OpenSSL实战指南：互联网安全的基石

openssl

需积分: 10 95 浏览量更新于2024-07-19 收藏 1.72MB PDF 举报

身份认证购VIP最低享 7 折!

领优惠券(最高得80元）

资源详情

资源推荐

Examine Available Commands 5

Note

When compiling software, it’s important to be familiar with the default conﬁguration

of your compiler. System-provided packages are usually compiled using all the avail-

able hardening options, but if you compile some software yourself there is no guar-

antee that the same options will be used.

Examine Available Commands

OpenSSL is a cryptographic toolkit that consists of many different utilities. I counted 46 in

my version. If it were ever appropriate to use the phrase Swiss Army knife of cryptography, this

is it. Even though you’ll use only a handful of the utilities, you should familiarize yourself with

everything that’s available, because you never know what you might need in the future.

There isn’t a speciﬁc help keyword, but help text is displayed whenever you type something

OpenSSL does not recognize:

$ openssl help

openssl:Error: 'help' is an invalid command.

Standard commands

asn1parse ca ciphers cms

crl crl2pkcs7 dgst dh

dhparam dsa dsaparam ec

ecparam enc engine errstr

gendh gendsa genpkey genrsa

nseq ocsp passwd pkcs12

pkcs7 pkcs8 pkey pkeyparam

pkeyutl prime rand req

rsa rsautl s_client s_server

s_time sess_id smime speed

spkac srp ts verify

version x509

The ﬁrst part of the help output lists all available utilities. To get more information about a

particular utility, use the man command followed by the name of the utility. For example, man

ciphers will give you detailed information on how cipher suites are conﬁgured.

Help output doesn’t actually end there, but the rest is somewhat less interesting. In the second

part, you get the list of message digest commands:

Message Digest commands (see the `dgst' command for more details)

compiler hardening in Ubuntu and Debian (Kees Cook, 3 February 2014)

6 Chapter 1: OpenSSL

md4 md5 rmd160 sha

sha1

And then, in the third part, you’ll see the list of all cipher commands:

Cipher commands (see the `enc' command for more details)

aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb

aes-256-cbc aes-256-ecb base64 bf

bf-cbc bf-cfb bf-ecb bf-ofb

camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb

camellia-256-cbc camellia-256-ecb cast cast-cbc

cast5-cbc cast5-cfb cast5-ecb cast5-ofb

des des-cbc des-cfb des-ecb

des-ede des-ede-cbc des-ede-cfb des-ede-ofb

des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb

des-ofb des3 desx rc2

rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb

rc2-ecb rc2-ofb rc4 rc4-40

seed seed-cbc seed-cfb seed-ecb

seed-ofb zlib

Building a Trust Store

OpenSSL does not come with any trusted root certiﬁcates (also known as a trust store), so if

you’re installing from scratch you’ll have to ﬁnd them somewhere else. One possibility is to

use the trust store built into your operating system. This choice is usually ﬁne, but default

trust stores may not always be up to date. A better choice—but one that involves more work

—is to turn to Mozilla, which is putting a lot of effort into maintaining a robust trust store.

For example, this is what I did for my assessment tool on SSL Labs.

Because it’s open source, Mozilla keeps the trust store in the source code repository:

https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins…

/certdata.txt

Unfortunately, their certiﬁcate collection is in a proprietary format, which is not of much

use to others as is. If you don’t mind getting the collection via a third party, the Curl project

provides a regularly-updated conversion in Privacy-Enhanced Mail (PEM) format, which you

can use directly:

http://curl.haxx.se/docs/caextract.html

But you don’t have to write a conversion script if you’d rather download directly from Mozilla.

Conversion scripts are available in Perl or Go. I describe both in the following sections.

8 Chapter 1: OpenSSL

2012/06/04 09:52:29 Failed to parse certificate starting on line 23068: negative …

serial number

In my case, there was one invalid certiﬁcate that the Go X.509 library couldn’t handle, but

otherwise the conversion worked as expected. Go versions from 1.6 onwards shouldn’t pro-

duce this warning because they can handle certiﬁcates with negative serial numbers.

Key and Certiﬁcate Management

Most users turn to OpenSSL because they wish to conﬁgure and run a web server that sup-

ports SSL. That process consists of three steps: (1) generate a strong private key, (2) cre-

ate a Certiﬁcate Signing Request (CSR) and send it to a CA, and (3) install the CA-provided

certiﬁcate in your web server. These steps (and a few others) are covered in this section.

Key Generation

The ﬁrst step in preparing for the use of public encryption is to generate a private key. Before

you begin, you must make several decisions:

Key algorithm

OpenSSL supports RSA, DSA, and ECDSA keys, but not all types are practical for use in

all scenarios. For example, for web server keys everyone uses RSA, because DSA keys are

effectively limited to 1,024 bits (Internet Explorer doesn’t support anything stronger)

and ECDSA keys are yet to be widely supported by CAs. For SSH, DSA and RSA are

widely used, whereas ECDSA might not be supported by all clients.

Key size

The default key sizes might not be secure, which is why you should always explicitly

conﬁgure key size. For example, the default for RSA keys is only 512 bits, which is simply

insecure. If you used a 512-bit key on your server today, an intruder could take your

certiﬁcate and use brute force to recover your private key, after which he or she could

impersonate your web site. Today, 2,048-bit RSA keys are considered secure, and that’s

what you should use. Aim also to use 2,048 bits for DSA keys and at least 256 bits for

ECDSA.

Passphrase

Using a passphrase with a key is optional, but strongly recommended. Protected keys

can be safely stored, transported, and backed up. On the other hand, such keys are

inconvenient, because they can’t be used without their passphrases. For example, you

might be asked to enter the passphrase every time you wish to restart your web server.

Key Generation 9

For most, this is either too inconvenient or has unacceptable availability implications.

In addition, using protected keys in production does not actually increase the security

much, if at all. This is because, once activated, private keys are kept unprotected in

program memory; an attacker who can get to the server can get the keys from there

with just a little more effort. Thus, passphrases should be viewed only as a mechanism

for protecting private keys when they are not installed on production systems. In other

words, it’s all right to keep passphrases on production systems, next to the keys. If you

need better security in production, you should invest in a hardware solution.

To generate an RSA key, use the genrsa command:

$ openssl genrsa -aes128 -out fd.key 2048

Generating RSA private key, 2048 bit long modulus

....+++

...................................................................................…

+++

e is 65537 (0x10001)

Enter pass phrase for fd.key: ****************

Verifying - Enter pass phrase for fd.key: ****************

Here, I speciﬁed that the key be protected with AES-128. You can also use AES-192 or AES-256

(switches -aes192 and -aes256, respectively), but it’s best to stay away from the other algo-

rithms (DES, 3DES, and SEED).

Warning

The e value that you see in the output refers to the public exponent, which is set to

65,537 by default. This is what’s known as a short public exponent, and it signiﬁcantly

improves the performance of RSA veriﬁcation. Using the -3 switch, you can choose 3

as your public exponent and make veriﬁcation even faster. However, there are some

unpleasant historical weaknesses associated with the use of 3 as a public exponent,

which is why generally everyone recommends that you stick with 65,537. The latter

choice provides a safety margin that’s been proven effective in the past.

Private keys are stored in the so-called PEM format, which is just text:

$ cat fd.key

-----BEGIN RSA PRIVATE KEY-----

A small number of organizations will have very strict security requirements that require the private keys to be protected at any cost. For them,

the solution is to invest in a Hardware Security Module (HSM), which is a type of product speciﬁcally designed to make key extraction impossi-

ble, even with physical access to the server. To make this work, HSMs not only generate and store keys, but also perform all necessary operations

(e.g., signature generation). HSMs are typically very expensive.

剩余100页未读，继续阅读

chen1527027

粉丝: 1
资源: 60

OpenSSL实战指南：互联网安全的基石

openssl-cookbook-chinese-edition:openssl-cookbook 中文版

OPENSSL COOKBOOK

openssl-cookbook.pdf

openssl 图形化

jsencrypt linux 下载

openssl openssl-devel

compat-openssl和openssl

centos离线安装openssl openssl-devel

编译安装完OpenSSL3.1.0后OpenSSL版本显示为openssl1.1.1

openssl 自带openssl devel吗？

openssl ca 与 openssl x509

openssl和openssl-devel的区别

php openssl openssl.cafile

升级openssl到openssl 1.0.2i

openssl1.0和openssl3.0区别

linux使用yum install -y openssl openssl-devel安装了openssl，使用openssl version显示未找到命令

centos7 升级openssl

OpenSSL 1.1.1与OpenSSL 1.1.1u的区别

介绍openssl3.0的legacy版本，nodejs和openSSL的关系

最新资源