Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Demystifying Cryptography with OpenSSL 3.0
  • Table Of Contents Toc
Demystifying Cryptography with OpenSSL 3.0

Demystifying Cryptography with OpenSSL 3.0

By : Alexei Khlebnikov
4.8 (4)
Buy this Book
close
close
Demystifying Cryptography with OpenSSL 3.0

Demystifying Cryptography with OpenSSL 3.0

4.8 (4)
By: Alexei Khlebnikov
Buy this Book

Overview of this book

Security and networking are essential features of software today. The modern internet is full of worms, Trojan horses, men-in-the-middle, and other threats. This is why maintaining security is more important than ever. OpenSSL is one of the most widely used and essential open source projects on the internet for this purpose. If you are a software developer, system administrator, network security engineer, or DevOps specialist, you’ve probably stumbled upon this toolset in the past – but how do you make the most out of it? With the help of this book, you will learn the most important features of OpenSSL, and gain insight into its full potential. This book contains step-by-step explanations of essential cryptography and network security concepts, as well as practical examples illustrating the usage of those concepts. You’ll start by learning the basics, such as how to perform symmetric encryption and calculate message digests. Next, you will discover more about cryptography: MAC and HMAC, public and private keys, and digital signatures. As you progress, you will explore best practices for using X.509 certificates, public key infrastructure, and TLS connections. By the end of this book, you’ll be able to use the most popular features of OpenSSL, allowing you to implement cryptography and TLS in your applications and network infrastructure.
Table of Contents (20 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Download the example code files
Icon
Download the color images
Icon
Conventions used
Icon
Get in touch
Icon
Share Your Thoughts
1
Part 1: Introduction
Icon
Part 1: Introduction
Lock Free Chapter
2
Chapter 1: OpenSSL and Other SSL/TLS Libraries
Icon
Chapter 1: OpenSSL and Other SSL/TLS Libraries
Icon
What is OpenSSL?
Icon
The history of OpenSSL
Icon
What’s new in OpenSSL 3.0?
Icon
Comparing OpenSSL with GnuTLS
Icon
Comparing OpenSSL with NSS
Icon
Comparing OpenSSL with Botan
Icon
Comparing OpenSSL with lightweight TLS libraries
Icon
Comparing OpenSSL with LibreSSL
Icon
Comparing OpenSSL with BoringSSL
Icon
Summary
3
Part 2: Symmetric Cryptography
Icon
Part 2: Symmetric Cryptography
4
Chapter 2: Symmetric Encryption and Decryption
Icon
Chapter 2: Symmetric Encryption and Decryption
Icon
Technical requirements
Icon
Understanding symmetric encryption
Icon
An overview of the symmetric ciphers supported by OpenSSL
Icon
Block cipher modes of operation
Icon
Padding for block ciphers
Icon
How to generate a symmetric encryption key
Icon
Downloading and installing OpenSSL
Icon
How to encrypt and decrypt with AES on the command line
Icon
Initializing and uninitializing OpenSSL library
Icon
How to compile and link with OpenSSL
Icon
How to encrypt with AES programmatically
Icon
How to decrypt with AES programmatically
Icon
Summary
5
Chapter 3: Message Digests
Icon
Chapter 3: Message Digests
Icon
Technical requirements
Icon
What are message digests and cryptographic hash functions?
Icon
Why are message digests needed?
Icon
Assessing the security of cryptographic hash functions
Icon
Overview of the cryptographic hash functions supported by OpenSSL
Icon
How to calculate a message digest on the command line
Icon
How to calculate the message digest programmatically
Icon
Summary
6
Chapter 4: MAC and HMAC
Icon
Chapter 4: MAC and HMAC
Icon
Technical requirements
Icon
What is a MAC?
Icon
Understanding MAC function security
Icon
HMAC – a hash-based MAC
Icon
MAC, encryption, and the Cryptographic Doom Principle
Icon
How to calculate HMAC on the command line
Icon
How to calculate HMAC programmatically
Icon
Summary
7
Chapter 5: Derivation of an Encryption Key from a Password
Icon
Chapter 5: Derivation of an Encryption Key from a Password
Icon
Technical requirements
Icon
Understanding the differences between a password and an encryption key
Icon
What is a key derivation function?
Icon
Overview of key derivation functions supported by OpenSSL
Icon
Deriving a key from a password on the command line
Icon
Deriving a key from a password programmatically
Icon
Summary
8
Part 3: Asymmetric Cryptography and Certificates
Icon
Part 3: Asymmetric Cryptography and Certificates
9
Chapter 6: Asymmetric Encryption and Decryption
chevron up
Icon
Chapter 6: Asymmetric Encryption and Decryption
Icon
Technical requirements
Icon
