Post

OpenSSL

Posted Updated
By Mokhlesur Mahin 2 min read

OpenSSL

OpenSSL Libraries:

  1. LIBSSL - SSL TLS related operations.
  2. LIBCRYPTO - Cryptographic operations like signing, hashing, key aggrement.

5 Pillars of Cryptography

  1. Integrity
  2. Confidentiality
  3. Authentication
  4. Authorization
  5. Non-Repudiation

Maintaining Integrity

We often notice while downloading the tarball file of any software, there exists some checksum files like SHA256, SHA1 or PGP etc. These files are actually to check if there is any modification to the software code. How can we do that?

Download the software tarball and checksum

1
2

wget software_link
wget checksum_link

Get software hash

1

sha256sum software_file_name

Can by done by openssl too_

1

openssl sha256 software_file_name

Get the has value from sha256_

1

cat sha256_file_name

Create own checksum for file_

1

openssl sha256 -hex -out openssl.sha256 software_file_name

Example_

  1. Create a file named hello.txt.
  2. Create checksum:
    1

     openssl sha256 -hex -out openssl.sha256 hello.txt
  3. Check checksum val:
    1

     cat openssl.sha256
  4. Check file checksum val:
    1

     sha256sum hello.txt

Maintaining Condifentiality

Using cryptography we can protect confidential information by encrypting it thereby achieving confidentiality.

  • To encrypt we need a key.

2 types of keys available:

  1. Symmetric key (Secret key)- Uses the same key for both encryption and decryption.

Lets see how to generate a symmetric key using openssl command_

1
2
3
4

openssl rand -hex 10 //10 is the size of key byte of randomly generated data

<!-- want output of the key_ -->
openssl rand -hex -out encryption.key 10

How to use these public and private keys_

Encryption

1

openssl aes-256-cbc -in hello.txt -out hello.enc -e -kfile encryption.key

Decryption

1

openssl aes-256-cbc -in hello.enc -out hello.dec -d -kfile encryption.key
  1. Asymmetric key- Uses a pair of keys: a public key for encryption and a private key for decryption.

Lets see how to generate asymmetric keys using openssl.

Generate Private Key (Used for decryption)

1
2
3
4
5
6
7
8
9
10

openssl genrsa

<!-- or -->
openssl genrsa 1024 //mentioning key size

<!-- get output -->
openssl genrsa > key.pri

<!-- or -->
openssl genrsa -out key.pri 1024

Now we need a public key to encrypt some data_

1

openssl rsa -in key.pri -pubout -out key.pub

How to use these public and private keys_

Encryption

1

openssl pkeyutl -encrypt -inkey key.pub -pubin -in hello.txt -out hello.en

Decryption

1

openssl pkeyutl -decrypt -inkey key.pri -in hello.en -out hello_decrypted.txt

Non-Repudiation (Digital Signature)

Need to have key-pairs that we already used in Asymmetric Key section.

Sign document (Using Private Key)

1

openssl rsautl -sign -inkey key.pri -in hello.txt -out hello_sig.txt.sig

Verifying Signature (Using Public key)

1

openssl rsautl -verify -inkey key.pub -pubin -in hello_sig.txt.sig

Note: This method cannot be used to sign the large data. The size of data cannot be more that the (size_of_rsa_key-11) bytes.

To sign large data we can use some hash based algorithm.

Example:

1

openssl sha1 -sign key.pri -out hello_hash.txt.sig hello.txt

To verify_

1

openssl sha1 -verify key.pub -signature hello_hash.txt.sig hello.txt
OpenSSL
OpenSSL Open Source
This post is licensed under CC BY 4.0 by the author.