Home IT Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ File encryption and decryption of Linux security mechanisms     - A step by step teach have to install multi-node cluster configuration Hadoop (Server)

- Linux boot process (Linux)

- Ubuntu study notes and related problem solving (Linux)

- The three-way division of the sorting algorithm Quicksort (Programming)

- Ubuntu Control Panel to resolve network-manager icon display issue (Linux)

- Tmux Crash Course: Tips and adjustment (Linux)

- Installation CD audio file extraction tool Flacon (Linux)

- Some practical tips Linux (Linux)

- How to track performance issues when using the Unity Game Development Android (Programming)

- Ubuntu 14.10 Server configuration wireless Internet access (Server)

- About Leetcode on Binary Tree Algorithm summary (Programming)

- Linux Network Programming - non-blocking program (Programming)

- Ubuntu 14.04 / 12.04 subscribe users to install software Liferea 1.10.10 (Linux)

- Java logging performance of those things (Programming)

- Single Instance ASM under CRS-4124, CRS-4000 error handling (Database)

- How to download video youtube-dl in Linux (Linux)

- Ubuntu 14.04 / 14.10 how to install FFmpeg 2.5.1 (Linux)

- Sublime Text Add instructions to insert the current time zone (Linux)

- CentOS7 + Redis Live Installation and Configuration (Linux)

- Ubuntu install Eclipse can not find JAVA_HOME problem (Linux)

  File encryption and decryption of Linux security mechanisms
  Add Date : 2017-01-08      
  What is encryption and decryption
    Encryption: is to convert plaintext into ciphertext process is the use of a special algorithm to change the existing information and data, so that even if an unauthorized user access to encrypted information, but I do not know decryption methods, still can not understand the information Content.
    Decryption: is to convert ciphertext into plaintext process, authorized users by using the corresponding ciphertext encryption algorithm translates the plaintext.
[Common cryptographic algorithms and protocols]

    Symmetric encryption: the same key can be used as the encryption and decryption of information, this encryption method is called symmetric encryption;
    Commonly used symmetric encryption algorithms: DES (56), 3DES, AES (128,192,256,384,512), Blowfish, Twofish, IDEA, RC6, CAST5 etc;
    Public key encryption: Also called asymmetric encryption, encryption method is by a corresponding pair of unique keys (ie, public and private keys) thereof.
    Commonly used public key encryption algorithm: RSA, DSA, EIGamal etc;
    One-way encryption: encryption method can not be decrypted, non-reversible;
    Commonly used public key encryption algorithm: MD5, SHA1, SHA256, SHA384, SHA512, etc;
    Authentication Protocol:
        IKE protocol (Internet Key Exchange protocol): used to ensure the security and virtual private network VPN remote network or host to communicate when;
        SSL (Secure Sockets Layer): to provide a secure network communications protocol security and data integrity.
        TLS (Transport Layer Security): is modeled SSL developed for communication between the two applications provide confidentiality and data integrity.

[Encryption and decryption process]

[Simple to use openssl command tool]
    OpenSSL is a powerful Secure Sockets Layer library password, include major cryptographic algorithms, key and certificate common package management functions and SSL protocols and provides rich application for testing or other purposes.

    1, views openssl version information:

openssl version
[Root @ CentOS6 ~] # openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013 # version, when we tried to patch or upgrade version will first see the next;

    2, symmetric encryption of files:
Encryption: openssl enc -des3 -a -salt -in / path / from / somefile -out / path / to / somecipherfile
Decryption: openssl enc -d -des3 -a -salt -in / path / from / somecipherfile -out / path / to / somefile
123456789101112131415161718192021222324252627 root @ CentOS6 tmp] # openssl enc -des3 -a -salt -in / tmp / fstab -out /tmp/fstab.sc
# -des3: Encryption algorithm (you can choose according to their needs);
# -a: The data will be encrypted base64 encoded before or decryption, decoding base64 data first.
# -salt: Salt, this is a wonderful option, after the salt, the same plaintext can be different ciphertext. By default, the value is with salt
#-Generated, you can use the -S option to explicitly specify the value of salt.
# -in: Specifies the file to be encrypted;
# -out: Specifies the encrypted file output;
enter des-ede3-cbc encryption password: # require the user to enter the encryption password;
Verifying - enter des-ede3-cbc encryption password: # password confirmation;
[Root @ CentOS6 tmp] # cat /tmp/fstab.sc # Here is the resulting ciphertext, is not it has been unable to understand ~~
U2FsdGVkX188aCeQ1I9XJ4wbVbQtjOUWE3kA7z9qEKwthOgV7hwYoASba6F + 24rG
9Icl + 4BXyZ1vw + mLcpEaAQotxCpLZB7sYMTpd71jpmUEJkDTYRsP4uLwlFnMPA1G
---- --- Slightly #
7N9JdTKhByxLwOJaBZxQMFCRoyF8ri2HGE / 6tlxuq31RniwOUxcOZ / eux3iXDf2J
xFafl6AbzQgX1OztM + 454w ==
[Root @ CentOS6 tmp] # openssl enc -d -des3 -a -salt -in /tmp/fstab.sc -out / tmp / fstab1 # -d: decrypt;
enter des-ede3-cbc decryption password: # Enter the password encryption used, you can enter the correct decrypted;
[Root @ CentOS6 tmp] # cat fstab1 # decrypted out! !
# / Etc / fstab
# Created by anaconda on Mon Mar 16 13:43:08 2015
# Accessible filesystems, by reference, are maintained under '/ dev / disk'
# See man pages fstab (5), findfs (8), mount (8) and / or blkid (8) for more info
/ Dev / mapper / vg_centos6-lv_root / ext4 defaults 1 1

    3, one-way encryption of the file:
      openssl dgst [-md5 | -sha1] [-out / path / to / filename] / path / from / somefile
[Root @ CentOS6 tmp] # openssl dgst -md5 / tmp / fstab # use md5 one-way encryption algorithm, do not specify the output -out
# File, the default output to the desktop;
MD5 (/ tmp / fstab) = 1dc8426edc4278081c898bdf9806682c
[Root @ CentOS6 tmp] # md5sum / tmp / fstab # md5sum tool with file encryption;
1dc8426edc4278081c898bdf9806682c / tmp / fstab
# You can see that no matter what tools you use to encrypt files in the same way files, as long as the output of the algorithm results are the same.

    4, the user's password hash:
      openssl passwd -1 [-salt SALT]
          -1: Represents hash algorithm using MD5;
          -salt SALT: salt string as input;
[Root @ CentOS6 tmp] # openssl passwd -1 # use md5 to hash passwords;
Password: # Enter the password hash;
Verifying - Password: # confirm the entry;
$ 1 $ mgYuAGde $ OHKciTF3gV9YZKMZUPyW results after #hash /;
[Root @ CentOS6 tmp] # openssl passwd -1 -salt aa
$ 1 $ aa $ 9dcbvI.WtNPFK0cdGuO / W0

    5, generates a random number:

      openssl rand -base64 | -hex num
      -base64 | -hex: base64 encoded random string or hex display format;
      num: Specifies the length of num bytes of random characters to specify a generation;
[Root @ CentOS6 tmp] # openssl rand -hex 5 # 5bytes represents randomly generated random number, and display base64 encoding;
[Root @ CentOS6 tmp] # openssl rand -base64 5 # 5bytes represents randomly generated random number, and display hex coding;
McpaNQI =

    6, to generate a private key:
      (Umask 077; openssl genrsa -out / path / to / keyfile NUMBEROFBITS)
      (Command): indicates () command which is running in the sub-shell, it does not affect the current shell;
        NUMBEROFBITS: Key length (bit);
[Root @ CentOS6 tmp] # (umask 077; openssl genrsa -out / tmp / key 32)
Generating RSA private key, 32 bit long modulus
. +++++++++++++++++++++++++++
. +++++++++++++++++++++++++++
e is 65537 (0x10001)
[Root @ CentOS6 tmp] # cat / tmp / key # to view the generated key file;

    7. extract the public key:
      openssl rsa -in / path / from / private_key_file -pubout -out / path / to / Pub_key_file
[Root @ CentOS6 ~] # openssl rsa -in / tmp / key -pubout # do not specify the output to a file directly to the public output to the screen;
writing RSA key
----- BEGIN PUBLIC KEY -----
----- END PUBLIC KEY -----
[Root @ CentOS6 ~] # man openssl rsa
[Root @ CentOS6 ~] # openssl rsa -in / tmp / key -pubout -out / tmp / key_pub # extract the public key to the file;
writing RSA key
[Root @ CentOS6 ~] # cat / tmp / key_pub
----- BEGIN PUBLIC KEY -----
----- END PUBLIC KEY -----
- Java programmers talk about those advanced knowledge and direction (Programming)
- LaTeX Getting Started Tutorial (Linux)
- Security Features Linux and Unix operating system, programming (Linux)
- Adding SSH to Github (Linux)
- When Linux virtual machine to another copy of the operating system, a static IP NAT mode Invalid (Linux)
- Glibc support encryption by modifying the DNS (Programming)
- The bulk batch multiple rows of data collect (Database)
- Linux Command Tutorial: Ubuntu apt-get command (Linux)
- CentOS7 virtual machine settings, and bridging problems (Linux)
- Nagios (centreon) monitoring LVS (Server)
- Netfilter / Iptables Comments (Linux)
- Oracle 12c R2 new feature dbca command to create a standby database (Database)
- C ++ Fundamentals study notes (Programming)
- How to implement large-scale distributed Yahoo depth study on the Hadoop cluster (Server)
- Linux beginners should know 12 commands (Linux)
- Linux, see picture not resolve the problem (Linux)
- The need to avoid a gap of InnoDB lock (Database)
- Ubuntu derivative version of the user and how to install SmartGit / HG 6.0.0 (Linux)
- How to view the Linux program or process used in the library (Linux)
- Java-- get the reflection object information (Programming)
  CopyRight 2002-2016 newfreesoft.com, All Rights Reserved.