUMBEROFBITS)
      (Command): indicates () command which is running in the sub-shell, it does not affect the current shell;
        NUMBEROFBITS: Key length (bit);
[Root @ CentOS6 tmp] # (umask 077; openssl genrsa -out / tmp / key 32)
Generating RSA private key, 32 bit long modulus
. +++++++++++++++++++++++++++
. +++++++++++++++++++++++++++
e is 65537 (0x10001)
[Root @ CentOS6 tmp] # cat / tmp / key # to view the generated key file;

    7. extract the public key:
      openssl rsa -in / path / from / private_key_file -pubout -out / path / to / Pub_key_file
[Root @ CentOS6 ~] # openssl rsa -in / tmp / key -pubout # do not specify the output to a file directly to the public output to the screen;
writing RSA key
----- BEGIN PUBLIC KEY -----
----- END PUBLIC KEY -----
[Root @ CentOS6 ~] # man openssl rsa
[Root @ CentOS6 ~] # openssl rsa -in / tmp / key -pubout -out / tmp / key_pub # extract the public key to the file;
writing RSA key
[Root @ CentOS6 ~] # cat / tmp / key_pub
----- BEGIN PUBLIC KEY -----
----- END PUBLIC KEY -----
- Linux Basics Tutorial: create your own Vim IDE (Linux)
- Use of the storage-level replication technology will quickly clone a ASM database to the target environment (Database)
- Ubuntu: HDF5 error: HDF5 header version does not match with the HDF5 library (Linux)
- How to install and use the Snort in Ubuntu 15.04 (Linux)
- Redis is installed and set up Ubuntu 14.04 from the environment under the main ssdb (Server)
- The bulk batch multiple rows of data collect (Database)
- How wifi-linux AP signal strength detection (Linux)
- Learning UNIX good habits (Linux)
- Use value type build better applications Swift (Programming)
- Use Vagrant build cross-platform development environment for Python (Server)
- Linux file time Comments ctime mtime atime (Linux)
- Installation of Python2.7.10 under CentOS 6.4 (Linux)
- Use XtraBackup be physical standby database MySQL (Database)
- It is time to upgrade your gulp 4.0 (Programming)
- Oracle to use full-text indexing (Database)
- Intrusion prevention network server security maintenance tips (Linux)
- AngularJS asynchronous service testing and Mocking (Programming)
- MongoDB version 3.2 WiredTiger storage engine performance tests (Database)
- RedHat command line and graphical interface switching (Linux)
- Bash job control (Linux)
  CopyRight 2002-2016 newfreesoft.com, All Rights Reserved.