Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ File encryption and decryption of Linux security mechanisms     - Memcached and Redis (Linux)

- MongoDB in bulk timestamp change the date format (Database)

- MySQL use benchmarking tool sysbench (Database)

- Tab set to four spaces in Vim (Linux)

- To install the iNode client on UbuntuKylin 13.10 (Linux)

- Linux AS4 VPN server in conjunction with a firewall perfect (Linux)

- Linux how to prohibit the use of Ping command (Linux)

- Linux FTP setting file description (Server)

- Linux System Getting Started Learning: Disable Ubuntu Apport internal error reporting procedures (Linux)

- Build a Linux development environment under STC89C52RC (Linux)

- Firewall types and instructions (Linux)

- 2 minutes to read large data framework Hadoop and Spark similarities and differences (Server)

- MySQL Tutorial: Building MySQL Cluster under Linux (Database)

- Nginx + ownCloud + PHP + MySQL to build personal private cloud under CentOS7 (Server)

- Linux iptables: basic principles and rules (Linux)

- To control based on IP address routing policy under Linux (Linux)

- Use XtraBackup be physical standby database MySQL (Database)

- cp: omitting directory error solutions under Linux (Linux)

- Binary tree traversal algorithm summary (recursive and non-recursive) (Programming)

- Solaris 10 nagios monitoring system (Linux)

 
         
  File encryption and decryption of Linux security mechanisms
     
  Add Date : 2017-01-08      
         
         
         
  What is encryption and decryption
    Encryption: is to convert plaintext into ciphertext process is the use of a special algorithm to change the existing information and data, so that even if an unauthorized user access to encrypted information, but I do not know decryption methods, still can not understand the information Content.
    Decryption: is to convert ciphertext into plaintext process, authorized users by using the corresponding ciphertext encryption algorithm translates the plaintext.
[Common cryptographic algorithms and protocols]


    Symmetric encryption: the same key can be used as the encryption and decryption of information, this encryption method is called symmetric encryption;
    Commonly used symmetric encryption algorithms: DES (56), 3DES, AES (128,192,256,384,512), Blowfish, Twofish, IDEA, RC6, CAST5 etc;
    Public key encryption: Also called asymmetric encryption, encryption method is by a corresponding pair of unique keys (ie, public and private keys) thereof.
    Commonly used public key encryption algorithm: RSA, DSA, EIGamal etc;
    One-way encryption: encryption method can not be decrypted, non-reversible;
    Commonly used public key encryption algorithm: MD5, SHA1, SHA256, SHA384, SHA512, etc;
    Authentication Protocol:
        IKE protocol (Internet Key Exchange protocol): used to ensure the security and virtual private network VPN remote network or host to communicate when;
        SSL (Secure Sockets Layer): to provide a secure network communications protocol security and data integrity.
        TLS (Transport Layer Security): is modeled SSL developed for communication between the two applications provide confidentiality and data integrity.


[Encryption and decryption process]

[Simple to use openssl command tool]
    OpenSSL is a powerful Secure Sockets Layer library password, include major cryptographic algorithms, key and certificate common package management functions and SSL protocols and provides rich application for testing or other purposes.

    1, views openssl version information:

openssl version
[Root @ CentOS6 ~] # openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013 # version, when we tried to patch or upgrade version will first see the next;

    2, symmetric encryption of files:
Encryption: openssl enc -des3 -a -salt -in / path / from / somefile -out / path / to / somecipherfile
Decryption: openssl enc -d -des3 -a -salt -in / path / from / somecipherfile -out / path / to / somefile
123456789101112131415161718192021222324252627 root @ CentOS6 tmp] # openssl enc -des3 -a -salt -in / tmp / fstab -out /tmp/fstab.sc
# -des3: Encryption algorithm (you can choose according to their needs);
# -a: The data will be encrypted base64 encoded before or decryption, decoding base64 data first.
# -salt: Salt, this is a wonderful option, after the salt, the same plaintext can be different ciphertext. By default, the value is with salt
#-Generated, you can use the -S option to explicitly specify the value of salt.
# -in: Specifies the file to be encrypted;
# -out: Specifies the encrypted file output;
enter des-ede3-cbc encryption password: # require the user to enter the encryption password;
Verifying - enter des-ede3-cbc encryption password: # password confirmation;
[Root @ CentOS6 tmp] # cat /tmp/fstab.sc # Here is the resulting ciphertext, is not it has been unable to understand ~~
U2FsdGVkX188aCeQ1I9XJ4wbVbQtjOUWE3kA7z9qEKwthOgV7hwYoASba6F + 24rG
9Icl + 4BXyZ1vw + mLcpEaAQotxCpLZB7sYMTpd71jpmUEJkDTYRsP4uLwlFnMPA1G
---- --- Slightly #
7N9JdTKhByxLwOJaBZxQMFCRoyF8ri2HGE / 6tlxuq31RniwOUxcOZ / eux3iXDf2J
xFafl6AbzQgX1OztM + 454w ==
[Root @ CentOS6 tmp] # openssl enc -d -des3 -a -salt -in /tmp/fstab.sc -out / tmp / fstab1 # -d: decrypt;
enter des-ede3-cbc decryption password: # Enter the password encryption used, you can enter the correct decrypted;
[Root @ CentOS6 tmp] # cat fstab1 # decrypted out! !
#
# / Etc / fstab
# Created by anaconda on Mon Mar 16 13:43:08 2015
#
# Accessible filesystems, by reference, are maintained under '/ dev / disk'
# See man pages fstab (5), findfs (8), mount (8) and / or blkid (8) for more info
#
/ Dev / mapper / vg_centos6-lv_root / ext4 defaults 1 1
#--slightly--