Understanding asymmetric encryption
Icon
Understanding a Man in the Middle attack
Icon
What kind of asymmetric encryption is available in OpenSSL?
Icon
Understanding a session key
Icon
Understanding RSA security
Icon
How to generate an RSA keypair
Icon
How to encrypt and decrypt with RSA on the command line
Icon
How to encrypt with RSA programmatically
Icon
Understanding the OpenSSL error queue
Icon
How to decrypt with RSA programmatically
Icon
Summary
10
Chapter 7: Digital Signatures and Their Verification
Icon
Chapter 7: Digital Signatures and Their Verification
Icon
Technical requirements
Icon
Understanding digital signatures
Icon
Overview of digital signature algorithms supported by OpenSSL
Icon
How to generate an elliptic curve keypair
Icon
How to sign and verify a signature on the command line
Icon
How to sign programmatically
Icon
How to verify a signature programmatically
Icon
Summary
11
Chapter 8: X.509 Certificates and PKI
Icon
Chapter 8: X.509 Certificates and PKI
Icon
Technical requirements
Icon
What is an X.509 certificate?
Icon
Understanding certificate signing chains
Icon
How are X.509 certificates issued?
Icon
What are X509v3 extensions?
Icon
Understanding X.509 Public Key Infrastructure
Icon
How to generate a self-signed certificate
Icon
How to generate a non-self-signed certificate
Icon
How to verify a certificate on the command line
Icon
How to verify a certificate programmatically
Icon
Summary
12
Part 4: TLS Connections and Secure Communication
Icon
Part 4: TLS Connections and Secure Communication
13
Chapter 9: Establishing TLS Connections and Sending Data over Them
Icon
Chapter 9: Establishing TLS Connections and Sending Data over Them
Icon
Technical requirements
Icon
Understanding the TLS protocol
Icon
The history of the TLS protocol
Icon
Establishing a TLS client connection on the command line
Icon
Preparing certificates for a TLS server connection
Icon
Accepting a TLS server connection on the command line
Icon
Understanding OpenSSL BIOs
Icon
Establishing a TLS client connection programmatically
Icon
Accepting a TLS server connection programmatically
Icon
Summary
14
Chapter 10: Using X.509 Certificates in TLS
Icon
Chapter 10: Using X.509 Certificates in TLS
Icon
Technical requirements
Icon
Custom verification of peer certificates in C programs
Icon
Using Certificate Revocation Lists in C programs
Icon
Using the Online Certificate Status Protocol
Icon
Using TLS client certificates
Icon
Summary
15
Chapter 11: Special Usages of TLS
Icon
Chapter 11: Special Usages of TLS
Icon
Technical requirements
Icon
Understanding TLS certificate pinning
Icon
Using TLS certificate pinning
Icon
Understanding blocking and non-blocking sockets
Icon
Using TLS on non-blocking sockets
Icon
Understanding TLS on non-standard sockets
Icon
Using TLS on non-standard sockets
Icon
Summary
16
Part 5: Running a Mini-CA
Icon
Part 5: Running a Mini-CA
17
Chapter 12: Running a Mini-CA
Icon
Chapter 12: Running a Mini-CA
Icon
Technical requirements
Icon
Understanding the openssl ca subcommand
Icon
Generating a root CA certificate
Icon
Generating an intermediate CA certificate
Icon
Generating a certificate for a web server
Icon
Generating a certificate for a web and email client
Icon
Revoking certificates and generating CRLs
Icon
Providing certificate revocation status via OCSP
Icon
Summary
18
Index
Icon
Index
Icon
Why subscribe?
19
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Packt is searching for authors like you

How to generate an RSA keypair

The openssl tool provides two subcommands for generating RSA keypairs – genrsa and genpkey. The former can generate only an RSA keypair, while the latter is a more generic subcommand that can generate any type of keypair supported by OpenSSL. genrsa is declared deprecated since OpenSSL 3.0, thus we will use genpkey.

Documentation for the openssl genpkey subcommand can be found on the openssl-genpkey man page:

man openssl-genpkey

Why such a name, genpkey? OpenSSL has a concept of a Public or Private Key (PKEY). Here, it is important to clear up one confusion. Throughout the OpenSSL documentation, you will find mentions about public and private keys. Very often when mentioning a private key, the documentation really means a keypair. It applies to both command-line tools documentation and OpenSSL API documentation. For example, the description part of the openssl-genpkey man page says, The genpkey command generates a private key. If only...

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Demystifying Cryptography with OpenSSL 3.0
End of Section 9
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options
font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon