安装openssl
# tar –zxvf openssl
# cd openssl
# ./config --prefix=/usr/local/openssl
# make
# make install
加密解密
传统加密(对称加密)
openssl enc –ciphername(加密算法) –k password(口令) –in file(被加密的算法) -out (输出文件)file
解密
openssl enc –ciphername –k password -d –in file -out file
加密算法有:base64,des,des3,rc2,rc5,aes256
例如:
/bin/openssl enc –des3 –k boobooke –in pt.txt –out ct.bin //加密
/bin/openssl enc –des3 –d –k boobooke –in ct.bin –out pt1.txt //解密
非对称加密
Generate the private/public key
Openssl genrsa –out file 1024
例如:
Openssl genrsa –out priv.key 1024 //用rsa算法生成私钥(priv.key)
Openssl rsa –in file –pubout
例如:
Openssl rsa –in priv.key –pubout>pub.key //用私钥priv.key生成公钥,并重定向到pub.key这个文件里面
Encrypt the file with public key
Openssl rsautl –in file –out file –inkey file –pubin –encrypt
例如:
Openssl rsautl –in test.txt –out test.bin –inkey pub.key –pubin –encrypt //利用公钥文件(pub.key)对text.txt文件进行加密,生成加密后的文件text.bin
Decrypt the file the private key
Openssl rsautl –in file –out file –inkey file –decrypt
例如:
Openssl rsautl –in text.bin –out text1.txt –inkey priv.key –decrypt //利用私钥priv.key对公钥加密的text.bin进行加密的文件进行解密,生成解密后的文件是text1.txt
Use openssl sign/verify functions(数字签名)
Generate the private/public key
生成密钥对
Openssl genrsa –out file 1024
Openssl rsa –in file –pubout
Sign the file with the private key
Openssl rsautl –in file –out file –inkey file –sign
例如:
Openssl rsatul –in test.txt –out test.sig –inkey priv.key –sign //利用私钥对test.txt进行加密也就是签名
Openssl rsautl –in file –out file –inkey file –pubin –verify
例如:
Openssl rsautl –in test.sig –out test2.txt –inkey pub.key –pubin –verify //利用公钥对私钥加密后的文件(test.sig)进行解密或是认证
Hash functions(hash函数)……MD5 SHA1
作用:主要是验证文件的完整性,没有被别人篡改!
Generate the md5 hash result
Openssl dgst –md5 file 或
Md5sum file
例如:
Openssl dgst –md5 openssl.tar.gz //生成MD5值
Md5sum openssl.tar.gz
Generate the sha1 hash result
Openssl dgst –sha1file 或
Sha1sum file
例如:
Openssl –dgst –sha1 openssl.tar.gz //生成sha1值
Install apache
Configure the environment
tar –zxvf httpd-2.0.63.tar.gz
cd httpd-2.0.63
./configure –prefix=/usr/local/apache –enable-ssl –with-ssl=/usr/local/openssl
make
make install
Configure ssl in apache
openssl req -new -x509 -days 30 -keyout server.key -out server.crt -subj '/CN=Test Only Certifiecate'
或者
Openssl req –new –x509 –days 365 –sha1 –nodes –newkey rsa:1024 keyout server.key –out server.crt –subj ‘/O=Seccure/OU=Seccure Labs/CN=’
Cpy the .key and .crt file to the proper directory //一般都是存放在apache的conf 目录下面,具体存放路径是在apache的配置文件中定义的
Vi httpd.conf
Include conf/ssl.conf //ssl 的配置文件被包含在conf/ssl.conf
Vi conf/ssl.conf
SSLCertificateKeyFile /usr/local/apache/conf/ssl.crt/server.key //server.key存放路径
SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt //server.crt 存放路径
Apache2.2直接启动apache服务就可以启动SSL
Apache2.0启动ssl:apachectl startssl //端口号为443端口
Vi conf/ssl.conf
SSLRequireSSL //此目录只允许使用https协议访问
SSLRequireSSL
//ssldemo这个目录必须使用https协议访
问,应为利用ssl安全访问存在着密钥的
加密解密以及传送,所以访问会很慢,所
以一般都是把一些需要中到https协议访
访问的程序放在一个目录中,而其他的站
点依然用http协议访问