    3, one-way encryption of the file:
      openssl dgst [-md5 | -sha1] [-out / path / to / filename] / path / from / somefile
[Root @ CentOS6 tmp] # openssl dgst -md5 / tmp / fstab # use md5 one-way encryption algorithm, do not specify the output -out
# File, the default output to the desktop;
MD5 (/ tmp / fstab) = 1dc8426edc4278081c898bdf9806682c
[Root @ CentOS6 tmp] # md5sum / tmp / fstab # md5sum tool with file encryption;
1dc8426edc4278081c898bdf9806682c / tmp / fstab
# You can see that no matter what tools you use to encrypt files in the same way files, as long as the output of the algorithm results are the same.

    4, the user's password hash:
      openssl passwd -1 [-salt SALT]
          -1: Represents hash algorithm using MD5;
          -salt SALT: salt string as input;
[Root @ CentOS6 tmp] # openssl passwd -1 # use md5 to hash passwords;
Password: # Enter the password hash;
Verifying - Password: # confirm the entry;
$ 1 $ mgYuAGde $ OHKciTF3gV9YZKMZUPyW results after #hash /;
[Root @ CentOS6 tmp] # openssl passwd -1 -salt aa
Password:
$ 1 $ aa $ 9dcbvI.WtNPFK0cdGuO / W0

    5, generates a random number:

      openssl rand -base64 | -hex num
      -base64 | -hex: base64 encoded random string or hex display format;
      num: Specifies the length of num bytes of random characters to specify a generation;
[Root @ CentOS6 tmp] # openssl rand -hex 5 # 5bytes represents randomly generated random number, and display base64 encoding;
c0a6f4c166
[Root @ CentOS6 tmp] # openssl rand -base64 5 # 5bytes represents randomly generated random number, and display hex coding;
McpaNQI =


    6, to generate a private key:
      (Umask 077; openssl genrsa -out / path / to / keyfile NUMBEROFBITS)
      (Command): indicates () command which is running in the sub-shell, it does not affect the current shell;
        NUMBEROFBITS: Key length (bit);
[Root @ CentOS6 tmp] # (umask 077; openssl genrsa -out / tmp / key 32)
Generating RSA private key, 32 bit long modulus
. +++++++++++++++++++++++++++
. +++++++++++++++++++++++++++
e is 65537 (0x10001)
[Root @ CentOS6 tmp] # cat / tmp / key # to view the generated key file;
----- BEGIN RSA PRIVATE KEY -----
MCwCAQACBQCyIttNAgMBAAECBGc3UKUCAwDsewIDAMDXAgMAwQ0CAkWhAgI / Og ==
----- END RSA PRIVATE KEY -----

    7. extract the public key:
      openssl rsa -in / path / from / private_key_file -pubout -out / path / to / Pub_key_file
[Root @ CentOS6 ~] # openssl rsa -in / tmp / key -pubout # do not specify the output to a file directly to the public output to the screen;
writing RSA key
----- BEGIN PUBLIC KEY -----
MCAwDQYJKoZIhvcNAQEBBQADDwAwDAIFALIi200CAwEAAQ ==
----- END PUBLIC KEY -----
[Root @ CentOS6 ~] # man openssl rsa
[Root @ CentOS6 ~] # openssl rsa -in / tmp / key -pubout -out / tmp / key_pub # extract the public key to the file;
writing RSA key
[Root @ CentOS6 ~] # cat / tmp / key_pub
----- BEGIN PUBLIC KEY -----
MCAwDQYJKoZIhvcNAQEBBQADDwAwDAIFALIi200CAwEAAQ ==
----- END PUBLIC KEY -----
     
         
         
         
  More:      
 
- PostgreSQL-- run Supervisord on Docker in Ubuntu (Database)
- Puppet installation and testing (Server)
- Search Linux commands and files - which, whereis, locate, find (Linux)
- MySQL & NoSQL - Memcached widget (Database)
- CentOS install Java 1.8 (Linux)
- ORA-27054 NFS problem solving (Database)
- Linux non-graphical interface to install Oracle Database (Database)
- crontab task scheduling Health Check (Linux)
- How to back up Debian system backupninja (Linux)
- Linux System Getting Started Tutorial: How to Force Change your password at next logon Linux (Linux)
- MySQL thread cache thread_cache_size parameter optimization (Database)
- The best known for archiving / compression tool under linux (Linux)
- Log4cplus logging facility configuration, installation, testing (Linux)
- IDS Intrusion Detection System built (Linux) (Linux)
- swap space is insufficient cause OOM kill MySQL Case (Database)
- Add your own kernel and ramfs based on an existing Linux LiveCD (Linux)
- C + + secondary pointer memory model (pointer array) (Programming)
- Processor in protected mode of protection (Linux)
- Recycle Bin function realization in Linux (Linux)
- CentOS7 installation configuration (Server)
     
           
     
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.